Obtaining a Cluster Certificate
Function
This API is used to obtain a certificate of a specified cluster.
Constraints
This API is applicable to clusters of v1.13 and later.
URI
POST /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercert
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Project ID. For details about how to obtain the value, see How to Obtain Parameters in the API URI. |
cluster_id |
Yes |
String |
Cluster ID. For details about how to obtain the value, see How to Obtain Parameters in the API URI. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Content-Type |
Yes |
String |
Message body type (format). |
X-Auth-Token |
Yes |
String |
Requests for calling an API can be authenticated using either a token or AK/SK. If token-based authentication is used, this parameter is mandatory and must be set to a user token. For details, see Obtaining a User Token. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
duration |
Yes |
Integer |
Validity period of the cluster certificate. The minimum value is 1 day and the maximum value is 5 years. Therefore, the value ranges from 1 to 1827. (The unit is day. The actual limit depends on the number of leap years in the five years. For example, if there is a leap year in the five years, the upper limit is 1826 days.) If this parameter is set to -1, the maximum value is 5 years. |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
Port-ID |
String |
Port ID of the cluster master node |
Parameter |
Type |
Description |
---|---|---|
kind |
String |
API type. The value is fixed at Config and cannot be changed. |
apiVersion |
String |
API version. The value is fixed at v1. |
preferences |
Object |
This field is not used currently and is left unspecified by default. |
clusters |
Array of Clusters objects |
Cluster list |
users |
Array of Users objects |
Certificate information and client key information of a specified user |
contexts |
Array of Contexts objects |
Context list |
current-context |
String |
Current context. If publicIp (VM EIP) exists, the value is external. If publicIp does not exist, the value is internal. |
Parameter |
Type |
Description |
---|---|---|
name |
String |
Cluster name.
|
cluster |
ClusterCert object |
Cluster information |
Parameter |
Type |
Description |
---|---|---|
server |
String |
Server IP address |
certificate-authority-data |
String |
Certificate authorization data |
insecure-skip-tls-verify |
Boolean |
Whether to skip the server certificate verification. If the cluster type is externalCluster, the value is true. |
Parameter |
Type |
Description |
---|---|---|
name |
String |
The value is fixed at user. |
user |
User object |
Certificate information and client key information of a specified user |
Parameter |
Type |
Description |
---|---|---|
client-certificate-data |
String |
Client certificate |
client-key-data |
String |
PEM encoding data from the TLS client key file |
Parameter |
Type |
Description |
---|---|---|
name |
String |
Context name.
|
context |
Context object |
Context information |
Example Requests
Applying for a cluster access certificate valid for 30 days
{ "duration" : 30 }
Example Responses
Status code: 200
The certificate of the specified cluster is successfully obtained. For details about the certificate file format, see the Kubernetes v1.Config structure.
{ "kind" : "Config", "apiVersion" : "v1", "preferences" : { }, "clusters" : [ { "name" : "internalCluster", "cluster" : { "server" : "https://192.168.1.7:5443", "certificate-authority-data" : "Q2VydGlmaWNhdGU6******FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" } } ], "users" : [ { "name" : "user", "user" : { "client-certificate-data" : "LS0tLS1CRUdJTiBDR******QVRFLS0tLS0K", "client-key-data" : "LS0tLS1CRUdJTi******BLRVktLS0tLQo=" } } ], "contexts" : [ { "name" : "internal", "context" : { "cluster" : "internalCluster", "user" : "user" } } ], "current-context" : "internal" }
Status Codes
Status Code |
Description |
---|---|
200 |
The certificate of the specified cluster is successfully obtained. For details about the certificate file format, see the Kubernetes v1.Config structure. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.