Help Center> Cloud Container Engine> API Reference> APIs> Cluster Management> Obtaining a Cluster Certificate

View PDF

Obtaining a Cluster Certificate

Function

This API is used to obtain a certificate of a specified cluster.

URI

POST /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercert

**Table 1** Path parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. For details about how to obtain the project ID, see How to Obtain Parameters in the API URI.
cluster_id	Yes	String	Cluster ID. For details about how to obtain the cluster ID, see How to Obtain Parameters in the API URI.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
Content-Type	Yes	String	Message body type (format). Default: application/json
X-Auth-Token	Yes	String	Requests for calling an API can be authenticated using either a token or AK/SK. If token-based authentication is used, this field is mandatory and must be set to a user token. For details about how to obtain a token, see Authentication. Maximum: 16384

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
duration	Yes	Integer	Validity period of the cluster certificate, in days. Non-administrator users can apply for a validity period of 1 to 30 days. Administrators can apply for a period of 1 to 30 days or unlimited days (set to -1). Minimum: -1 Maximum: 30

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
kind	String	API type. The value is fixed at Config and cannot be changed. Default: Config
apiVersion	String	API version. The value is fixed at v1.
preferences	Object	This field is not used currently and is left unspecified by default.
clusters	Array of Clusters objects	Cluster list.
users	Array of Users objects	Certificate information and client key information of a specified user.
contexts	Array of Contexts objects	Context list.
current-context	String	Current context. If publicIp (VM EIP) exists, the value is external. If publicIp does not exist, the value is internal.

**Table 5** Clusters
Parameter	Type	Description
name	String	Cluster name. If publicIp does not exist (that is, no VM EIP exists), there is only one cluster in the cluster list, and the value of this parameter is internalCluster. If publicIp exists (that is, the EIP exists), there are at least two clusters in the cluster list, and the value of this parameter is externalCluster.
cluster	ClusterCert object	Cluster information.

**Table 6** ClusterCert
Parameter	Type	Description
server	String	Server IP address.
certificate-authority-data	String	Certificate authorization data.
insecure-skip-tls-verify	Boolean	Whether to skip the server certificate verification. If the cluster type is externalCluster, the value is true.

**Table 7** Users
Parameter	Type	Description
name	String	The value is fixed at user.
user	User object	Certificate information and client key information of a specified user.

**Table 8** User
Parameter	Type	Description
client-certificate-data	String	Client certificate.
client-key-data	String	PEM encoding data from the TLS client key file.

**Table 9** Contexts
Parameter	Type	Description
name	String	Context name. If publicIp does not exist (that is, no VM EIP exists), there is only one cluster in the cluster list, and the value of this field is internal. If publicIp exists (that is, the EIP exists), there are at least two clusters in the cluster list, and the value of this field for all extension contexts is external.
context	Context object	Context information.

**Table 10** Context
Parameter	Type	Description
cluster	String	Cluster context.
user	String	User context.

Example Requests

Applying for a cluster access certificate valid for 30 days

{
  "duration" : 30
}

Example Responses

Status code: 200

The certificate of the specified cluster is successfully obtained. For details about the certificate file format, see the Kubernetes v1.Config structure.

{
  "kind" : "Config",
  "apiVersion" : "v1",
  "preferences" : { },
  "clusters" : [ {
    "name" : "internalCluster",
    "cluster" : {
      "server" : "https://192.168.1.7:5443",
      "certificate-authority-data" : "Q2VydGlmaWNhdGU6******FTkQgQ0VSVElGSUNBVEUtLS0tLQo="
    }
  } ],
  "users" : [ {
    "name" : "user",
    "user" : {
      "client-certificate-data" : "LS0tLS1CRUdJTiBDR******QVRFLS0tLS0K",
      "client-key-data" : "LS0tLS1CRUdJTi******BLRVktLS0tLQo="
    }
  } ],
  "contexts" : [ {
    "name" : "internal",
    "context" : {
      "cluster" : "internalCluster",
      "user" : "user"
    }
  } ],
  "current-context" : "internal"
}

Status Codes

Status Code	Description
200	The certificate of the specified cluster is successfully obtained. For details about the certificate file format, see the Kubernetes v1.Config structure.

Error Codes

See Error Codes.

Parent topic: Cluster Management

Last Article: Waking Up a Cluster

Next Article: Creating a Node

Did this article solve your problem?

Thank you for your score！Your feedback would help us improve the website.

Products

Compute

Application

Dedicated Cloud

Storage

Management & Deployment

Migration

Network

Enterprise Intelligence

Video

Database

Edge Cloud Services

DevCloud

Security

Cloud Communications

Internet of Things

Solutions

Industry-Specific Solutions

General-Purpose Solutions

Security

DevOps

Enterprise Intelligence

Essential Platform

Big Data

Visual Cognition

Speech and Semantics

Support

Help Center

Customer Services

Developers

Console

语言 - Language

中国站 - 简体中文

中国站 - English

International - 简体中文

International - English