Pivotal Container Service v1.0

Configure PKS API Access

Page last updated:

This topic describes how to configure access to the Pivotal Container Service (PKS) API. See PKS API Authentication for more information about how the PKS API and UAA interact with your PKS deployment.

Configure Routing to the PKS API

To configure routing to the PKS API, perform the following steps:

  1. Configure an external load balancer to forward traffic to the PKS API endpoint. For more information, see the Configure External Load Balancer section of Installing and Configuring PKS on GCP or vSphere.

    Note: If your PKS installation is integrated with NSX-T, map the external load balancer to the DNAT IP address assigned in the Apply Changes and Retrieve the PKS Endpoint section of Installing and Configuring PKS with NSX-T Integration.

  2. Configure a DNS entry that points to the load balancer and uses the domain configured in the PKS API section of Installing and Configuring PKS on GCP or vSphere.

Configure Access to the PKS API

  1. Locate your Ops Manager root CA certificate.

    • If Ops Manager generated your certificate, refer to the Retrieve the Root CA Certificate section of Managing Non-Configurable TLS/SSL Certificates.
    • If you provided your own certificate, copy and paste the certificate you entered in the PKS API page into a file.
  2. Locate the URL of your UAA server. You configured this URL in the UAA section of Installing and Configuring PKS on GCP or vSphere.

  3. Run uaac target UAA-URL --ca-cert ROOT-CA-FILENAME to target the UAA server. Replace UAA-URL with the URL of your UAA server and ROOT-CA-FILENAME with the certificate file you downloaded in a previous step. For example:

    $ uaac target --ca-cert my-cert.cert

  4. Run uaac token client get admin -s UAA-ADMIN-SECRET to request a token from the UAA server. Replace UAA-ADMIN-SECRET with your UAA admin secret. Refer to Ops Manager > Pivotal Container Service > Credentials > Uaa Admin Secret to retrieve this value.

  5. Grant cluster access to new or existing users with UAA. See the Grant Cluster Access section of Managing Users in UAA for more information.

  6. Run pks login -a UAA-URL -u USERNAME -p PASSWORD -k to log in to the PKS CLI. Replace the UAA-URL with the URL of your UAA server, USERNAME with your username, and PASSWORD with your password. For example:

    $ pks login -a -u alana -p my-password -k

Create a pull request or raise an issue on the source for this page in GitHub