Obtaining a Cluster Certificate

Function

This API is used to obtain a certificate of a specified cluster.

Constraints

This API is applicable to clusters of v1.13 and later.

URI

POST /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercert

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. For details about how to obtain the value, see How to Obtain Parameters in the API URI.
cluster_id	Yes	String	Cluster ID. For details about how to obtain the value, see How to Obtain Parameters in the API URI.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
Content-Type	Yes	String	Message body type (format).
X-Auth-Token	Yes	String	Requests for calling an API can be authenticated using either a token or AK/SK. If token-based authentication is used, this parameter is mandatory and must be set to a user token. For details, see Obtaining a User Token.

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
duration	Yes	Integer	Validity period of the cluster certificate. The minimum value is 1 day and the maximum value is 5 years. Therefore, the value ranges from 1 to 1827. (The unit is day. The actual limit depends on the number of leap years in the five years. For example, if there is a leap year in the five years, the upper limit is 1826 days.) If this parameter is set to -1, the maximum value is 5 years.

Response Parameters

Status code: 200

**Table 4** Response header parameters
Parameter	Type	Description
Port-ID	String	Port ID of the cluster master node

**Table 5** Response body parameters
Parameter	Type	Description
kind	String	API type. The value is fixed at Config and cannot be changed.
apiVersion	String	API version. The value is fixed at v1.
preferences	Object	This field is not used currently and is left unspecified by default.
clusters	Array of Clusters objects	Cluster list
users	Array of Users objects	Certificate information and client key information of a specified user
contexts	Array of Contexts objects	Context list
current-context	String	Current context. If publicIp (VM EIP) exists, the value is external. If publicIp does not exist, the value is internal.

**Table 6** Clusters
Parameter	Type	Description
name	String	Cluster name. If publicIp does not exist (that is, no VM EIP exists), there is only one cluster in the cluster list, and the value of this parameter is internalCluster. If publicIp exists (that is, the EIP exists), there are at least two clusters in the cluster list, and the value of this parameter is externalCluster.
cluster	ClusterCert object	Cluster information

**Table 7** ClusterCert
Parameter	Type	Description
server	String	Server IP address
certificate-authority-data	String	Certificate authorization data
insecure-skip-tls-verify	Boolean	Whether to skip the server certificate verification. If the cluster type is externalCluster, the value is true.

**Table 8** Users
Parameter	Type	Description
name	String	The value is fixed at user.
user	User object	Certificate information and client key information of a specified user

**Table 9** User
Parameter	Type	Description
client-certificate-data	String	Client certificate
client-key-data	String	PEM encoding data from the TLS client key file

**Table 10** Contexts
Parameter	Type	Description
name	String	Context name. If publicIp does not exist (that is, no VM EIP exists), there is only one cluster in the cluster list, and the value of this parameter is internal. If publicIp exists (that is, the EIP exists), there are at least two clusters in the cluster list, and the value of this field for all extension contexts is external.
context	Context object	Context information

**Table 11** Context
Parameter	Type	Description
cluster	String	Cluster context
user	String	User context

Example Requests

Applying for a cluster access certificate valid for 30 days

{
  "duration" : 30
}

Example Responses

Status code: 200

The certificate of the specified cluster is successfully obtained. For details about the certificate file format, see the Kubernetes v1.Config structure.

{
  "kind" : "Config",
  "apiVersion" : "v1",
  "preferences" : { },
  "clusters" : [ {
    "name" : "internalCluster",
    "cluster" : {
      "server" : "https://192.168.1.7:5443",
      "certificate-authority-data" : "Q2VydGlmaWNhdGU6******FTkQgQ0VSVElGSUNBVEUtLS0tLQo="
    }
  } ],
  "users" : [ {
    "name" : "user",
    "user" : {
      "client-certificate-data" : "LS0tLS1CRUdJTiBDR******QVRFLS0tLS0K",
      "client-key-data" : "LS0tLS1CRUdJTi******BLRVktLS0tLQo="
    }
  } ],
  "contexts" : [ {
    "name" : "internal",
    "context" : {
      "cluster" : "internalCluster",
      "user" : "user"
    }
  } ],
  "current-context" : "internal"
}

Status Codes

Status Code	Description
200	The certificate of the specified cluster is successfully obtained. For details about the certificate file format, see the Kubernetes v1.Config structure.

Error Codes

See Error Codes.

Parent topic:Cluster Management

Previous topic: Waking Up a Cluster

Next topic: Modifying Cluster Specifications

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.