WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple
You are here: Home / Automation / Automating kubectl-vsphere login for vSphere with Tanzu

Automating kubectl-vsphere login for vSphere with Tanzu

11.12.2020 by William Lam // 5 Comments

Before you can start deploying workloads to your vSphere with Tanzu Cluster, you need to first download the vSphere Plugin for Kubectl and then use that to login to your Supervisor Cluster which will generate a Kubernetes (K8s) context file that is stored in .kube/config

Here is an example of using the vSphere Plugin for Kubectl:

./kubectl-vsphere login --server=10.10.0.64 -u *protected email* --insecure-skip-tls-verify


For interactive sessions this is fine and upon successfully entering your password when prompted, you can switch to the correct K8s context to begin your workload deployment. For folks interested in automation, the one downside today is that the plugin does not provide a way to specify your password using either a command-line argument or reading from a configuration file.

I have actually seen this topic come up a few times both internally and externally for those wanting to automate the end to end deployment of a Tanzu Kubernetes Grid (TKG) Cluster and have gotten stuck on trying to figure a way around having to perform this required manual step.

One of my favorite tools for these types of automation challenges when I was a System Administrator was the use of the expect utility. I have used this to automate a number of tools that require username/password interactions including standard SSH without having to rely on custom SSH tools which may or may not always be available.

Long story short, here is a quick shell script I created called automate-kubectl-vsphere-login.sh (you will need to update it to reflect your configuration) and will allow you to automate kubectl-vsphere login as shown in the screenshot below.

More from my site

  • Quickly deploying vSphere IaaS (formerly vSphere with Tanzu) Control Plane Services via YAMLs
  • Identifying vSphere with Tanzu Managed VMs
  • NVIDIA GPU with Dynamic DirectPath IO (Passthrough) to Tanzu Kubernetes Grid (TKG) Cluster using vSphere with Tanzu
  • How to download offline copy of the Tanzu Kubernetes releases (TKr) Content Library?
  • Building custom Tanzu Kubernetes Releases (TKR) for vSphere with Tanzu

Categories // Automation, Kubernetes, VMware Tanzu Tags // expect, kubectl, vSphere Kubernetes Service

Comments

  1. *protectedPaul says

    11/12/2020 at 7:04 am

    Great! Thanks a lot, and may in the future we will have an Password Option to send directly...

    Reply
    • William Lam says

      11/12/2020 at 7:50 am

      Thanks for the feedback Paul and yes, I've already submitted an internal feature enhancement for this idea 🙂

      Reply
  2. *protectedGreg says

    04/19/2021 at 8:03 am

    I have been using a very similar script to do the same thing. The only difference is that I'm using a base64-encoded password and decoding it in the script. However, I've noticed that once in a while (maybe 1 out of 50 logins), the password gets displayed during the script execution. I'm not sure if it's a timing issue or what. But since I occasionally share my screen, this is a big issue and I've since had to stop using the script. Have you had this happen?

    Reply
    • William Lam says

      04/19/2021 at 8:30 am

      Greg,

      I've not come across this before, I would also be concern. Have you attempted to see if you can figure out any common patterns in which this happens? I'd probably start there and see if you can isolate when this happens, is it a specific deployment (repeat or net new)

      Reply
      • *protectedGreg says

        04/19/2021 at 8:45 am

        Honestly, I have not looked into it much at all since the risk of it happening outweighed the few seconds it was saving. And since I assumed (hoped?) a non-interactive method would be added soon, it didn't seem worthwhile to research. Anyway, I stumbled on your page somewhat randomly and just thought I'd see if you experienced the same thing 🙂

        Reply

Thanks for the comment!Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Token  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025
  • vCenter Identity Federation with Authelia 04/16/2025
  • vCenter Server Identity Federation with Kanidm 04/10/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025

 

Loading Comments...