Install the authentication plugin, which is required to use a generated
kubeconfig file:
gdcloudcomponentsinstallgdcloud-k8s-auth-plugin
Sign in with configured identity provider
Sign in with the configured identity provider:
gdcloudauthlogin
Follow the instructions to authenticate with your identity provider.
Consider the following when using the gdcloud auth login command:
It authenticates with the current organization. Run
the gdcloud auth login command after switching organizations.
It requires that the certificate authority (CA)
certificate for the login config is installed in the system's trusted
certificates store. If the CA certificate is not installed, use
the --login-config-cert flag to specify the path to find the CA
certificate.
It requires a browser to exist on the device. Use the
--no-browser flag to log in with a second device.
Get a kubeconfig file
After authenticating with the identity provider, get a kubeconfig file with
your user identity:
gdcloudclustersget-credentialsCLUSTER_NAME
This creates or updates the kubeconfig file in the default path
${HOME}/.kube/config with the authenticated user and cluster.
Consider the following when generating or updating your kubeconfig file:
Specify the desired path in the KUBECONFIG environment path to save it to
a different path.
The kubeconfig is a long-lived file, however the token authenticating the
user is short-lived. If a kubeconfig file stops working, run the
gdcloud auth login command to authenticate again.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-08 UTC."],[[["\u003cp\u003e\u003ccode\u003egdcloud auth login\u003c/code\u003e authenticates your user with the configured identity provider for your current organization.\u003c/p\u003e\n"],["\u003cp\u003eAfter authentication, use \u003ccode\u003egdcloud clusters get-credentials\u003c/code\u003e to generate or update a kubeconfig file for the cluster.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003egdcloud init\u003c/code\u003e command must be executed before attempting to authenticate with \u003ccode\u003egdcloud auth login\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe kubeconfig file's token is short-lived, requiring re-authentication with \u003ccode\u003egdcloud auth login\u003c/code\u003e if it expires.\u003c/p\u003e\n"],["\u003cp\u003eThe system's trusted certificates store must contain the certificate authority (CA) for the login config, or utilize the \u003ccode\u003e--login-config-cert\u003c/code\u003e flag.\u003c/p\u003e\n"]]],[],null,["# The gdcloud CLI authentication\n\nThis page details how to authenticate with your configured identity provider and\nget a kubeconfig file for your user identity and cluster.\n\nBefore you begin\n----------------\n\nBefore you can authenticate with your identity provider and generate a\nkubeconfig file, ensure you have completed the following:\n\n- Run the `gdcloud init` command. For more information, see the\n [Initialize gdcloud CLI default configuration](/distributed-cloud/hosted/docs/latest/appliance/resources/gdcloud-install#init-default-config)\n section.\n\n- Install the authentication plugin, which is required to use a generated\n kubeconfig file:\n\n gdcloud components install gdcloud-k8s-auth-plugin\n\nSign in with configured identity provider\n-----------------------------------------\n\nSign in with the configured identity provider: \n\n gdcloud auth login\n\nFollow the instructions to authenticate with your identity provider.\n\nConsider the following when using the `gdcloud auth login` command:\n\n- It authenticates with the current organization. Run the `gdcloud auth login` command after switching organizations.\n- It requires that the certificate authority (CA) certificate for the login config is installed in the system's trusted certificates store. If the CA certificate is not installed, use the `--login-config-cert` flag to specify the path to find the CA certificate.\n- It requires a browser to exist on the device. Use the `--no-browser` flag to log in with a second device.\n\nGet a kubeconfig file\n---------------------\n\nAfter authenticating with the identity provider, get a `kubeconfig` file with\nyour user identity: \n\n gdcloud clusters get-credentials \u003cvar translate=\"no\"\u003eCLUSTER_NAME\u003c/var\u003e\n\nThis creates or updates the kubeconfig file in the default path\n`${HOME}/.kube/config` with the authenticated user and cluster.\n\nConsider the following when generating or updating your kubeconfig file:\n\n- Specify the desired path in the `KUBECONFIG` environment path to save it to a different path.\n- The kubeconfig is a long-lived file, however the token authenticating the user is short-lived. If a kubeconfig file stops working, run the `gdcloud auth login` command to authenticate again."]]
