Configure PKS API Access
Page last updated:
This topic describes how to configure access to the Pivotal Container Service (PKS) API. See PKS API Authentication for more information about how the PKS API and UAA interact with your PKS deployment.
To configure routing to the PKS API, perform the following steps:
Configure an external load balancer to forward traffic to the PKS API endpoint. For more information, see the Configure External Load Balancer section of Installing and Configuring PKS.
Note: If your PKS installation is integrated with NSX-T, map the external load balancer to the DNAT IP address assigned in the Apply Changes and Retrieve the PKS Endpoint section of Installing and Configuring PKS with NSX-T Integration.
Configure a DNS entry that points to the load balancer and uses the domain configured in the PKS API section of Installing and Configuring PKS.
Locate your Ops Manager root CA certificate.
- If Ops Manager generated your certificate, refer to the Retrieving the Root Certificate section of Managing TLS Certificates.
- If you provided your own certificate, copy and paste the certificate you entered in the PKS API page into a file.
Locate the URL of your UAA server. You configured this URL in the UAA section of Installing and Configuring PKS.
uaac target UAA-URL --ca-cert ROOT-CA-FILENAMEto target the UAA server. Replace
UAA-URLwith the URL of your UAA server and
ROOT-CA-FILENAMEwith the certificate file you downloaded in a previous step. For example:
$ uaac target api.pks.example.com:8443 --ca-cert my-cert.cert
uaac token client get admin -s UAA-ADMIN-SECRETto request a token from the UAA server. Replace
UAA-ADMIN-SECRETwith your UAA admin secret. Refer to Ops Manager > Pivotal Container Service > Credentials > Uaa Admin Secret to retrieve this value.
Grant cluster access to new or existing users with UAA. For more information on granting cluster access to users or creating users, see the Grant Cluster Access to a User section of Managing Users in UAA.
pks login -a UAA-URL -u USERNAME -p PASSWORD -kto log in to the PKS CLI. Replace the
UAA-URLwith the URL of your UAA server,
USERNAMEwith your username, and
PASSWORDwith your password. For example:
$ pks login -a api.pks.example.com -u alana -p my-password -k
Please send any feedback you have to email@example.com.