diff --git a/content/rancher/v2.x/en/quick-start-guide/cli/_index.md b/content/rancher/v2.x/en/quick-start-guide/cli/_index.md index a98628f4e01..1a15b4d409a 100644 --- a/content/rancher/v2.x/en/quick-start-guide/cli/_index.md +++ b/content/rancher/v2.x/en/quick-start-guide/cli/_index.md @@ -20,20 +20,22 @@ Configure kubectl by visiting your cluster in the Rancher Web UI then clicking o Run `kubectl cluster-info` or `kubectl get pods` successfully. +## Authentication with kubectl and kubeconfig Tokens with TTL + _**Available as of v2.4.6**_ _Requirements_ -If admins have [enforced TTL on kubeconfig tokens](../../api/api-tokens/#setting-ttl-on-kubeconfig-tokens), the kubeconfig file requires [rancher cli](../cli) to be present in your PATH when you run `kubectl`. Otherwise, you’ll see error like: +If admins have [enforced TTL on kubeconfig tokens](../../api/api-tokens/#setting-ttl-on-kubeconfig-tokens), the kubeconfig file requires the [Rancher cli](../cli) to be present in your PATH when you run `kubectl`. Otherwise, you’ll see error like: `Unable to connect to the server: getting credentials: exec: exec: "rancher": executable file not found in $PATH`. -This feature enables kubectl to authenticate with rancher server and get new kubeconfig token when required. Following auth providers are currently supported: +This feature enables kubectl to authenticate with the Rancher server and get a new kubeconfig token when required. The following auth providers are currently supported: 1. Local 2. Active Directory 3. FreeIpa, OpenLdap 4. SAML providers - Ping, Okta, ADFS, Keycloak, Shibboleth -When you first run kubectl like, `kubectl get pods` - it will ask you to pick an auth provider and login with rancher server. -The kubeconfig token is cached in the path where you run kubectl under `./.cache/token`. This token is valid till [it expires](../../api/api-tokens/#expiration-period), or [gets deleted from rancher server](../../api/api-tokens/#deleting-tokens) -Upon expiration, the next `kubectl get pods` will ask you to login with rancher server again. +When you first run kubectl, for example, `kubectl get pods`, it will ask you to pick an auth provider and log in with the Rancher server. +The kubeconfig token is cached in the path where you run kubectl under `./.cache/token`. This token is valid till [it expires](../../api/api-tokens/#expiration-period), or [gets deleted from the Rancher server](../../api/api-tokens/#deleting-tokens) +Upon expiration, the next `kubectl get pods` will ask you to log in with the Rancher server again.