Obtaining Cluster Certificates¶
Function¶
This API is used to obtain certificates of a specified cluster in form of kubeconfig file.
URI¶
POST /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercert
Table 1 describes the parameters of this API.
Parameter | Mandatory | Description |
|---|---|---|
project_id | Yes | Project ID. For details about how to obtain the project ID, see How to Obtain Parameters in the API URI. |
cluster_id | Yes | Cluster ID. For details about how to obtain the cluster ID, see How to Obtain Parameters in the API URI. |
Request¶
Request parameters:
Table 2 andTable 3 describes the request parameters.
Parameter | Mandatory | Description |
|---|---|---|
Content-Type | Yes | Message body type (format). Possible values:
|
X-Auth-Token | Yes | Requests for calling an API can be authenticated using either a token or AK/SK. If token-based authentication is used, this parameter is mandatory and must be set to a user token. For details on how to obtain a user token, see API Usage Guidelines. |
Parameter | Mandatory | Type | Description |
|---|---|---|---|
duration | Yes | Integer | Period during which a cluster certificate is valid, in days. Validity period of the cluster certificate, in days. A cluster certificate can be valid for 1 to 1,825 days. If this parameter is set to -1, the validity period is 1,825 days (about 5 years). Minimum: 1 Maximum: 1825 |
Example request:
Applying for a cluster access certificate valid for 30 days
{
"duration": 30
}
Response¶
Response parameters:
Table 4 describes the response parameters.
Parameter | Type | Description |
|---|---|---|
kind | String | API type. The value is fixed at Config and cannot be changed. |
apiVersion | String | API version. The value is fixed at v1 and cannot be changed. |
preferences | Object | This field is not used currently and is left unspecified by default. |
clusters | Array of clusters objects | Cluster list. |
users | Array of users objects | Certificate information and client key information of a specified user. |
contexts | Array of contexts objects | Context list. |
current-context | String | Current context. If publicIp (VM EIP) exists, the value is external. If publicIp does not exist, the value is internal. |
Parameter | Type | Description |
|---|---|---|
name | String | Cluster name.
|
cluster | cluster object | Cluster information. |
Parameter | Type | Description |
|---|---|---|
server | String | Node IP address. |
certificate-authority-data | String | Certificate authorization data. |
insecure-skip-tls-verify | Boolean | Whether to skip the server certificate verification. If the cluster type is externalCluster, the value is true. |
Parameter | Type | Description |
|---|---|---|
name | String | The value is fixed to user. |
user | user object | Stores the certificate information and ClientKey information of a specified user. |
Parameter | Type | Description |
|---|---|---|
client-certificate-data | String | Client certificate. |
client-key-data | String | Contains PEM encoding data from the TLS client key file. |
Parameter | Type | Description |
|---|---|---|
name | String | Context name.
|
context | context object | Context information. |
Parameter | Type | Description |
|---|---|---|
cluster | String | Cluster context. |
user | String | User context. |
Response example:
{
"kind": "Config",
"apiVersion": "v1",
"preferences": {},
"clusters": [
{
"name": "internalCluster",
"cluster": {
"server": "https://192.168.1.7:5443",
"certificate-authority-data": ""
}
}
],
"users": [
{
"name": "user",
"user": {
"client-certificate-data": "",
"client-key-data": ""
}
}
],
"contexts": [
{
"name": "internal",
"context": {
"cluster": "internalCluster",
"user": "user"
}
}
],
"current-context": "internal"
}
Status Code¶
Table 11 describes the status code of this API.
Status Code | Description |
|---|---|
200 | Certificates of the specified cluster are successfully obtained. |
For details about error status codes, see Status Code.