Obtaining a Cluster Certificate
Function
This API is used to obtain a certificate of a specified cluster.
Constraints
This API is applicable to clusters of v1.13 and later.
Calling Method
For details, see Calling APIs.
URI
POST /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercert
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Project ID. For details about how to obtain the value, see How to Obtain Parameters in the API URI. |
cluster_id |
Yes |
String |
Cluster ID. For details about how to obtain the value, see How to Obtain Parameters in the API URI. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Content-Type |
Yes |
String |
Message body type (format). |
X-Auth-Token |
Yes |
String |
Requests for calling an API can be authenticated using either a token or AK/SK. If token-based authentication is used, this parameter is mandatory and must be set to a user token. For details, see Obtaining a User Token. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
duration |
Yes |
Integer |
Validity period of the cluster certificate. The minimum value is 1 day and the maximum value is 5 years. Therefore, the value ranges from 1 to 1827. (The unit is day. The actual limit depends on the number of leap years in the five years. For example, if there is a leap year in the five years, the upper limit is 1826 days.) If this parameter is set to -1, the maximum value is 5 years. |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
Port-ID |
String |
Port ID of the cluster master node |
Parameter |
Type |
Description |
---|---|---|
kind |
String |
API type. The value is fixed at Config and cannot be changed. |
apiVersion |
String |
API version. The value is fixed at v1. |
preferences |
Object |
This field is not used currently and is left unspecified by default. |
clusters |
Array of Clusters objects |
Cluster list |
users |
Array of Users objects |
Certificate information and client key information of a specified user |
contexts |
Array of Contexts objects |
Context list |
current-context |
String |
Current context. If publicIp (VM EIP) exists, the value is external. If publicIp does not exist, the value is internal. |
Parameter |
Type |
Description |
---|---|---|
name |
String |
Cluster name.
|
cluster |
ClusterCert object |
Cluster information |
Parameter |
Type |
Description |
---|---|---|
server |
String |
Server IP address |
certificate-authority-data |
String |
Certificate authorization data |
insecure-skip-tls-verify |
Boolean |
Whether to skip the server certificate verification. If the cluster type is externalCluster, the value is true. |
Parameter |
Type |
Description |
---|---|---|
name |
String |
The value is fixed at user. |
user |
User object |
Certificate information and client key information of a specified user |
Parameter |
Type |
Description |
---|---|---|
client-certificate-data |
String |
Client certificate |
client-key-data |
String |
PEM encoding data from the TLS client key file |
Parameter |
Type |
Description |
---|---|---|
name |
String |
Context name.
|
context |
Context object |
Context information |
Example Requests
Applying for a cluster access certificate valid for 30 days
{ "duration" : 30 }
Example Responses
Status code: 200
The certificate of the specified cluster is successfully obtained. For details about the certificate file format, see the Kubernetes v1.Config structure.
{ "kind" : "Config", "apiVersion" : "v1", "preferences" : { }, "clusters" : [ { "name" : "internalCluster", "cluster" : { "server" : "https://192.168.1.7:5443", "certificate-authority-data" : "Q2VydGlmaWNhdGU6******FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" } } ], "users" : [ { "name" : "user", "user" : { "client-certificate-data" : "LS0tLS1CRUdJTiBDR******QVRFLS0tLS0K", "client-key-data" : "LS0tLS1CRUdJTi******BLRVktLS0tLQo=" } } ], "contexts" : [ { "name" : "internal", "context" : { "cluster" : "internalCluster", "user" : "user" } } ], "current-context" : "internal" }
SDK Sample Code
The SDK sample code is as follows.
Applying for a cluster access certificate valid for 30 days
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.cce.v3.region.CceRegion; import com.huaweicloud.sdk.cce.v3.*; import com.huaweicloud.sdk.cce.v3.model.*; public class CreateKubernetesClusterCertSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); CceClient client = CceClient.newBuilder() .withCredential(auth) .withRegion(CceRegion.valueOf("<YOUR REGION>")) .build(); CreateKubernetesClusterCertRequest request = new CreateKubernetesClusterCertRequest(); request.withClusterId("{cluster_id}"); CertDuration body = new CertDuration(); body.withDuration(30); request.withBody(body); try { CreateKubernetesClusterCertResponse response = client.createKubernetesClusterCert(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
Applying for a cluster access certificate valid for 30 days
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkcce.v3.region.cce_region import CceRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkcce.v3 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = CceClient.new_builder() \ .with_credentials(credentials) \ .with_region(CceRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateKubernetesClusterCertRequest() request.cluster_id = "{cluster_id}" request.body = CertDuration( duration=30 ) response = client.create_kubernetes_cluster_cert(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
Applying for a cluster access certificate valid for 30 days
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" cce "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cce/v3" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cce/v3/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cce/v3/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := cce.NewCceClient( cce.CceClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.CreateKubernetesClusterCertRequest{} request.ClusterId = "{cluster_id}" request.Body = &model.CertDuration{ Duration: int32(30), } response, err := client.CreateKubernetesClusterCert(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
Status Code |
Description |
---|---|
200 |
The certificate of the specified cluster is successfully obtained. For details about the certificate file format, see the Kubernetes v1.Config structure. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot