Obtaining a Cluster Certificate
Function
This API is used to obtain a certificate of a specified cluster.
Constraints
This API is applicable to clusters of v1.13 and later.
Calling Method
For details, see Calling APIs.
URI
POST /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercert
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Details: Project ID. For details about how to obtain the value, see How to Obtain Parameters in the API URI. Constraints: None Options: Project IDs of the account Default value: N/A |
|
cluster_id |
Yes |
String |
Details: Cluster ID. For details about how to obtain the value, see How to Obtain Parameters in the API URI. Constraints: None Options: Cluster IDs Default value: N/A |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
Content-Type |
Yes |
String |
Details: The request body type or format Constraints: The GET method is not verified. Options:
Default value: N/A |
|
X-Auth-Token |
Yes |
String |
Details: Requests for calling an API can be authenticated using either a token or AK/SK. If token-based authentication is used, this parameter is mandatory and must be set to a user token. For details, see Obtaining a User Token. Constraints: None Options: N/A Default value: N/A |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
duration |
No |
Integer |
Definition Validity period of a cluster certificate. Constraints Either duration or expire_at must be specified. If both parameters are specified, the expire_at parameter is used. Range The minimum value is 1 day, and the maximum value is 1827 days (5 years). If there is one leap year within the five-year period, the maximum value is 1826 days. If the value is -1, it indicates 5 years. Default Value N/A |
|
expire_at |
No |
String |
Definition Expiration time of a cluster certificate. Constraints Either duration or expire_at must be specified. If both parameters are specified, the expire_at parameter is used. Range The certificate expiration time must be 15 minutes to 5 years later than the current time. An example is 2025-01-01 16:00:00 +0000 UTC. Default Value N/A |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
Port-ID |
String |
Definition Port ID of the cluster control plane node Constraints N/A Range N/A Default Value N/A |
|
Parameter |
Type |
Description |
|---|---|---|
|
kind |
String |
Definition API type Constraints The value cannot be changed. Range N/A Default Value Config |
|
apiVersion |
String |
Definition API version Constraints The value cannot be changed. Range N/A Default Value v1 |
|
preferences |
Object |
Definition This field is not in use. Constraints N/A Range N/A Default Value Empty |
|
clusters |
Array of Clusters objects |
Definition Cluster list Constraints N/A |
|
users |
Array of Users objects |
Definition Certificate information and client key information of a specified user Constraints N/A |
|
contexts |
Array of Contexts objects |
Definition Context list Constraints N/A |
|
current-context |
String |
Definition Current context Constraints N/A Range
Default Value
|
|
Parameter |
Type |
Description |
|---|---|---|
|
name |
String |
Definition Cluster name Constraints N/A Range
Default Value
|
|
cluster |
ClusterCert object |
Definition Cluster information Constraints N/A |
|
Parameter |
Type |
Description |
|---|---|---|
|
server |
String |
Definition Server address Constraints N/A Range N/A Default Value N/A |
|
certificate-authority-data |
String |
Definition Certificate authorization data Constraints N/A Range N/A Default Value N/A |
|
insecure-skip-tls-verify |
Boolean |
Definition Whether to skip server certificate verification. Constraints N/A Range
Default Value If the cluster type is externalCluster, the value is true. |
|
Parameter |
Type |
Description |
|---|---|---|
|
name |
String |
Definition Name Constraints N/A Range N/A Default Value user |
|
user |
User object |
Definition Certificate information and client key information of a specified user Constraints N/A |
|
Parameter |
Type |
Description |
|---|---|---|
|
client-certificate-data |
String |
Definition Client certificate Constraints N/A Range N/A Default Value N/A |
|
client-key-data |
String |
Definition PEM encoding data from the TLS client key file Constraints N/A Range N/A Default Value N/A |
|
Parameter |
Type |
Description |
|---|---|---|
|
name |
String |
Definition Context name Constraints N/A Range
Default Value
|
|
context |
Context object |
Definition Context Constraints N/A |
Example Requests
Apply for a cluster access certificate that is valid until 16:00 (UTC) on January 1, 2025.
{
"expire_at" : "2025-01-01 16:00:00 +0000 UTC"
}
Example Responses
Status code: 200
The certificate of the specified cluster is successfully obtained. For details about the certificate file format, see the Kubernetes v1.Config structure.
{
"kind" : "Config",
"apiVersion" : "v1",
"preferences" : { },
"clusters" : [ {
"name" : "internalCluster",
"cluster" : {
"server" : "https://192.168.1.7:5443",
"certificate-authority-data" : "Q2VydGlmaWNhdGU6******FTkQgQ0VSVElGSUNBVEUtLS0tLQo="
}
} ],
"users" : [ {
"name" : "user",
"user" : {
"client-certificate-data" : "LS0tLS1CRUdJTiBDR******QVRFLS0tLS0K",
"client-key-data" : "LS0tLS1CRUdJTi******BLRVktLS0tLQo="
}
} ],
"contexts" : [ {
"name" : "internal",
"context" : {
"cluster" : "internalCluster",
"user" : "user"
}
} ],
"current-context" : "internal"
}
SDK Sample Code
The SDK sample code is as follows.
Apply for a cluster access certificate that is valid until 16:00 (UTC) on January 1, 2025.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.cce.v3.region.CceRegion; import com.huaweicloud.sdk.cce.v3.*; import com.huaweicloud.sdk.cce.v3.model.*; public class CreateKubernetesClusterCertSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); CceClient client = CceClient.newBuilder() .withCredential(auth) .withRegion(CceRegion.valueOf("<YOUR REGION>")) .build(); CreateKubernetesClusterCertRequest request = new CreateKubernetesClusterCertRequest(); request.withClusterId("{cluster_id}"); body.withCertDuration("{\"expire_at\":\"2025-01-01 16:00:00 +0000 UTC\"}"); request.withBody(listCertDurationCertDuration); try { CreateKubernetesClusterCertResponse response = client.createKubernetesClusterCert(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
Apply for a cluster access certificate that is valid until 16:00 (UTC) on January 1, 2025.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkcce.v3.region.cce_region import CceRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkcce.v3 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = CceClient.new_builder() \ .with_credentials(credentials) \ .with_region(CceRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateKubernetesClusterCertRequest() request.cluster_id = "{cluster_id}" request.body = listCertDurationCertDuration response = client.create_kubernetes_cluster_cert(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
Apply for a cluster access certificate that is valid until 16:00 (UTC) on January 1, 2025.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" cce "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cce/v3" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cce/v3/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cce/v3/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := cce.NewCceClient( cce.CceClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.CreateKubernetesClusterCertRequest{} request.ClusterId = "{cluster_id}" var certDurationCertDuration interface{} = "{\"expire_at\":\"2025-01-01 16:00:00 +0000 UTC\"}" request.Body = listCertDurationCertDuration response, err := client.CreateKubernetesClusterCert(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
The certificate of the specified cluster is successfully obtained. For details about the certificate file format, see the Kubernetes v1.Config structure. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
