The gdcloud CLI authentication

This page details how to authenticate with your configured identity provider and get a kubeconfig file for your user identity and cluster.

Before you begin

The gdcloud init command must be run before the gdcloud auth login command.

Sign in with configured identity provider

Sign in with the configured identity provider:

gdcloud auth login

Follow the instructions to authenticate with your identity provider.

Consider the following when using the gdcloud auth login command:

  • It authenticates with the current organization. Run the gdcloud auth login command after switching organizations.
  • It requires that the certificate authority (CA) certificate for the login config is installed in the system's trusted certificates store. If the CA certificate is not installed, use the --login-config-cert flag to specify the path to find the CA certificate.
  • It requires a browser to exist on the device. Use the --no-browser flag to log in with a second device.

Get a kubeconfig file

After authenticating with the identity provider, get a kubeconfig file with your user identity:

gdcloud clusters get-credentials CLUSTER_NAME

This creates or updates the kubeconfig file in the default path ${HOME}/.kube/config with the authenticated user and cluster.

Consider the following when generating or updating your kubeconfig file:

  • Specify the desired path in the KUBECONFIG environment path to save it to a different path.
  • The kubeconfig is a long-lived file, however the token authenticating the user is short-lived. If a kubeconfig file stops working, run the gdcloud auth login command to authenticate again.