vSphere Kubernetes Cluster Master KB for Kubectl Commands after Kubectl vSphere Login Returns Error - "You must be logged in to the server"
search cancel

vSphere Kubernetes Cluster Master KB for Kubectl Commands after Kubectl vSphere Login Returns Error - "You must be logged in to the server"

book

Article ID: 385872

calendar_today

Updated On:

Products

vSphere with Tanzu VMware vSphere with Tanzu

Issue/Introduction

After performing a successful login to a vSphere Kubernetes cluster using kubectl vsphere login, any kubectl commands return the following error:

error: You must be logged in to the server

 

This KB is intended as a master KB for redirection to more specific KBs depending on further investigation into the above error.

Please see the corresponding KB under Resolution which matches your scenario for more information.

Environment

vSphere 7.0 with Tanzu

vSphere 8.0 with Tanzu

This issue can occur regardless of whether or not this cluster is managed by TMC.

Cause

For the related noted KBs, the cause has been traced down to varying certificate issues in the environment.

Please see the corresponding KB under Resolution which matches your scenario for more information.

Resolution

Troubleshooting Tip:

An increased verbosity flag can be added to the kubectl vsphere login and subsequent kubectl commands for more information. For example:

  • kubectl get nodes -v 10

 

You must be logged in to the server (the server has asked for the client to provide credentials)

If vCenter certificates were recently renewed and increased verbosity of kubectl commands returns the above error, you may be running into the below issue:

https://knowledge.broadcom.com/external/article?articleNumber=370252

 

Invalid Token: failed to validate JWT

If vCenter certificates were recently renewed or the vCenter public keys recently changed, you may be running into the below issue:

https://knowledge.broadcom.com/external/article?articleNumber=372806

 

TLS Handshake Errors due to Bad Certificate

When viewing the auth-service pod logs within the affected cluster where the above error and not matching private-public keys are present, you may be running into the below issue:

https://knowledge.broadcom.com/external/article/327454/after-successful-login-to-supervisor-clu.html

 

x509 Certificate Signed by Unknown Authority

If the kubeapiserver pod logs note the above error, you may be running into the below issue:

https://broadcomcms-software.wolkenservicedesk.com/external/article?articleNumber=385874

 

Powered by Wolken Software