:original_name: cce_02_0248.html
.. _cce_02_0248:
Obtaining Cluster Certificates
==============================
Function
--------
This API is used to obtain certificates of a specified cluster in form of kubeconfig file.
URI
---
POST /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercert
:ref:`Table 1 ` describes the parameters of this API.
.. _cce_02_0248__table2027961241820:
.. table:: **Table 1** Description
+------------+-----------+-------------------------------------------------------------------------------------------------------------------------------+
| Parameter | Mandatory | Description |
+============+===========+===============================================================================================================================+
| project_id | Yes | Project ID. For details about how to obtain the project ID, see :ref:`How to Obtain Parameters in the API URI `. |
+------------+-----------+-------------------------------------------------------------------------------------------------------------------------------+
| cluster_id | Yes | Cluster ID. For details about how to obtain the cluster ID, see :ref:`How to Obtain Parameters in the API URI `. |
+------------+-----------+-------------------------------------------------------------------------------------------------------------------------------+
Request
-------
**Request parameters**:
:ref:`Table 2 ` and\ :ref:`Table 3 ` describes the request parameters.
.. _cce_02_0248__table538113720514:
.. table:: **Table 2** Parameters in the request header
+-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Parameter | Mandatory | Description |
+=======================+=======================+===============================================================================================================================================================================================================================================================================+
| Content-Type | Yes | Message body type (format). Possible values: |
| | | |
| | | - application/json;charset=utf-8 |
| | | - application/json |
+-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| X-Auth-Token | Yes | Requests for calling an API can be authenticated using either a token or AK/SK. If token-based authentication is used, this parameter is mandatory and must be set to a user token. For details on how to obtain a user token, see :ref:`API Usage Guidelines `. |
+-----------------------+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
.. _cce_02_0248__table34052983203655:
.. table:: **Table 3** Parameters in the request body
+-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Parameter | Mandatory | Type | Description |
+=================+=================+=================+=====================================================================================================================================================================================================+
| duration | Yes | Integer | Period during which a cluster certificate is valid, in days. |
| | | | |
| | | | Validity period of the cluster certificate, in days. A cluster certificate can be valid for 1 to 1,825 days. If this parameter is set to **-1**, the validity period is 1,825 days (about 5 years). |
| | | | |
| | | | Minimum: 1 |
| | | | |
| | | | Maximum: 1825 |
+-----------------+-----------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
**Example request**:
Applying for a cluster access certificate valid for 30 days
.. code-block::
{
"duration": 30
}
Response
--------
**Response parameters**:
:ref:`Table 4 ` describes the response parameters.
.. _cce_02_0248__table10794441185312:
.. table:: **Table 4** Response parameters
+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+
| Parameter | Type | Description |
+=================+=================================================================+=========================================================================================================================================+
| kind | String | API type. The value is fixed at **Config** and cannot be changed. |
+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+
| apiVersion | String | API version. The value is fixed at **v1** and cannot be changed. |
+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+
| preferences | Object | This field is not used currently and is left unspecified by default. |
+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+
| clusters | Array of :ref:`clusters ` objects | Cluster list. |
+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+
| users | Array of :ref:`users ` objects | Certificate information and client key information of a specified user. |
+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+
| contexts | Array of :ref:`contexts ` objects | Context list. |
+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+
| current-context | String | Current context. If **publicIp** (VM EIP) exists, the value is **external**. If **publicIp** does not exist, the value is **internal**. |
+-----------------+-----------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------+
.. _cce_02_0248__table2157957598:
.. table:: **Table 5** Data structure of the **clusters** field
+-----------------------+--------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Parameter | Type | Description |
+=======================+========================================================+==================================================================================================================================================================================+
| name | String | Cluster name. |
| | | |
| | | - If the **publicIp** parameter does not exist (that is, no EIP exists), there is only one cluster in the cluster list, and the value of this parameter is **internalCluster**. |
| | | - If the **publicIp** parameter exists (that is, the EIP exists), there is more than one cluster in the cluster list, and the value of this parameter is **externalCluster**. |
+-----------------------+--------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| cluster | :ref:`cluster ` object | Cluster information. |
+-----------------------+--------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
.. _cce_02_0248__table519211353218:
.. table:: **Table 6** Data structure of the **cluster** field
+----------------------------+---------+-------------------------------------------------------------------------------------------------------------------------+
| Parameter | Type | Description |
+============================+=========+=========================================================================================================================+
| server | String | Node IP address. |
+----------------------------+---------+-------------------------------------------------------------------------------------------------------------------------+
| certificate-authority-data | String | Certificate authorization data. |
+----------------------------+---------+-------------------------------------------------------------------------------------------------------------------------+
| insecure-skip-tls-verify | Boolean | Whether to skip the server certificate verification. If the cluster type is **externalCluster**, the value is **true**. |
+----------------------------+---------+-------------------------------------------------------------------------------------------------------------------------+
.. _cce_02_0248__table7846125310316:
.. table:: **Table 7** Data structure of the **users** field
+-----------+-----------------------------------------------------+-----------------------------------------------------------------------------------+
| Parameter | Type | Description |
+===========+=====================================================+===================================================================================+
| name | String | The value is fixed to **user**. |
+-----------+-----------------------------------------------------+-----------------------------------------------------------------------------------+
| user | :ref:`user ` object | Stores the certificate information and ClientKey information of a specified user. |
+-----------+-----------------------------------------------------+-----------------------------------------------------------------------------------+
.. _cce_02_0248__table205311581434:
.. table:: **Table 8** Data structure of the **user** field
+-------------------------+--------+----------------------------------------------------------+
| Parameter | Type | Description |
+=========================+========+==========================================================+
| client-certificate-data | String | Client certificate. |
+-------------------------+--------+----------------------------------------------------------+
| client-key-data | String | Contains PEM encoding data from the TLS client key file. |
+-------------------------+--------+----------------------------------------------------------+
.. _cce_02_0248__table1653965354:
.. table:: **Table 9** Data structure of the **contexts** field
+-----------------------+-------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Parameter | Type | Description |
+=======================+=======================================================+===========================================================================================================================================================================+
| name | String | Context name. |
| | | |
| | | - If the **publicIp** parameter does not exist (that is, no EIP exists), there is only one cluster in the cluster list, and the value of this parameter is **internal**. |
| | | - If the **publicIp** parameter exists (that is, the EIP exists), there is more than one cluster in the cluster list, and the value of this parameter is **external**. |
+-----------------------+-------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| context | :ref:`context ` object | Context information. |
+-----------------------+-------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
.. _cce_02_0248__table47913919518:
.. table:: **Table 10** Data structure of the **context** field
========= ====== ================
Parameter Type Description
========= ====== ================
cluster String Cluster context.
user String User context.
========= ====== ================
**Response example**:
.. code-block::
{
"kind": "Config",
"apiVersion": "v1",
"preferences": {},
"clusters": [
{
"name": "internalCluster",
"cluster": {
"server": "https://192.168.1.7:5443",
"certificate-authority-data": ""
}
}
],
"users": [
{
"name": "user",
"user": {
"client-certificate-data": "",
"client-key-data": ""
}
}
],
"contexts": [
{
"name": "internal",
"context": {
"cluster": "internalCluster",
"user": "user"
}
}
],
"current-context": "internal"
}
Status Code
-----------
:ref:`Table 11 ` describes the status code of this API.
.. _cce_02_0248__en-us_topic_0079614900_table46761928:
.. table:: **Table 11** Status code
+-------------+------------------------------------------------------------------+
| Status Code | Description |
+=============+==================================================================+
| 200 | Certificates of the specified cluster are successfully obtained. |
+-------------+------------------------------------------------------------------+
For details about error status codes, see :ref:`Status Code `.