Quick Tip: kubectl vsphere login without entering a Password

With the release of vSphere 7.0 Update 2, a new version of the vSphere authentication plugin for kubectl has been released. The new plugin, which can be downloaded from the Supervisor Control Plane after enabling Workload Management, has a neat new feature that allows you to save the password in an environment variable.

To use the feature, make sure to get the latest version of kubectl-vsphere from the Supervisor ControlPlane. Unfortunately, when downloading the plugin you don't get any version information. Also, I couldn't find any version information in Release Notes or direct downloads from the internet at all.

The feature has been introduced in kubectl-vsphere version 0.0.8 (build 17570859), which is part vSphere 7.0 Update 2. You can check the currently installed version with the following command:

# kubectl vsphere version
kubectl-vsphere: version 0.0.8, build 17570859, change 8724671

To allow the login without a password, simply create an environment variable:

# export KUBECTL_VSPHERE_PASSWORD=[PASSWORD]

And then login:

# kubectl vsphere login --server=[CONTROLPLANE-IP] -u [USER]@vsphere.local

Note: The variable is only valid for the current session. To make it persistent, you have to store the variable in your ~/.profile file.

 

You don't have vSphere 7.0 U2? No Problem! Just use this little one-liner to refresh the token using the API. This method requires an existing .kube config (Login with kubectl vsphre login once). You then have to get the username with kubectl config get-users and refresh the token using the REST API. This method requires curl and jq:

# kubectl config set-credentials wcp:10.99.100.1:k8swrite@vsphere.local --token=$(curl -XPOST -s -u k8swrite@vsphere.local:'VMware1!' https://10.99.100.1/wcp/login | jq -r .session_id)

 

1 thought on “Quick Tip: kubectl vsphere login without entering a Password”

  1. Another option to use kubectl vsphere login without entering a password is:

    expectCmd="spawn kubectl vsphere login --server=${scIp} -u ${scUser};expect \"Password: \";send \"${scPwd}\n\";expect eof"

    Cheers,
    CHrigi

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.