Before you can start deploying workloads to your vSphere with Tanzu Cluster, you need to first download the vSphere Plugin for Kubectl and then use that to login to your Supervisor Cluster which will generate a Kubernetes (K8s) context file that is stored in .kube/config
Here is an example of using the vSphere Plugin for Kubectl:
./kubectl-vsphere login --server=10.10.0.64 -u *protected email* --insecure-skip-tls-verify
For interactive sessions this is fine and upon successfully entering your password when prompted, you can switch to the correct K8s context to begin your workload deployment. For folks interested in automation, the one downside today is that the plugin does not provide a way to specify your password using either a command-line argument or reading from a configuration file.
I have actually seen this topic come up a few times both internally and externally for those wanting to automate the end to end deployment of a Tanzu Kubernetes Grid (TKG) Cluster and have gotten stuck on trying to figure a way around having to perform this required manual step.
One of my favorite tools for these types of automation challenges when I was a System Administrator was the use of the expect utility. I have used this to automate a number of tools that require username/password interactions including standard SSH without having to rely on custom SSH tools which may or may not always be available.
Long story short, here is a quick shell script I created called automate-kubectl-vsphere-login.sh (you will need to update it to reflect your configuration) and will allow you to automate kubectl-vsphere login as shown in the screenshot below.
Paul says
Great! Thanks a lot, and may in the future we will have an Password Option to send directly...
William Lam says
Thanks for the feedback Paul and yes, I've already submitted an internal feature enhancement for this idea 🙂
Greg says
I have been using a very similar script to do the same thing. The only difference is that I'm using a base64-encoded password and decoding it in the script. However, I've noticed that once in a while (maybe 1 out of 50 logins), the password gets displayed during the script execution. I'm not sure if it's a timing issue or what. But since I occasionally share my screen, this is a big issue and I've since had to stop using the script. Have you had this happen?
William Lam says
Greg,
I've not come across this before, I would also be concern. Have you attempted to see if you can figure out any common patterns in which this happens? I'd probably start there and see if you can isolate when this happens, is it a specific deployment (repeat or net new)
Greg says
Honestly, I have not looked into it much at all since the risk of it happening outweighed the few seconds it was saving. And since I assumed (hoped?) a non-interactive method would be added soon, it didn't seem worthwhile to research. Anyway, I stumbled on your page somewhat randomly and just thought I'd see if you experienced the same thing 🙂