Wednesday, March 28, 2018

VMware Pivotal Container Service – User Account and Authentication CLI

Continuing my series of command lines options for managing VMware Pivotal Container Service (PKS), today I present you the User Account and Authentication command line.

The primary role of UAAC is to create, delete and manage users within the context of PKS, which means give Cloud Admins authority to create and manage Kubernetes clusters themselves, giving them the freedom and agility the business demands.

Let's see how easy it is:

*** Installing UAAC CLI ***
UAAC is installed with the use of gem, which allows you to interact with RubyGems, so in order to use it first, we need to install ruby and ruby-dev.
Obs: I’m using Ubuntu, if you are using other distribution use the accordingly install tool.

- Install Ruby
Run: apt install ruby

- Install ruby-dev
Run: apt install ruby-dev

Now that the prerequisites are done, let's install UAAC
- Install UAAC
Run: gem install cf-uaac

To make sure UAAC has been installed successfully
- Testing UAAC installation
Run: uaac version


*** Connecting to PKS ***
With UAAC installed the first thing we have to do is point it to our PKS target.

- Targeting PKS
Run: uaac target https://”UAA_URL”:8443 --skip-ssl-validation

During Pivotal Container Service Tile configuration, we set up the UAA URL.

 
Once the target is configured, log in with the credential to perform the actions you want.
 Since I want to create users I’m using admin.

- Login to UAA
Run: uaac token client get admin -s “password”

You can find the password as part of Pivotal Container Service Tile


































*** Creating Users ***
Now it’s just a matter of adding the users

- create user
Run: uaac user add “user_id” --emails “e-mail” -p “password”

The final thing is to attribute some privileges to the user
- adjusting group membership
Run: uaac member add “group” “user_id”

Thinking about PKS cluster’s management we have two main groups;
- pks.clusters.admin: allow the user to create and manage all clusters within the system;
- pks.clusters.manage: allow the user to create and manage only the cluster’s they own;

That’s all I have for today’s post, next one I will show you how to create Kubernetes cluster with the users we just created.

Stay tuned


2 comments:

Unknown said...

I am unable to set target using uaac target https://”UAA_URL”:8443 --skip-ssl-validation. How to validate UAA_URL? I am getting following error: uaac target https://pks-api.pksexample.com:8443 --skip-ssl-validation
failed to access https://pks-api.pksexample.com:8443: error: getaddrinfo: Name or service not known (pks-api.pksexample.com:8443)

Eduardo Meirelles da Rocha said...

Hi there, it looks more like a name resolution issue !!! Did you register that on your DNS system ?
You can test connection on port 8443 to be sure it's responding properly, telnet or similar tool can help.
Also check https://github.com/cloudfoundry/bosh-lite/issues/50

Post a Comment

Who am I

My photo
I’m an IT specialist with over 15 years of experience, working from IT infrastructure to management products, troubleshooting and project management skills from medium to large environments. Nowadays I'm working for VMware as a Consulting Architect, helping customers to embrace the Cloud Era and make them successfully on their journey. Despite the fact I'm a VMware employee these postings reflect my own opinion and do not represents VMware's position, strategies or opinions. Reach me at @dumeirell

Most Viewed Posts

Blog Archive