This topic describes how to log in to VMware Enterprise PKS.
To manage Enterprise PKS-deployed clusters, you use the PKS Command Line Interface (PKS CLI). When you log in to Enterprise PKS successfully for the first time, the PKS CLI generates a local
creds.yml file that contains the API endpoint, refresh token, access token, and CA certificate, if applicable.
creds.yml is saved in the
~/.pks directory on your local system. You can use the
PKS_HOME environment variable to override this location and store
creds.yml in any directory on your system.
Before you can log in to Enterprise PKS, you must have the following:
Use the command in this section to log in as an individual user. The login procedure is the same for users created in UAA or users from external LDAP groups.
On the command line, run the following command in your terminal to log in to the PKS CLI:
pks login -a PKS-API -u USERNAME -p PASSWORD --ca-cert CERT-PATH
Replace the placeholder values in the command as follows:
PKS-API is the domain name for the PKS API that you entered in Ops Manager > Enterprise PKS > PKS API > API Hostname (FQDN). For example,
PASSWORD belong to the account you created in the Grant Enterprise PKS Access to an Individual User section of Managing Enterprise PKS Admin Users with UAA. If you do not use
-p to provide a password, the PKS CLI prompts for the password interactively. Pivotal recommends running the login command without the
-p flag for added security.
CERT-PATH is the path to your root CA certificate. Provide the certificate to validate the PKS API certificate with SSL.
$ pks login -a api.pks.example.com -u alana
If you are logging in to a trusted environment, you can use
-k to skip SSL verification instead of
$ pks login -a api.pks.example.com -u alana -k
To log in to the PKS CLI as an automated client for a script or service, run the following command:
pks login -a PKS-API --client-name CLIENT-NAME --client-secret CLIENT-SECRET --ca-cert CERTIFICATE-PATH
PKS-APIis the domain name for the PKS API that you entered in Ops Manager > Enterprise PKS > PKS API > API Hostname (FQDN). For example,
CLIENT-NAMEis your OAuth client ID.
CLIENT-SECRETis your OAuth client secret.
CERTIFICATE-PATH is the path to your root CA certificate. Provide the certificate to validate the PKS API certificate with SSL.
$ pks login -a api.pks.example.com
This procedure stores a PKS API access token as an environment variable that you can use when executing PKS API calls on the command line.
To export your access token into an environment variable, run the following command:
pks login -a PKS-API -u USER-ID -p 'PASSWORD' -k; \ export YOUR-ACCESS-TOKEN=$(bosh int ~/.pks/creds.yml --path /access_token)
PKS-API is the FQDN of your PKS API endpoint. For example,
USER-ID is your Enterprise PKS user ID. *
PASSWORD is your Enterprise PKS password. *
YOUR-ACCESS-TOKEN is the name of your access token environment variable.
$ pks login -a pks.my.lab -u alana -p 'psswrdabc123...!' -k;
export my_token=$(bosh int ~/.pks/creds.yml --path /access_token)