Logging in to PKS
This topic describes how to log in to Pivotal Container Service (PKS).
To manage PKS-deployed clusters, you use the PKS Command
Line Interface (CLI). When you log in to PKS successfully
for the first time, the PKS CLI generates a local
creds.yml file that contains
the API endpoint, refresh token, access token, and CA certificate, if applicable.
creds.yml is saved in the
~/.pks directory on your local system.
You can use the
PKS_HOME environment variable to override this location and
creds.yml in any directory on your system.
Before you can log in to PKS, you must have the following:
- A running PKS environment. See the Installing PKS section for your cloud provider.
- The PKS CLI installed on your local system. See Installing the PKS CLI.
- A username and password that has access to the PKS API. See Configuring PKS API Access.
Use the command in this section to log in as an individual user. The login procedure is the same for users created in UAA or users from external LDAP groups.
On the command line, run the following command in your terminal to log in to the PKS CLI:
pks login -a PKS-API -u USERNAME -p PASSWORD --ca-cert CERT-PATH
Replace the placeholder values in the command as follows:
PKS-APIis the domain name for the PKS API that you entered in Ops Manager > Pivotal Container Service > PKS API > API Hostname (FQDN). For example,
PASSWORDbelong to the account you created in the Grant PKS Access to a User section of Managing Users in PKS with UAA. If you do not use
-pto provide a password, the PKS CLI prompts for the password interactively. Pivotal recommends running the login command without the
-pflag for added security.
CERT-PATHis the path to your root CA certificate. Provide the certificate to validate the PKS API certificate with SSL.
$ pks login -a api.pks.example.com -u alana \ --ca-cert /var/tempest/workspaces/default/root_ca_certificate
If you are logging in to a trusted environment, you can use
-kto skip SSL verification instead of
$ pks login -a api.pks.example.com -u alana -k
Please send any feedback you have to firstname.lastname@example.org.