This topic tells you how to log in to your Tanzu Application Platform (commonly known as TAP) by using Pinniped.
As a prerequisite, the administrator must provide authorization for users to resources by using rolebindings
. For more information, see Bind a user or group to a default role.
To log in to your cluster by using Pinniped, follow these steps:
Install the Pinniped CLI.
For more information, see Pinniped documentation.
ImportantThe latest compatible version of Pinniped CLI is required not only for the administrator to generate the
kubeconfig
, but also for the user to log in with the provided configuration.
kubeconfig
to users.kubeconfig
.You must use a Pinniped CLI version that matches the installed Concierge or Supervisor. Use one of the following links to download the Pinniped CLI version 0.22.0
:
You must install the command-line tool on your $PATH
, such as /usr/local/bin
on macOS or Linux. You must also mark the file as executable.
As an administrator, you can generate the kubeconfig by using the following command:
pinniped get kubeconfig --kubeconfig-context <your-kubeconfig-context> > /tmp/concierge-kubeconfig
Distribute this kubeconfig
to your users so they can login by using pinniped
.
As a user of the cluster, you need the kubeconfig
provided by your admin and the Pinniped CLI installed on your local machine to log in. Logging in is required to request information from the cluster. You can execute any resource request with kubectl to enter the authentication flow. For example:
kubectl --kubeconfig /tmp/concierge-kubeconfig get pods
If you do not want to explicitly use --kubeconfig
in every command, you can also export an environment variable to set the kubeconfig
path in your shell session.
export KUBECONFIG="/tmp/concierge-kubeconfig"
kubectl get pods
This command enables pinniped
to print a URL for you to visit in the browser. You can then log in, copy the authentication code and paste it back to the terminal. After the login succeeds, you either see the resources or a message indicating that you have no permission to access the resources.
If you use a Windows machine, the command referenced in the generated kubeconfig
might not work. In this case, you must change the path under user.exec.command
in the kubeconfig
to point to the install path of the Pinniped CLI.