Command-Line Options Reference

pinniped version

Print the version of this Pinniped CLI.

pinniped version [flags]

• -h, --help:

  help for kubeconfig

pinniped get kubeconfig

Generate a Pinniped-based kubeconfig for a cluster.

pinniped get kubeconfig [flags]

• -h, --help:

  help for kubeconfig

• --concierge-api-group-suffix string:

  Concierge API group suffix (default “pinniped.dev”)

• --concierge-authenticator-name string:

  Concierge authenticator name (default: autodiscover)

• --concierge-authenticator-type string:

  Concierge authenticator type (e.g., ‘webhook’, ‘jwt’) (default: autodiscover)

• --kubeconfig string:

  Path to kubeconfig file

• --kubeconfig-context string:

  Kubeconfig context name (default: current active context)

• --no-concierge:

  Generate a configuration which does not use the concierge, but sends the credential to the cluster directly

• --oidc-ca-bundle strings:

  Path to TLS certificate authority bundle (PEM format, optional, can be repeated)

• --oidc-client-id string:

  OpenID Connect client ID (default: autodiscover) (default “pinniped-cli”)

• --oidc-issuer string:

  OpenID Connect issuer URL (default: autodiscover)

• --oidc-listen-port uint16:

  TCP port for localhost listener (authorization code flow only)

• --oidc-request-audience string:

  Request a token with an alternate audience using RFC8693 token exchange

• --oidc-scopes strings:

  OpenID Connect scopes to request during login (default [offline_access,openid,pinniped:request-audience])

• --oidc-session-cache string:

  Path to OpenID Connect session cache file

• --oidc-skip-browser:

  During OpenID Connect login, skip opening the browser (just print the URL)

• --static-token string:

  Instead of doing an OIDC-based login, specify a static token

• --static-token-env string:

  Instead of doing an OIDC-based login, read a static token from the environment