wf access cluster
wf access cluster
Provides short-lived access to a cluster accessible in your workspace
Synopsis
Provides kubectl access to a cluster and/or namespace in your workspace.
Choose a role representing the access you need to receive time-limited permission to perform activities against your namespace or cluster.
When this access expires simply re-run wf access cluster.
Run without any parameters to be prompted for all values.
wf access cluster [flags]
Examples
# General usage:
$ wf access cluster [clustername [namespacename]] [--role rolename]
# Get access as a namespace admin in a cluster:
$ wf access cluster clustername namespacename --role namespace.admin
# To be prompted for possible clusters, namespaces and roles, omit those
# parameters, e.g.:
$ wf access cluster
$ wf access cluster clustername
# Use kubectl after using $ wf access cluster, for example:
$ kubectl -n namespacename get pods
# Get access without changing your current kubectl context:
$ wf access cluster clustername namespacename --role namespace.admin --no-context-change
# With --no-context-change you must use the correct context with kubectl:
$ kubectl --context workspacename.clustername -n namespacename
# Using wf access cluster clustername namespacename --role rolename is
# equivalent to running these two commands:
$ wf assume rolename --cluster clustername --namespace namespacename
$ wf kubeconfig --cluster clustername --namespace namespacename
Options
-c, --cluster string cluster to access
--expire duration Expiration of the role assumption. If provided, implies --force-new. Defaults to 1hr if not provided.
--explain provides an explanation as to why the role cannot be assumed
--force-new Forces creation of a new role assumption even if an existing session is active and still valid. Automatically set if an explicit --expire is provided.
-h, --help help for cluster
-n, --namespace string namespace to access
--no-context-change leaves your current kubectl default context unchanged
--no-role prepares kube context without assuming a role (default if using an access token)
--quiet Suppresses all non-essential output
-r, --role string role to assume
--timeout duration Timeout for access to be granted. Defaults to 20s if not provided. (default 30s)
Options inherited from parent commands
--debug Debug / trace logging (default: false)
--force Force operation to happen (default: false)
--no-wait Do not wait for resources to provision
-o, --output string Output format of the resource (json,yaml,table) (default "table")
--profile string Use a profile other than your current - to change current: wf use profile NAME
--show-headers Display headers on table out (default true)
--verbose Verbose logging (default: false)
-w, --workspace string Workspace to use - to change default: wf use workspace NAME
SEE ALSO
- wf access - Gains access to a Wayfinder-managed resource