From fd9d641b5c2096ed05a1dd6ae98f9d2e5e092bc0 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Mon, 6 Jun 2022 09:47:50 -0700 Subject: [PATCH] Add doc for PINNIPED_UPSTREAM_IDENTITY_PROVIDER_FLOW env var --- site/content/docs/howto/login.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/site/content/docs/howto/login.md b/site/content/docs/howto/login.md index b2ae46a0..61034590 100644 --- a/site/content/docs/howto/login.md +++ b/site/content/docs/howto/login.md @@ -125,6 +125,11 @@ will depend on which type of identity provider was configured. Unlike the optional flow for OIDC providers described above, this optional flow does not need to be configured in the LDAPIdentityProvider or ActiveDirectoryIdentityProvider resource, so it is always available for end-users. +The flow selected by the `--upstream-identity-provider-flow` CLI flag may be overridden by using the +`PINNIPED_UPSTREAM_IDENTITY_PROVIDER_FLOW` environment variable for the CLI at runtime. This environment variable +may be set to the same values as the CLI flag (`browser_authcode` or `cli_password`). This allows a user to switch +flows based on their needs without editing their kubeconfig file. + Once the user completes authentication, the `kubectl` command will automatically continue and complete the user's requested command. For the example above, `kubectl` would list the cluster's namespaces.