Zum Inhalt springen
Produkte
Plattform
Developer Tools
Portal

Authentication

Diese Seite ist noch nicht in deiner Sprache verfügbar. Englische Seite aufrufen

Introduction

Section titled “Introduction”

This guide provides instructions on how to authenticate with your STACKIT Edge Cloud (STEC) instances. You can authenticate as a user through the command-line interface (CLI) and the web UI, or set up machine-to-machine authentication for automated processes.

For a high-level introduction on authentication and the different authentication layers please review the advanced topics. This guide only outlines the steps required to get you started.

User authentication

Section titled “User authentication”

Use this method when you need to interact directly with your STACKIT Edge Cloud (STEC) instance as a human user.

The kubeconfig you get for your STEC instance contains a permanent, secret access token that you cannot revoke. Anyone with this token can perform actions based on its assigned permissions. You must protect the kubeconfig file from unauthorized access.

In this workflow you authenticate via the web UI using an access token retrieved from the STACKIT CLI.

Prerequisites

Before you begin, you need the following:

Steps

  1. Login with the STACKIT portal.

  2. Navigate to the Edge Cloud product in the Runtime section of the portal.

    Screenshot of the Edge Cloud instance list. The instance named "demo" with description "demo instance" is listed with the Status as "Active." The image shows the stable state of the provisioned Edge Cloud management plane.

  3. Click on the three dots next to the instance you want to authenticate with, then click on “credentials”

    Screenshot of the Edge Cloud instance list. The instance "demo" has an Active status. A vertical ellipsis (kebab menu) on the far right of the instance row has been clicked, revealing a dropdown menu with two options: "Delete" and "Credentials."

  4. You’ll be presented with a credentials UI that allows you to download the kubeconfig file, which you need to interact with your instance using the Kubernetes client of your choice, or a access-token, which you’ll need for machine-to-machine authentication as well as the STEC web UI. For now, click on ‘token’ and ‘generate’. Copy the token into your clipboard, you’ll need it in the next step.

    A screenshot of the STACKIT Portal interface, specifically within the Edge Cloud section. A modal window titled "Credentials" is centrally displayed. The text explains that access to the Edge Management Plane requires either a Token or a Kubeconfig for the Kubernetes API server. Below this, there are two buttons to select the Credential type: Kubeconfig (unselected) and Token (selected, highlighted in light blue). An Expiration field is visible, set to "10 Minutes" by default. At the bottom right of the modal are a Cancel button and a highlighted Generate button, which is the next action the user is prompted to take. The surrounding portal interface shows a left navigation menu with options like Runtime, Security, and Networking.

  5. Open the web UI of your STEC instance by clicking the “Go to Edge UI” link from the STACKIT Portal. Alternatively, you can fetch the URL via the CLI, as described in the ordering documentation.

    Screenshot of the Edge Cloud instance list. The instance named "demo" with description "demo instance" is listed with the Status as "Active." The image shows the stable state of the provisioned Edge Cloud management plane.

  6. Paste the access token into the “Cluster Token” field and click the “Login” button.

    A screenshot of the STACKIT Edge Cloud login screen. The main panel is dark and features the title "Cluster Token". Below the title is a heavily redacted text field containing the generated token, which appears as a long string of dots and dashes, protecting sensitive information. Beneath the token field is a small, unpopulated input field labeled "Login", suggesting the user needs to paste the token and click a login button (though a distinct button isn't immediately visible, the Login field acts as the primary action point). The left sidebar displays an Overview menu with only a Login link visible. The footer shows typical links like Imprint, Report content, Terms & Conditions, and Data Protection, with the UI version labeled v0.6.1 BETA.

  7. You’re now logged into the web UI of your STEC instance.

    A screenshot of the STACKIT Edge Cloud portal Dashboard after successful login. The dashboard is divided into several main sections. The left sidebar shows the Overview menu with Dashboard selected, and asset menus for Assets (Images) and Computing (Hosts, Clusters). The main content area is structured into four quadrants. The top-right section has two actionable buttons: Create Image and Download talosctl. The center area prominently displays two column headers: Clusters and Hosts. The bottom section shows two data tables: one labeled Clusters ("Browse a list of clusters that have been created and view their size and status") and one labeled Hosts ("Browse a list of hosts that have been created and view their specifications and status"). Both tables currently appear empty, only showing column headers for NAME, NODES, and STATUS (for Clusters) and NAME and STATUS (for Hosts).

Machine-to-machine authentication

Section titled “Machine-to-machine authentication”

Use machine-to-machine authentication for automated workflows, such as CI/CD pipelines with tools like Argo CD. This ensures your tools can communicate securely with one or more STACKIT Edge Cloud (STEC) instances. Such systems use access tokens to authenticate with STACKIT Edge-Cloud.

The token you get for your STEC instance contains a permanent, secret access token that you cannot revoke. Anyone with this token can perform actions based on its assigned permissions. You must protect the token file from unauthorized access.

Prerequisites

Before you begin, you need the following:

Steps

  1. Login with the STACKIT CLI.

    Terminal window
    > stackit auth login
    Successfully logged into STACKIT CLI.

  2. Set the STACKIT project to use and configure a STACKIT CLI profile.

    Terminal window
    ## Parent folder / organization you belong to
    > PARENT_FOLDER="12345678-abcd-abcd-abcd-12345678"
    

    ### Name of the project to create your STEC instance in
    > PROJECT_NAME="YOUR-PROJECT"
    

    ### Find the project ID
    > PROJECT_ID=$(stackit project list --parent-id $PARENT_FOLDER -o json | jq -r --arg NAME "$PROJECT_NAME" 'map(select(.name == $NAME)) | if length > 1 then error("Expected exactly one element, but found (length) elements.") else.[0] end |.projectId')
    

    > echo $PROJECT_ID
    12345678-ffff-abcd-ffff-12345678
    

    ### Configure the CLI profile to use the selected project
    > stackit config profile create $PROJECT_NAME
    > stackit config set --project-id $PROJECT_ID
    > stackit config profile set $PROJECT_NAME

  3. Fetch an access token for your instance and copy it.

    Terminal window
    > stackit beta edge-cloud token create --name demo --expiration 1d
    

    eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWU...pvaG4gRG9lIiwiYW

  4. You can use this token for machine-to-machine authentication.