Skip to main content

wf access env

wf access env

Provides short-lived access to the namespace for an app environment owned by your workspace

Synopsis

Provides kubectl access to the namespace for an application environment (AppEnv) in your workspace.

Choose a role representing the access you need to receive time-limited permission to perform activities against your environment's namespace.

When this access expires simply re-run wf access env.

Run without any parameters to be prompted for all values.

wf access env [flags]

Examples


# General usage:
$ wf access env APPNAME ENVNAME [--role rolename]

# Get access as a namespace edit to the dev1 environment of app myapp:
$ wf access env myapp dev1 --role namespace.edit

# Use kubectl after using $ wf access env, for example:
$ kubectl get pods

Options

  -c, --cluster string      cluster to access
      --expire duration     Expiration of the role assumption. If provided, implies --force-new. Defaults to 1hr if not provided.
      --explain             provides an explanation as to why the role cannot be assumed
      --force-new           Forces creation of a new role assumption even if an existing session is active and still valid. Automatically set if an explicit --expire is provided.
  -h, --help                help for env
  -n, --namespace string    namespace to access
      --no-context-change   leaves your current kubectl default context unchanged
      --no-role             prepares kube context without assuming a role (default if using an access token)
      --quiet               Suppresses all non-essential output
  -r, --role string         role to assume
      --timeout duration    Timeout for access to be granted. Defaults to 20s if not provided. (default 30s)
      --use-auth-proxy      Uses the legacy auth proxy (pre-v2.4) to access the cluster

Options inherited from parent commands

      --debug              Indicates we should use debug / trace logging (default: false)
      --force              Used to force an operation to happen (default: false)
      --no-wait            Indicates we should not wait for resources to provision
  -o, --output string      Output format of the resource (json,yaml,table,template) (default "table")
      --profile string     Use a profile other than your default for this command
      --show-headers       Indicates we should display headers on table out (default true)
      --verbose            Enables verbose logging for debugging purposes (default: false)
  -w, --workspace string   The workspace you are operating within

SEE ALSO

  • wf access - Gains access to a Wayfinder-managed resource
Last updated on 11 Mar 2024