This page details how to authenticate with your configured identity provider and get a kubeconfig file for your user identity and cluster.
Before you begin
The gdcloud init command must be run before the gdcloud auth login command.
Sign in with configured identity provider
Sign in with the configured identity provider:
gdcloud auth login
Follow the instructions to authenticate with your identity provider.
Consider the following when using the gdcloud auth login command:
- It authenticates with the current organization. Run
the
gdcloud auth logincommand after switching organizations. - It requires that the certificate authority (CA)
certificate for the login config is installed in the system's trusted
certificates store. If the CA certificate is not installed, use
the
--login-config-certflag to specify the path to find the CA certificate. - It requires a browser to exist on the device. Use the
--no-browserflag to log in with a second device.
Get a kubeconfig file
After authenticating with the identity provider, get a kubeconfig file with
your user identity:
gdcloud clusters get-credentials CLUSTER_NAME
This creates or updates the kubeconfig file in the default path
${HOME}/.kube/config with the authenticated user and cluster.
Consider the following when generating or updating your kubeconfig file:
- Specify the desired path in the
KUBECONFIGenvironment path to save it to a different path. - The kubeconfig is a long-lived file, however the token authenticating the
user is short-lived. If a kubeconfig file stops working, run the
gdcloud auth logincommand to authenticate again.