This page details how to authenticate with your configured identity provider and get a kubeconfig file for your user identity and cluster.
Before you begin
The gdcloud init
command must be run before the gdcloud auth login
command.
Sign in with configured identity provider
Sign in with the configured identity provider:
gdcloud auth login
Follow the instructions to authenticate with your identity provider.
Consider the following when using the gdcloud auth login
command:
- It authenticates with the current organization. Run
the
gdcloud auth login
command after switching organizations. - It requires that the certificate authority (CA)
certificate for the login config is installed in the system's trusted
certificates store. If the CA certificate is not installed, use
the
--login-config-cert
flag to specify the path to find the CA certificate. - It requires a browser to exist on the device. Use the
--no-browser
flag to log in with a second device.
Get a kubeconfig file
After authenticating with the identity provider, get a kubeconfig
file with
your user identity:
gdcloud clusters get-credentials CLUSTER_NAME
This creates or updates the kubeconfig file in the default path
${HOME}/.kube/config
with the authenticated user and cluster.
Consider the following when generating or updating your kubeconfig file:
- Specify the desired path in the
KUBECONFIG
environment path to save it to a different path. - The kubeconfig is a long-lived file, however the token authenticating the
user is short-lived. If a kubeconfig file stops working, run the
gdcloud auth login
command to authenticate again.