Configuring Jenkins Pipelines to use the Tanzu VM Service

So you have been evaluating the new Tanzu for vSphere VM Service for some time and you want to start to integrate it into your CI/CD Pipelines? Well you have come to the right place.

In this guide I will show you how to configure Jenkins to use the VM Service in your Pipelines. This way you can use both traditional VM’s along side containers using Jenkins Pipelines.

Updated 7/12/21 with help from @fannystrudel to add credentials store and parameterize it as well as add the API Server Certificate! So much cleaner and secure now! Huge thank you to Fanny! 



  • vSphere 7.0.2 with Workload Management Deployed see guides here
  • A namespace deployed and the VM Service Configured see guide here
  • A working template configured and tested that it deploys see guide here
  • Jenkins Jenkins 2.289.2 or higher deployed, i used the container here
  • Connectivity from Jenkins to your Supervisor Cluster API IP address
  • A Jenkins Service account created, I used jenkins@vsphere.local but you could also use and SSO user.
  • A quite place where you will not be interrupted see my guide here

Login to vCenter and go to Workloads then click your Namespace that is configured for the VM Service

Under Permissions Click on Manage Permissions

Now click add user

Add the Jenkins user you created for your service account

Now go back to Summary and Under Link to CLI tools Click Open


Download the CLI tools locally and unzip them

  1. Change Operating system to Linux
  2. Download the CLI tools locally and unzip them


Copy the two files to the /usr/local/bin directory on the Jenkins Server, if you are using the docker container version of Jenkins use the following commands

docker cp /usr/local/bin/kubectl ContainerID:/usr/local/bin/kubectl
docker cp /usr/local/bin/kubectl-vsphere ContainerID:/usr/local/bin/kubectl-vsphere

Now grab the SSL certificate from the API server, this is the same IP address you just downloaded the CLI tool from.

echo quit | openssl s_client -showcerts -servername -connect > cacert.pem

Now copy that cert to the Jenkins servers /etc/ssl/certs directory if using the container you can do the following:

docker cp /home/cacert.pem ContainerID:/home/cacert.pem

Now let’s start configuring Jenkins. First we will create a new credential and store the username and password there, this way it is not in clear text and you can change it once here instead of all your pipelines.

Login to Jenkins and click Manage Jenkins and then Manage Credentials

Now click Jenkins

Now click Global Credentials

Now click add credentials

Now add the Jenkins user as shown

  1. The user name: jenkins@vsphere.local
  2. The password
  3. enter and ID: I used tanzu_ci_user
  4. Enter a description
  5. Click OK

Click Dashboard to go back to the main menu

Now let’s create a new pipeline using our stored credentials

Click New Item



Configure the New Item

  1. Name the Item VMServiceTest
  2. Select Pipeline
  3. Click OK

Create a Parameter for your Tanzu API server address

  1. Click the check box This project is parameterized
  2. Enter a name
  3. Enter the Tanzu API server FQDN or IP address
  4. Enter a description

Scroll down to Pipeline Script and enter the following and click save (Note: I provided an example yaml file here on Github. You will need to create your own and point to it. 

node {
    stage('Build') {
      usernamePassword(credentialsId: 'tanzu_ci_user',
      usernameVariable: "KUBECTL_VSPHERE_USER", 
      passwordVariable: "KUBECTL_VSPHERE_PASSWORD")
      sh '''set +x 
          kubectl vsphere login --server= ${Tanzu_Prod_Server} --vsphere-username ${KUBECTL_VSPHERE_USER}
          kubectl config use-context tanzu
          kubectl apply -f


Click Build with parameters then click build. Notice now you could also change the Tanzu API server to Dev if you have one.


Click status and you should see the build is successful


Now go back to vCenter and watch the magic begin


Enjoy and leave comments below, in my next guide we will take this a step further and run some commands in the VM to deploy some code.

Not working?

If by chance the build failed click on Last Failed Build

Then click on Console Output


Then review the log to see what went wrong


Remember sharing is caring!

One Reply to “Configuring Jenkins Pipelines to use the Tanzu VM Service”

  1. Wow, fantastic!!! It’s awesome. This is what I want exactly.
    If I deploy pod using jenkins in tkg guest cluster, is there other better way than this post?
    In some case, I used token of kubeconfig with integrated kubernetes plugin, but this token expired when reach out to 10 hours.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.