Logging in to PKS

This topic describes how to log in to Pivotal Container Service (PKS).

Overview

To manage PKS-deployed clusters, you use the PKS Command Line Interface (CLI). When you log in to PKS successfully for the first time, the PKS CLI generates a local creds.yml file that contains the API endpoint, refresh token, access token, and CA certificate, if applicable.

By default, creds.yml is saved in the ~/.pks directory on your local system. You can use the PKS_HOME environment variable to override this location and store creds.yml in any directory on your system.

Prerequisites

Before you can log in to PKS, you must have the following:

  • A running PKS environment. See the Installing PKS section for your cloud provider.
  • The PKS CLI installed on your local system. See Installing the PKS CLI.
  • A username and password that has access to the PKS API. See Configuring PKS API Access.

Log in to the PKS CLI

Use the command in this section to log in as an individual user. The login procedure is the same for users created in UAA or users from external LDAP groups.

On the command line, run the following command in your terminal to log in to the PKS CLI:

pks login -a PKS-API -u USERNAME -p PASSWORD --ca-cert CERT-PATH

Replace the placeholder values in the command as follows:

  • PKS-API is the domain name for the PKS API that you entered in Ops Manager > Pivotal Container Service > PKS API > API Hostname (FQDN). For example, api.pks.example.com.

  • USERNAME and PASSWORD belong to the account you created in the Grant PKS Access to a User section of Managing Users in PKS with UAA. If you do not use -p to provide a password, the PKS CLI prompts for the password interactively. Pivotal recommends running the login command without the -p flag for added security.

  • CERT-PATH is the path to your root CA certificate. Provide the certificate to validate the PKS API certificate with SSL.

    For example:

    $ pks login -a api.pks.example.com -u alana \
    --ca-cert /var/tempest/workspaces/default/root_ca_certificate
    

    If you are logging in to a trusted environment, you can use -k to skip SSL verification instead of --ca-cert CERT-PATH.

    For example:

    $ pks login -a api.pks.example.com -u alana -k


Please send any feedback you have to pks-feedback@pivotal.io.