OpenShift - oc login command

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

The oc login command is used to authenticate against the API service in the master node. The oc config view or oc get apiserver commands can be used to display the API Server URL ( in this example), but you need to be logged in to use these commands.

oc login



Before version 4.7 of OpenShift, the oc login command could be used without the -u or --username option. Starting with version 4.7, if the -u or --username option is not include, "you must obtain an API token" will be returned. Refer to How to resolve "you must obtain an API token" on OpenShift.


If you provide a bogus host to connect to, something like this will be displayed.

~]# oc login
error: dial tcp: lookup on no such host - verify you have provided the correct host and port and that the server is currently running.


On the other hand, after providing a valid hostname, you should be prompted to provide your username . . .

Authentication required for (openshift)


. . . and password.



Or, your username and password can be included.

oc login -u=<username> -p=<password>


Or, a token can be used, so that you don't need to authenticate with a username and password. Obviously, replace "abc123" with the actual token.

oc login --token=abc123


If the authentication attempt fails, something like this should be displayed.

Login failed (401 Unauthorized)
Verify you have provided correct credentials.


If you are authenticated, something like this should be displayed.

Login successful.

You have access to 193 projects, the list has been suppressed. You can list all projects with 'oc projects'

Using project "default".
Welcome! See 'oc help' to get started.


If the /home/your_username/.kube/confilg does not exist, it will be created after the first successful log in. Here is an example of the ~/.kube/config file.

apiVersion: v1
- cluster:
- context:
    namespace: default
    user: john.doe
  name: default/
current-context: default/
kind: Config
preferences: {}
- name: john.doe
    token: Mn8cvscRkYgEUo_DcoUHUk3Z7Cu8W2RQikRBwmglet8


The --kubeconfig option can be used to specify the ~/.kube/config file to use, like this.

oc login --kubeconfig /home/john.doe/.kube/config


When debugging some issue, you may want to use the --loglevel option.

oc login --loglevel=6


In this scenario, log level 6 is probably a good starting place, and should return output like this.

I0128 07:06:43.146516   27366 loader.go:375] Config loaded from file:  /home/john.doe/.kube/config
I0128 07:06:43.238439   27366 round_trippers.go:443] HEAD 403 Forbidden in 90 milliseconds
I0128 07:06:43.238471   27366 request_token.go:86] GSSAPI Enabled
I0128 07:06:43.240481   27366 round_trippers.go:443] GET 200 OK in 1 milliseconds
I0128 07:06:43.258731   27366 request_token.go:447] using system roots as no error was encountered
I0128 07:06:43.288514   27366 round_trippers.go:443] GET 401 Unauthorized in 29 milliseconds
Authentication required for (openshift)
Username: john.doe
I0128 07:06:49.834683   27366 round_trippers.go:443] GET 302 Found in 79 milliseconds
I0128 07:06:49.891957   27366 round_trippers.go:443] POST 200 OK in 57 milliseconds
I0128 07:06:49.921048   27366 round_trippers.go:443] GET 200 OK in 28 milliseconds
Login successful.


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter ab2c3 in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |