Cannot connect to cluster with kubectl using kubeconfig yaml pulled from TMC SM UI
search cancel

Cannot connect to cluster with kubectl using kubeconfig yaml pulled from TMC SM UI

book

Article ID: 398646

calendar_today

Updated On: 06-05-2025

Products

VMware Tanzu Mission Control - SM

Issue/Introduction

When using the kubeconfig credentials generated via the Tanzu Mission Control Self-Managed UI to access a cluster,

Kubectl commands responds with:

Unable to connect to the server: getting credentials: decoding stdout: yaml: line 3: mapping values are not allowed in this context


Symptoms:

  • Below example commands yield the above error

    tmc cluster validate -k <path_to_KUBECONFIG>

kubectl --kubeconfig=<path_to_KUBECONFIG> get namespaces

     

  • The cluster appears all green as below in the TMS SM UI


  • Your ~/.kube/config shows the certificate-authority-data entry with a valid and in date certificate as per seen in the pulled kube config from TMS SM UI and you can login using this kube config.
    Note - you can pull a kube config for a specific cluster as per below
    tanzu cluster kubeconfig get <cluster_name> --admin
  • Kubeconfig yaml from TMC SM UI looks similar to below:
    apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJT...
    server: https://###.###.#.###:6443
  name: <cluster_name>
contexts:
- context:
    cluster: <cluster_name>
    namespace: default
    user: <cluster_name>
  name: <cluster_name>
current-context: <cluster_name>
kind: Config
preferences: {}
users:
- name: <cluster_name>
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - tmc
      - cluster
      - generate-token
      command: tanzu
      env:
      - name: CLUSTER_UID
        value: c:##########################
      - name: CLUSTER_RID_V2
        value: rid:c:########-####-####-####-#############:attached:attached:<cluster_name>
      - name: CLUSTER_ENDPOINT
        value: https://###.###.#.###:6443
      - name: CLUSTER_CA_BUNDLE
        value: LS0tLS1CRUdJT...
      provideClusterInfo: false


  • You do not have a proxy in front of you managment cluster.
  • You may have had a problem registering your management cluster (supervisor in VKS) with error 'Failed to create management cluster (resource already exists).

Environment

TMC SM 1.4

Resolution

The TMC SM kubeconfig runs below args (command) via the yaml.
-- command - 'tanzu tmc cluster generate-token'

...
users:
- name: <user_name>
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - tmc
      - cluster
      - generate-token
      command: tanzu
...

 

Solution:

  1. Install the Tanzu Mission Control plugins.
    (For more information, see Install Tanzu CLI Plugins.)

    tanzu plugin install --group vmware-tmc/default

  2. Create a context and log in.
    (For more information, see the command reference for context.)

    tanzu mission-control context create CONTEXT_NAME [flags]

    -- use the flag -i - also --idp-type string    =    identity provider; it can be csp (default if omitted), pinniped, or vcd

Powered by Wolken Software