As a prerequisite, the administrator needs to provide users access to resources via
rolebindings. It can be done with the
tanzu rbac plug-in. See Bind a user or group to a default role.
To login to your cluster by using Pinniped, follow these steps:
As an administrator, you can generate the kubeconfig by using the following command:
pinniped get kubeconfig --kubeconfig-context <your-kubeconfig-context> > /tmp/concierge-kubeconfig ... "level"=0 "msg"="validated connection to the cluster"
kubeconfig to your users so they can login by using
As a user of the cluster, you will need the
kubeconfig provided by your administrator to login. Logging in is a part of requesting information from the cluster. You can execute any resource request with
kubectl to get into the authentication flow. For example:
kubectl --kubeconfig /tmp/concierge-kubeconfig get pods
If you do not want to explicitly use
--kubeconfig in every command, you can also export an environment variable to set the
kubeconfig path in your shell session.
export KUBECONFIG="/tmp/concierge-kubeconfig" kubectl get pods
This command enables
pinniped to print a URL for you visit in the browser. You can then log in, copy the auth code and paste it back to the terminal. After the login succeeds, you will either see the resources or get a message that you have no permission to access the resources.