Pivotal Container Service v1.0

Configure PKS API Access

Page last updated:

This topic describes how to configure access to the Pivotal Container Service (PKS) API. See PKS API Authentication for more information about how the PKS API and UAA interact with your PKS deployment.

Configure Access to the PKS API

  1. Locate your Ops Manager root CA certificate.

    • If Ops Manager generated your certificate, refer to the Retrieving the Root Certificate section of Managing TLS Certificates.
    • If you provided your own certificate, copy and paste the certificate you entered in the PKS API page into a file.
  2. Locate the URL of your UAA server. You configured this URL in the UAA section of Installing and Configuring PKS.

  3. Run uaac target UAA-URL --ca-cert ROOT-CA-FILENAME to target the UAA server. Replace UAA-URL with the URL of your UAA server and ROOT-CA-FILENAME with the certificate file you downloaded in a previous step. For example:

    $ uaac target --ca-cert my-cert.cert

  4. Run uaac token client get admin -s UAA-ADMIN-SECRET to request a token from the UAA server. Replace UAA-ADMIN-SECRET with your UAA admin secret. Refer to Ops Manager > Pivotal Container Service > Credentials > Uaa Admin Secret to retrieve this value.

  5. Grant cluster access to new or existing users with UAA. For more information on granting cluster access to users or creating users, see the Grant Cluster Access to a User section of Managing Users in UAA.

  6. Run pks login -a UAA-URL -u USERNAME -p PASSWORD -k to log in to the PKS CLI. Replace the UAA-URL with the URL of your UAA server, USERNAME with your username, and PASSWORD with your password. For example:

    $ pks login -a -u alana -p my-password -k

Please send any feedback you have to

Create a pull request or raise an issue on the source for this page in GitHub