1. Manuals
  2. Tumbleweed
  3. oc
  4. oc-login(1)

Scroll to navigation

OC(1) June 2016 OC(1)

NAME

oc login - Log in to a server

SYNOPSIS

oc login [OPTIONS]

DESCRIPTION

Log in to your server and save login for subsequent use.

First-time users of the client should run this command to connect to a server, establish an authenticated session, and save connection to the configuration file. The default configuration will be saved to your home directory under ".kube/config".

The information required to login -- like username and password, a session token, or the server details -- can be provided through flags. If not provided, the command will prompt for user input as needed. It is also possible to login through a web browser by providing the respective flag.

OPTIONS

-c, --callback-port=0
Port for the callback server when using --web. Defaults to a random open port

--client-id=""
Experimental: Client ID for external OIDC issuer. Only supports Auth Code + PKCE. Required.

--client-secret=""
Experimental: Client secret for external OIDC issuer. Optional.

--exec-plugin=""
Experimental: Specify credentials exec plugin type to be used to authenticate external OIDC issuer. Currently only 'oc-oidc' is supported

--extra-scopes=[]
Experimental: Extra scopes for external OIDC issuer. Optional.

--issuer-url=""
Experimental: Issuer url for external issuer. Required.

--oidc-certificate-authority=""
Experimental: The path to a certificate authority bundle to use when communicating with external OIDC issuer.

-p, --password=""
Password for server

-u, --username=""
Username for server

-w, --web=false
Login with web browser. Starts a local HTTP callback server to perform the OAuth2 Authorization Code Grant flow. Use with caution on multi-user systems, as the server's port will be open to all users.

OPTIONS INHERITED FROM PARENT COMMANDS

--as=""
Username to impersonate for the operation. User could be a regular user or a service account in a namespace.

--as-group=[]
Group to impersonate for the operation, this flag can be repeated to specify multiple groups.

--as-uid=""
UID to impersonate for the operation.

--cache-dir="/home/abuild/.kube/cache"
Default cache directory

--certificate-authority=""
Path to a cert file for the certificate authority

--client-certificate=""
Path to a client certificate file for TLS

--client-key=""
Path to a client key file for TLS

--cluster=""
The name of the kubeconfig cluster to use

--context=""
The name of the kubeconfig context to use

--disable-compression=false
If true, opt-out of response compression for all requests to the server

--insecure-skip-tls-verify=false
If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure

--kubeconfig=""
Path to the kubeconfig file to use for CLI requests.

--match-server-version=false
Require server version to match client version

-n, --namespace=""
If present, the namespace scope for this CLI request

--profile="none"
Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)

--profile-output="profile.pprof"
Name of the file to write the profile to

--request-timeout="0"
The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.

-s, --server=""
The address and port of the Kubernetes API server

--tls-server-name=""
Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used

--token=""
Bearer token for authentication to the API server

--user=""
The name of the kubeconfig user to use

--warnings-as-errors=false
Treat warnings received from the server as errors and exit with a non-zero exit code

EXAMPLE



  # Log in interactively


  oc login --username=myuser


  


  # Log in to the given server with the given certificate authority file


  oc login localhost:8443 --certificate-authority=/path/to/cert.crt


  


  # Log in to the given server with the given credentials (will not prompt interactively)


  oc login localhost:8443 --username=myuser --password=mypass


  


  # Log in to the given server through a browser


  oc login localhost:8443 --web --callback-port 8280


  


  # Log in to the external OIDC issuer through Auth Code + PKCE by starting a local server listening on port 8080


  oc login localhost:8443 --exec-plugin=oc-oidc --client-id=client-id --extra-scopes=email,profile --callback-port=8080

SEE ALSO

oc(1),

HISTORY

June 2016, Ported from the Kubernetes man-doc generator

Openshift CLI User Manuals Openshift