cat /root/.kube/config > default_kubeconfig
To resolve this issue the vSphere with Tanzu Kubernetes tokens needs to be recreated.
1. Log in the vSphere with Tanzu Guest Kubernetes cluster
kubectl vsphere login --server <supervisor-cluster_ip> -u <user> --tanzu-kubernetes-cluster-name <tk-cluster-name> --tanzu-kubernetes-cluster-namespace <namespace>
The <supervisor-cluster_ip> parameter is the Control Plane Node Address which can be found in the vSphere Client by selecting Workload Management > Supervisor Clusters.The parameter <tk-cluster-name> is the name of the Tanzu Kubernetes cluster and the <namespace> parameter is the vSphere namespace where this cluster resides.
Example command with parameter values:
kubectl vsphere login --server #.#.#.# -u [email protected] --tanzu-kubernetes-cluster-name napp-tkg-cluster --tanzu-kubernetes-cluster-namespace napp
2. Generate an administrator service account and create a cluster role binding:
kubectl create serviceaccount napp-admin -n kube-system kubectl create clusterrolebinding napp-admin --serviceaccount=kube-system:napp-admin --clusterrole=cluster-admin
3. Obtain the authentication token for the administrator service account and the cluster certificate authority.
SECRET=$(kubectl get serviceaccount napp-admin -n kube-system -ojsonpath='{.secrets[].name}') TOKEN=$(kubectl get secret $SECRET -n kube-system -ojsonpath='{.data.token}' | base64 -d) kubectl get secrets $SECRET -n kube-system -o jsonpath='{.data.ca\.crt}' | base64 -d > ./ca.crt
4. Get the Tanzu Kubernetes Cluster URL.
CONTEXT=$(kubectl config view -o jsonpath='{.current-context}') CLUSTER=$(kubectl config view -o jsonpath='{.contexts[?(@.name == "'"$CONTEXT"'")].context.cluster}') URL=$(kubectl config view -o jsonpath='{.clusters[?(@.name == "'"$CLUSTER"'")].cluster.server}')
5. Retrieve the context name, cluster name and username from the existing NSX Application Platform deployment from the NSX API.
You can use the curl command or a RESTAPI client such as Postman to access the NSX API.Use the following API call:
GET https://<manager-ip>/policy/api/v1/infra/sites/default/napp/deployment/kubeconfig
Example of API call using curl:
curl --insecure --user <admin-user> https://<manager-ip>/policy/api/v1/infra/sites/default/napp/deployment/kubeconfig Sample output: { "bundle_id": "1638527923839", "name": "default_kubeconfig", "user": "wcp:#.#.#.#:[email protected]", "current_context": "napp-tkg-cluster", "cluster": "#.#.#.#", "expiry": 1638563458000, "connection_status": true, "resource_type": "KubeconfigInfo", "id": "kubeconfig", "display_name": "kubeconfig", "path": "/infra/sites/default/cloud-native/deployment/kubeconfig/", "relative_path": "kubeconfig", "parent_path": "/infra/sites/default", "unique_id": "6210d4b1-6517-400d-####-###########", "realization_id": "6210d4b1-6517-400d-####-###########", "marked_for_delete": false, "overridden": false, "_create_time": 1638527923967, "_create_user": "admin", "_last_modified_time": 1638527923967, "_last_modified_user": "admin", "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 }
6. Generate a configuration file for the Tanzu Kubernetes Cluster with a non-expiring token.
TO_BE_CREATED_KUBECONFIG_FILE="<file-name>" CLUSTER_NAME="<cluster-API-output>" USER_NAME="<user-API-output>" CONTEXT_NAME="<current_context-API-output>"
kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-cluster $CLUSTER_NAME --server=$URL --certificate-authority=./ca.crt --embed-certs=true kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-credentials $USER_NAME --token=$TOKEN kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-context $CONTEXT_NAME --cluster=$CLUSTER_NAME --user=$USER_NAME kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE use-context $CONTEXT_NAME
7. (Optional) The ca.crt is a temporary file created during the generation of the kubeconfig file. You can safely delete this file from your environment if you wish to do so.
8. Upload the newly generated configuration file with a non-expiring token to the NSX Application Platform.
a. On the NSX UI Home page, navigate to System > NSX Application Platform.
b. From the Actions drop-down menu, select Settings.
c. In the Configuration section, click the EDIT link.
d. In the Upload File field, click SELECT, select the newly generated config file with a non-expiry token, click Open, and click Upload.
e. Ensure that the file is successfully uploaded and click NEXT.
f. Click the RUN PRECHECKS button, to ensure the environment still satisfies all the NSX Application Platform deployment requirements.
g. Click NEXT to continue.
h. Click CLOSE.
However, you will need to generate a valid (not expired token) every time you want to: