Obtaining Cluster Certificates
Function
This API is used to obtain certificates of a specified cluster in form of kubeconfig file.
URI
POST /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercert
Table 1 describes the parameters of this API.
Parameter | Mandatory | Description |
|---|---|---|
project_id | Yes | Project ID. For details about how to obtain the project ID, see How to Obtain Parameters in the API URI. |
cluster_id | Yes | Cluster ID. For details about how to obtain the cluster ID, see How to Obtain Parameters in the API URI. |
Request
Request parameters:
Parameter | Mandatory | Description |
|---|---|---|
Content-Type | Yes | Message body type (format). Possible values:
|
X-Auth-Token | Yes | Requests for calling an API can be authenticated using either a token or AK/SK. If token-based authentication is used, this parameter is mandatory and must be set to a user token. For details on how to obtain a user token, see Obtaining a User Token. |
Parameter | Mandatory | Type | Description |
|---|---|---|---|
duration | Yes | Integer | Period during which a cluster certificate is valid, in days. Validity period of the cluster certificate, in days. A cluster certificate can be valid for 1 to 1,825 days. If this parameter is set to -1, the validity period is 1,825 days (about 5 years). Minimum: 1 Maximum: 1825 |
Example request:
Applying for a cluster access certificate valid for 30 days
{"duration": 30}
Response
Response parameters:
Table 4 describes the response parameters.
Parameter | Type | Description |
|---|---|---|
kind | String | API type. The value is fixed at Config and cannot be changed. |
apiVersion | String | API version. The value is fixed at v1 and cannot be changed. |
preferences | Object | This field is not used currently and is left unspecified by default. |
clusters | Array of clusters objects | Cluster list. |
users | Array of users objects | Certificate information and client key information of a specified user. |
contexts | Array of contexts objects | Context list. |
current-context | String | Current context. If publicIp (VM EIP) exists, the value is external. If publicIp does not exist, the value is internal. |
Parameter | Type | Description |
|---|---|---|
name | String | Cluster name.
|
cluster | cluster object | Cluster information. |
Parameter | Type | Description |
|---|---|---|
server | String | Node IP address. |
certificate-authority-data | String | Certificate authorization data. |
insecure-skip-tls-verify | Boolean | Whether to skip the server certificate verification. If the cluster type is externalCluster, the value is true. |
Parameter | Type | Description |
|---|---|---|
name | String | The value is fixed to user. |
user | user object | Stores the certificate information and ClientKey information of a specified user. |
Parameter | Type | Description |
|---|---|---|
client-certificate-data | String | Client certificate. |
client-key-data | String | Contains PEM encoding data from the TLS client key file. |
Parameter | Type | Description |
|---|---|---|
name | String | Context name.
|
context | context object | Context information. |
Parameter | Type | Description |
|---|---|---|
cluster | String | Cluster context. |
user | String | User context. |
Response example:
{"kind": "Config","apiVersion": "v1","preferences": {},"clusters": [{"name": "internalCluster","cluster": {"server": "https://192.168.1.7:5443","certificate-authority-data": ""}}],"users": [{"name": "user","user": {"client-certificate-data": "","client-key-data": ""}}],"contexts": [{"name": "internal","context": {"cluster": "internalCluster","user": "user"}}],"current-context": "internal"}
Status Code
Table 11 describes the status code of this API.
Status Code | Description |
|---|---|
200 | Certificates of the specified cluster are successfully obtained. |
For details about error status codes, see Status Code.
- Function
- URI
- Request
- Response
- Status Code