Configure IAM CLI

The iamctl command-line interface uses the iamctl.yaml configuration file to interact with IAM.

To create the IAM CLI configuration file:

1. Log in to the management cluster.

2. If you do not have iamctl, install it using the download link for the latest version available in the Artifacts section of the current Container Cloud release. For details, see Mirantis Container Cloud releases.

3. Change the directory to one of the following:

   • $HOME/.iamctl

   • $HOME

   • $HOME/etc

   • /etc/iamctl

4. Create iamctl.yaml with the following exemplary parameters and values that correspond to your deployment:

   server: <IAM_API_ADDRESS>
   timeout: 60
   verbose: 99 # Verbosity level, from 0 to 99
   
   tls:
       enabled: true
       ca: <PATH_TO_CA_BUNDLE>
   
   auth:
       issuer: <IAM_REALM_IN_KEYCLOAK>
       ca: <PATH_TO_CA_BUNDLE>
       client_id: iam
       client_secret:
   

   • The <IAM_API_ADDRESS> value has the IAM_API_ADDRESS is <ip>:<port> / <dns-name> format.

   • The <IAM_REALM_IN_KEYCLOAK> value has the <keycloak-url>/auth/realms/<realm-name> format, where <realm-name> defaults to iam.