As a prerequisite, the administrator needs to provide users access to resources via rolebindings. It can be done with the tanzu rbac plug-in. See Bind a user or group to a default role.
To login to your cluster by using Pinniped, follow these steps:
kubeconfig to userskubeconfigAs an administrator, you can generate the kubeconfig by using the following command:
pinniped get kubeconfig --kubeconfig-context <your-kubeconfig-context> > /tmp/concierge-kubeconfig
...
"level"=0 "msg"="validated connection to the cluster"
Distribute this kubeconfig to your users so they can login by using pinniped.
As a user of the cluster, you will need the kubeconfig provided by your administrator to login. Logging in is a part of requesting information from the cluster. You can execute any resource request with kubectl to get into the authentication flow. For example:
kubectl --kubeconfig /tmp/concierge-kubeconfig get pods
If you do not want to explicitly use --kubeconfig in every command, you can also export an environment variable to set the kubeconfig path in your shell session.
export KUBECONFIG="/tmp/concierge-kubeconfig"
kubectl get pods
This command enables pinniped to print a URL for you visit in the browser. You can then log in, copy the auth code and paste it back to the terminal. After the login succeeds, you will either see the resources or get a message that you have no permission to access the resources.
