Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
On vSphere with Tanzu, when attempting to login from a Windows jumpbox via kubectl-vsphere login command with an AD user ID, users may observe the following symptoms: - Using Windows cmd or powershell, the kubectl-vsphere login command with AD user ID the following error is presented: # C:\Users\<USERNAME>\Documents\tanzu\bin> kubectl-vsphere login --vsphere-username <USERNAME@DOMAIN.COM> --server=<WCP_SV_VIP> --insecure-skip-tls-verify --tanzu-kubernetes-cluster-namespace=<GUESTCLUSTER_NAMESPACE> --tanzu-kubernetes-cluster-name=<GUESTCLUSTER_NAME> -v=10 time="2022-03-29T14:56:38+05:30" level=debug msg="User passed verbosity level: 10"time="2022-03-29T14:56:38+05:30" level=debug msg="Setting verbosity level: 10"time="2022-03-29T14:56:38+05:30" level=debug msg="Setting request timeout: "time="2022-03-29T14:56:38+05:30" level=debug msg="login called as: kubectl-vsphere login --vsphere-username <USERNAME@DOMAIN.COM> --server=<WCP_SV_VIP> --insecure-skip-tls-verify --tanzu-kubernetes-cluster-namespace=<GUESTCLUSTER_NAMESPACE> --tanzu-kubernetes-cluster-name=<GUESTCLUSTER_NAME> -v=10"time="2022-03-29T14:56:38+05:30" level=debug msg="Creating wcp.Client for <WCP_SV_VIP>"time="2022-03-29T14:56:39+05:30" level=info msg="Does not appear to be a vCenter or ESXi address."time="2022-03-29T14:56:39+05:30" level=debug msg="Got response: "time="2022-03-29T14:56:39+05:30" level=info msg="Using <USERNAME@DOMAIN.COM> as username."time="2022-03-29T14:56:39+05:30" level=debug msg="Env variable KUBECTL_VSPHERE_PASSWORD is present \n"KUBECTL_VSPHERE_PASSWORD environment variable is not set. Please enter the password belowPassword:time="2022-03-29T14:56:45+05:30" level=debug msg="Got response: [{\"namespace\": \"<GUESTCLUSTER_NAMESPACE>\", \"master_host\": \"<WCP_SV_VIP>\", \"control_plane_api_server_port\": 6443, \"control_plane_DNS_names\": []}]"time="2022-03-29T14:56:46+05:30" level=debug msg="Got response: {\"session_id\": \"abFjcW................. ----------------------> TRUNCATEDTLMr\"}"time="2022-03-29T14:56:46+05:30" level=debug msg="Found kubectl in $PATH"time="2022-03-29T14:56:46+05:30" level=info msg="kubectl version:"time="2022-03-29T14:56:46+05:30" level=info msg="Client Version: version.Info{Major:\"1\", Minor:\"21\", GitVersion:\"v1.21.0+vmware.wcp.2\", GitCommit:\"d5bb17833505d15ce5f40815bb14fede978fe8c1\", GitTreeState:\"clean\", BuildDate:\"2021-12-14T16:55:29Z\", GoVersion:\"go1.16.1\", Compiler:\"gc\", Platform:\"windows/amd64\"}\n"time="2022-03-29T14:56:46+05:30" level=debug msg="Calling `kubectl config set-cluster <WCP_SV_VIP> --server=https://<WCP_SV_VIP>:6443 --insecure-skip-tls-verify`"time="2022-03-29T14:56:46+05:30" level=debug msg="stdout: Cluster \"<WCP_SV_VIP>\" set.\n"time="2022-03-29T14:56:46+05:30" level=debug msg="stderr: "time="2022-03-29T14:56:46+05:30" level=debug msg="Calling kubectl."time="2022-03-29T14:56:46+05:30" level=error msg="Error calling kubectl: fork/exec kubectl.exe: The filename or extension is too long."
This is a known issue that occurs only in Windows jumpboxes when logging into vSphere with Tanzu clusters using the kubectl-vsphere login command, specifically when using AD users. This issue occurs due to a limitation in the Windows token exchange that truncates the token, leading to a login failure. This may not occur on certain AD users as the user and group information is included in the token, so users with smaller group architecture in AD might not encounter failures.
VMware engineering is aware of this issue and is working to resolve it. This KB will be updated with release build versions once available.
To workaround this issue, the token can be generated from a Linux jumpbox and can subsequently be imported into the Windows .kube\config1. First log into the cluster using kubectl-vsphere login from a linux server2. Once the login has been completed, a config file will be created in the user's .kube/ directory.3. Copy the config file from the user's .kube/ folder to the Windows jumpbox in path: C:\Users\<USERNAME>\.kube\