Help Center> Cloud Container Engine> User Guide (Paris Regions)> Clusters> Connecting to a Cluster> Connecting to a Cluster Using an X.509 Certificate
Updated on 2024-01-26 GMT+08:00

Connecting to a Cluster Using an X.509 Certificate

Scenario

This section describes how to obtain the cluster certificate from the console and use it access Kubernetes clusters.

Procedure

  1. Log in to the CCE console and click the cluster name to access the cluster console.
  2. Choose Cluster Information from the navigation pane and click Download next to Certificate Authentication in the Connection Information area.
  3. In the Obtain Certificate dialog box displayed, select the certificate expiration time and download the X.509 certificate of the cluster as prompted.

    • The downloaded certificate contains three files: client.key, client.crt, and ca.crt. Keep these files secure.
    • Certificates are not required for mutual access between containers in a cluster.

  4. Call native Kubernetes APIs using the cluster certificate.

    For example, run the curl command to call an API to view the pod information. In the following information,192.168.***.***:5443 indicates the IP address of the API server in the cluster.

    curl --cacert ./ca.crt --cert ./client.crt --key ./client.key  https://192.168.***.***:5443/api/v1/namespaces/default/pods/

    For more cluster APIs, see Kubernetes APIs.