Obtaining a Cluster Certificate
Function
This API is used to obtain a certificate of a specified cluster.
Constraints
This API is applicable to clusters of v1.13 and later.
Calling Method
For details, see Calling APIs.
URI
POST /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercert
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Details: Project ID. For details about how to obtain the value, see How to Obtain Parameters in the API URI. Constraints: None Options: Project IDs of the account Default value: N/A |
cluster_id |
Yes |
String |
Details: Cluster ID. For details about how to obtain the value, see How to Obtain Parameters in the API URI. Constraints: None Options: Cluster IDs Default value: N/A |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
Content-Type |
Yes |
String |
Details: The request body type or format Constraints: The GET method is not verified. Options:
Default value: N/A |
X-Auth-Token |
Yes |
String |
Details: Requests for calling an API can be authenticated using either a token or AK/SK. If token-based authentication is used, this parameter is mandatory and must be set to a user token. For details, see Obtaining a User Token. Constraints: None Options: N/A Default value: N/A |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
duration |
Yes |
Integer |
Definition How long a cluster certificate is valid Constraints N/A Range -1 or 1 to 1827
NOTE:
Default Value N/A |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
Port-ID |
String |
Definition Port ID of the cluster control plane node Constraints N/A Range N/A Default Value N/A |
Parameter |
Type |
Description |
---|---|---|
kind |
String |
Definition API type Constraints The value cannot be changed. Range N/A Default Value Config |
apiVersion |
String |
Definition API version Constraints The value cannot be changed. Range N/A Default Value v1 |
preferences |
Object |
Definition This field is not in use. Constraints N/A Range N/A Default Value Empty |
clusters |
Array of Clusters objects |
Definition Cluster list Constraints N/A |
users |
Array of Users objects |
Definition Certificate information and client key information of a specified user Constraints N/A |
contexts |
Array of Contexts objects |
Definition Context list Constraints N/A |
current-context |
String |
Definition Current context Constraints N/A Range
Default Value
|
Parameter |
Type |
Description |
---|---|---|
name |
String |
Definition Cluster name Constraints N/A Range
Default Value
|
cluster |
ClusterCert object |
Definition Cluster information Constraints N/A |
Parameter |
Type |
Description |
---|---|---|
server |
String |
Definition Server address Constraints N/A Range N/A Default Value N/A |
certificate-authority-data |
String |
Definition Certificate authorization data Constraints N/A Range N/A Default Value N/A |
insecure-skip-tls-verify |
Boolean |
Definition Whether to skip server certificate verification Constraints N/A Range
Default Value If the cluster type is externalCluster, the value is true. |
Parameter |
Type |
Description |
---|---|---|
name |
String |
Definition Name Constraints N/A Range N/A Default Value user |
user |
User object |
Definition Certificate information and client key information of a specified user Constraints N/A |
Parameter |
Type |
Description |
---|---|---|
client-certificate-data |
String |
Definition Client certificate Constraints N/A Range N/A Default Value N/A |
client-key-data |
String |
Definition PEM encoding data from the TLS client key file Constraints N/A Range N/A Default Value N/A |
Parameter |
Type |
Description |
---|---|---|
name |
String |
Definition Context name Constraints N/A Range
Default Value
|
context |
Context object |
Definition Context Constraints N/A |
Example Requests
Applying for a cluster access certificate valid for 30 days
{ "duration" : 30 }
Example Responses
Status code: 200
The certificate of the specified cluster is successfully obtained. For details about the certificate file format, see the Kubernetes v1.Config structure.
{ "kind" : "Config", "apiVersion" : "v1", "preferences" : { }, "clusters" : [ { "name" : "internalCluster", "cluster" : { "server" : "https://192.168.1.7:5443", "certificate-authority-data" : "Q2VydGlmaWNhdGU6******FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" } } ], "users" : [ { "name" : "user", "user" : { "client-certificate-data" : "LS0tLS1CRUdJTiBDR******QVRFLS0tLS0K", "client-key-data" : "LS0tLS1CRUdJTi******BLRVktLS0tLQo=" } } ], "contexts" : [ { "name" : "internal", "context" : { "cluster" : "internalCluster", "user" : "user" } } ], "current-context" : "internal" }
SDK Sample Code
The SDK sample code is as follows.
Applying for a cluster access certificate valid for 30 days
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.cce.v3.region.CceRegion; import com.huaweicloud.sdk.cce.v3.*; import com.huaweicloud.sdk.cce.v3.model.*; public class CreateKubernetesClusterCertSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); CceClient client = CceClient.newBuilder() .withCredential(auth) .withRegion(CceRegion.valueOf("<YOUR REGION>")) .build(); CreateKubernetesClusterCertRequest request = new CreateKubernetesClusterCertRequest(); request.withClusterId("{cluster_id}"); CertDuration body = new CertDuration(); body.withDuration(30); request.withBody(body); try { CreateKubernetesClusterCertResponse response = client.createKubernetesClusterCert(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
Applying for a cluster access certificate valid for 30 days
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkcce.v3.region.cce_region import CceRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkcce.v3 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = CceClient.new_builder() \ .with_credentials(credentials) \ .with_region(CceRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateKubernetesClusterCertRequest() request.cluster_id = "{cluster_id}" request.body = CertDuration( duration=30 ) response = client.create_kubernetes_cluster_cert(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
Applying for a cluster access certificate valid for 30 days
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" cce "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cce/v3" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cce/v3/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cce/v3/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := cce.NewCceClient( cce.CceClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.CreateKubernetesClusterCertRequest{} request.ClusterId = "{cluster_id}" request.Body = &model.CertDuration{ Duration: int32(30), } response, err := client.CreateKubernetesClusterCert(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
Status Code |
Description |
---|---|
200 |
The certificate of the specified cluster is successfully obtained. For details about the certificate file format, see the Kubernetes v1.Config structure. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot