Pinniped Documentation
Command-Line Options Reference
pinniped version
Print the version of this Pinniped CLI.
pinniped version [flags]
-h
,--help
:help for kubeconfig
pinniped get kubeconfig
Generate a Pinniped-based kubeconfig for a cluster.
pinniped get kubeconfig [flags]
-h
,--help
:help for kubeconfig
--concierge-api-group-suffix string
:Concierge API group suffix (default “pinniped.dev”)
--concierge-authenticator-name string
:Concierge authenticator name (default: autodiscover)
--concierge-authenticator-type string
:Concierge authenticator type (e.g., ‘webhook’, ‘jwt’) (default: autodiscover)
--kubeconfig string
:Path to kubeconfig file
--kubeconfig-context string
:Kubeconfig context name (default: current active context)
--no-concierge
:Generate a configuration which does not use the concierge, but sends the credential to the cluster directly
--oidc-ca-bundle strings
:Path to TLS certificate authority bundle (PEM format, optional, can be repeated)
--oidc-client-id string
:OpenID Connect client ID (default: autodiscover) (default “pinniped-cli”)
--oidc-issuer string
:OpenID Connect issuer URL (default: autodiscover)
--oidc-listen-port uint16
:TCP port for localhost listener (authorization code flow only)
--oidc-request-audience string
:Request a token with an alternate audience using RFC8693 token exchange
--oidc-scopes strings
:OpenID Connect scopes to request during login (default [offline_access,openid,pinniped:request-audience])
--oidc-session-cache string
:Path to OpenID Connect session cache file
--oidc-skip-browser
:During OpenID Connect login, skip opening the browser (just print the URL)
--static-token string
:Instead of doing an OIDC-based login, specify a static token
--static-token-env string
:Instead of doing an OIDC-based login, read a static token from the environment