Authenticate to the cluster

Prerequisites

Kubectl

Kubectl is the Kubernetes command-line tool that allows you to interact with the Kubernetes API.

Install kubectl

Tip

We recommend using the same version as the Kubernetes API version, ask your administrator.

Pinniped

Pinniped is a Kubernetes authentication provider that allows you to authenticate to a cluster using OIDC.

Install Pinniped

Tip

We recommend using the same version as the Pinniped server version, ask your administrator.

Kubeconfig

Your organization will provide you with a Kubeconfig file. This file contains the necessary information to authenticate to the cluster.

Two options are available for the discovery of your Kubeconfigs:

• consolidate all the configurations in one file at $HOME/.kube/config
• load the configuration from specific file(s) using the KUBECONFIG environment variable
  • export KUBECONFIG=<path/to/kubeconfig>
  • export KUBECONFIG=<path/to/kubeconfig1>:<path/to/kubeconfig2>

Tip

If you have to manage multiple contexts within the same file, kubectx makes it easier to switch between them.

Check if your Kubeconfig was successfully loaded by running kubectl config view.

Authenticate

Then, interacting with the Kubernetes API with kubectl will, the first time, ask you to connect using your SSO credentials. Do so, and then re-execute the command.

$ kubectl auth whoami
# Follow instructions and login in to with your SSO account.
ATTRIBUTE   VALUE
Username    oidc:john.doe@example.com
Groups      [oidc:group1 oidc:group2 system:authenticated]
$ kubectl get namespaces
NAME                 STATUS   AGE
default              Active   42m
k8saas-system        Active   42m
kube-node-lease      Active   42m
kube-public          Active   42m
kube-system          Active   42m
[...]

Tip

If you have issue connecting with Pinniped, try resetting the cache with:

rm -vrf "$HOME/.config/pinniped"