Updated on 2025-05-30 GMT+08:00

ccictl Configuration Guide

CCI allows you to use ccictl to create resources such as workloads.

Downloading ccictl

Download ccictl of the required version from Table 1.

Table 1 ccictl download addresses

OS

Download Addresses

Linux AMD 64-bit

ccictl_linux-amd64

ccictl_linux-amd64_sha256

MAC AMD 64-bit

ccictl_mac-amd64

ccictl_mac-amd64_sha256

MAC Arm 64-bit

ccictl_mac-arm64

ccictl_mac-arm64_sha256

Installing and Configuring ccictl

A Linux OS is used as an example in the following operations.

  1. Grant the execute permission on ccictl downloaded in Downloading ccictl and save it to the PATH directory.

    #chmod +x ./ccictl
    #mv ./ccictl $PATH

    In this command, $PATH indicates the PATH directory (for example, /usr/local/bin). Replace it with the actual value.

    You can run the following command to view the ccictl version:

    #ccictl version
    #Client Version: version.Info{GitVersion:"v0.0.2", GitCommit:"996a2efcd852473dde345ae2931833342cab1d96", BuildDate:"2025-03-24T00:32:05Z", GoVersion:"go1.19.6", Compiler:"gc", Platform:"linux/amd64"} 

  2. Configure IAM authentication information and persistently store it to the local host.

    1. Specify a CCI cluster.
      ccictl config set-cluster <$context-cluster-name> --server=https://<$cci-endpoint>
      • $context-cluster-name: cluster name. You can use any custom name.
      • $cci-endpoint: CCI endpoint. Endpoints vary depending on regions. For details, see Obtaining CCI Endpoints.

      Example:

      #ccictl config set-cluster cci-cluster --server=https://cci.cn-north-4.myhuaweicloud.com
      #Cluster "cci-cluster" set. 
    2. Set the user credential used by ccictl.
      ccictl config set-credentials <$user> --auth-provider=iam --auth-provider-arg=iam-endpoint=https://<$iam-endpoint> --auth-provider-arg=cache="true" --auth-provider-arg=project-name=<$project-name> --auth-provider-arg=user-name=<$user-name> --auth-provider-arg=domain-name=<$domain-name> --auth-provider-arg=password=<$password>

      Or

      ccictl config set-credentials <$user> --auth-provider=iam --auth-provider-arg=iam-endpoint=https://<$iam-endpoint> --auth-provider-arg=cache="true" --auth-provider-arg=project-name=<$project-name> --auth-provider-arg=ak=<$ak> --auth-provider-arg=sk=<$sk>
      Table 2 Username and password

      Command Flag

      Description

      domain-name

      Tenant name, which is the account name.

      user-name

      IAM username.

      password

      Password of the account or IAM user.

      Table 3 AK/SK

      Command Flag

      Description

      ak

      For details about how to obtain the AK and SK, see Obtaining an AK/SK. AK is the access key in the file, and SK is the secret key in the file.

      sk

      Table 4 Common settings

      Command Flag

      Description

      context-user-name

      Username, which is the configured context username and can be specified.

      iam-endpoint

      IAM endpoint. This parameter is mandatory. For details, see Regions and Endpoints.

      project-name

      Project name. For details, see Obtain a Project ID from the Console.

      cache

      Whether to cache the IAM token to the local host to improve the access performance. The default value is true.

      CAUTION:

      In an insecure environment, you are advised to disable this option.

      Example:

      #ccictl config set-credentials cci-user --auth-provider=iam --auth-provider-arg=iam-endpoint=https://iam.cn-north-4.myhuaweicloud.com --auth-provider-arg=cache="true" --auth-provider-arg=project-name=cn-north-4 --auth-provider-arg=ak=ak****** --auth-provider-arg=sk=sk******
      #User "cci-user" set. 
    3. Set and use the context of ccictl.
      ccictl config set-context <$context-name> --cluster=<$context-cluster-name> --user=<$context-user-name>
    • $context-name: context name. You can use any custom name.
    • $context-cluster-name: cluster name configured in the preceding steps
    • $context-user-name: username configured in the preceding steps

    Example:

    #ccictl config set-context cci-context1 --cluster=cci-cluster --user=cci-user
    #Context "cci-context1" created. 

    Context of using ccictl

    ccictl config use-context  <$context-name> 

    Example:

    #ccictl config use-context cci-context1
    #Switched to context "cci-context1".

  3. After the configuration is complete, you can run ccictl commands to perform operations on CCI resources.

    For example, run the ccictl get namespace command to view namespace resources.

    #ccictl get namespace
    #No resources found.

Configuring ccictl in an Insecure Environment

  1. Install and configure ccictl.
  2. Edit the config file and delete sensitive information.

    In a Linux OS, the config file is stored in $HOME/.kubev2/config by default.
    Table 5 Sensitive information

    Command Flag

    Environment Value

    Description

    --domain-name

    DOMAIN_NAME

    Tenant name

    --user-name

    USER_NAME

    Sub-user name

    --password

    PASSWORD

    User password

    --ak

    ACCESS_KEY_ID

    Access key ID

    --sk

    SECRET_ACCESS_KEY

    Secret access key

    --cache

    CREDENTIAL_CACHE

    Whether to cache tokens

  3. Configure the environment variables corresponding to the deleted parameters. For example, configure AK, SK, and whether to cache tokens.

    #export ACCESS_KEY_ID=xxxxxxx
    #export SECRET_ACCESS_KEY=xxxxxxx
    #export CREDENTIAL_CACHE=false
    #ccictl get ns

    After the preceding commands are executed, information similar to the following is displayed:

    #No resources found.

Obtaining an AK/SK

AK: access key ID. It is a unique ID associated with an SK. AK is used together with SK to sign requests.

SK: secret access key. It is used together with an AK to sign requests. They can identify request senders and prevent requests from being modified.

  1. Log in to the management console.
  2. Hover over the username and choose My Credentials from the drop-down list.
  3. Choose Access Keys from the navigation pane.
  4. Click Create Access Key, and enter the verification code.
  5. Click OK to generate an access key and download it.

    Keep the AK/SK file confidential to prevent information leakage.

Obtaining CCI Endpoints

An endpoint is the request address for calling an API. Endpoints vary with services and regions. An endpoint can be obtained from Regions and Endpoints.

Select an endpoint based on your service requirements.
Table 6 Regions and endpoints

Region Name

Region

Endpoint

TR-Istanbul

tr-west-1

cci.tr-west-1.myhuaweicloud.com

AF-Johannesburg

af-south-1

cci.af-south-1.myhuaweicloud.com

AP-Singapore

ap-southeast-3

cci.ap-southeast-3.myhuaweicloud.com

ME-Riyadh

me-east-1

cci.me-east-1.myhuaweicloud.com

LA-Mexico City2

la-north-2

cci.la-north-2.myhuaweicloud.com

LA-Sao Paulo1

sa-brazil-1

cci.sa-brazil-1.myhuaweicloud.com

LA-Santiago

la-south-2

cci.la-south-2.myhuaweicloud.com

Obtain a Project ID from the Console

To obtain a project ID from the console, perform the following operations:
  1. Log in to the management console.
  2. Click the username and select My Credentials from the drop-down list.

    On the API Credentials page, view the project ID in the project list.

Figure 1 Viewing the project ID