A200161411/cloud-container-engine
1
0
Fork 0
forked from docs/cloud-container-engine
Code Pull Requests Activity
cloud-container-engine/api-ref/source/apis/cluster_management/obtaining_cluster_certificates.rst
proposalbot 2490522af3 Changes to cce_api-ref from docs/doc-exports#318 (CCE API for v1.23 
CCE API for

Reviewed-by: gtema <artem.goncharov@gmail.com>
Co-authored-by: proposalbot <proposalbot@otc-service.com>
Co-committed-by: proposalbot <proposalbot@otc-service.com>
2022-11-10 10:54:32 +00:00

23 KiB
Raw Blame History

original_name

cce_02_0248.html

Obtaining Cluster Certificates

Function

This API is used to obtain certificates of a specified cluster in form of kubeconfig file.

URI

POST /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercert

Table 1 <cce_02_0248__table2027961241820> describes the parameters of this API.

Table 1 Description
Parameter Mandatory Description
project_id Yes Project ID. For details about how to obtain the project ID, see How to Obtain Parameters in the API URI <cce_02_0271>.
cluster_id Yes Cluster ID. For details about how to obtain the cluster ID, see How to Obtain Parameters in the API URI <cce_02_0271>.

Request

Request parameters:

Table 2 <cce_02_0248__table538113720514> andTable 3 <cce_02_0248__table34052983203655> describes the request parameters.

Table 2 Parameters in the request header
Parameter Mandatory Description
Content-Type Yes

Message body type (format). Possible values:

  • application/json;charset=utf-8
  • application/json
X-Auth-Token Yes Requests for calling an API can be authenticated using either a token or AK/SK. If token-based authentication is used, this parameter is mandatory and must be set to a user token. For details on how to obtain a user token, see API Usage Guidelines <cce_02_0344>.
Table 3 Parameters in the request body
Parameter Mandatory Type Description
duration Yes Integer

Period during which a cluster certificate is valid, in days.

Validity period of the cluster certificate, in days. A cluster certificate can be valid for 1 to 1,825 days. If this parameter is set to -1, the validity period is 1,825 days (about 5 years).

Minimum: 1

Maximum: 1825

Example request:

Applying for a cluster access certificate valid for 30 days

{
  "duration": 30
}

Response

Response parameters:

Table 4 <cce_02_0248__table10794441185312> describes the response parameters.

Table 4 Response parameters
Parameter Type Description
kind String API type. The value is fixed at Config and cannot be changed.
apiVersion String API version. The value is fixed at v1 and cannot be changed.
preferences Object This field is not used currently and is left unspecified by default.
clusters Array of clusters <cce_02_0248__table2157957598> objects Cluster list.
users Array of users <cce_02_0248__table7846125310316> objects Certificate information and client key information of a specified user.
contexts Array of contexts <cce_02_0248__table1653965354> objects Context list.
current-context String Current context. If publicIp (VM EIP) exists, the value is external. If publicIp does not exist, the value is internal.
Table 5 Data structure of the clusters field
Parameter Type Description
name String

Cluster name.

  • If the publicIp parameter does not exist (that is, no EIP exists), there is only one cluster in the cluster list, and the value of this parameter is internalCluster.
  • If the publicIp parameter exists (that is, the EIP exists), there is more than one cluster in the cluster list, and the value of this parameter is externalCluster.
cluster cluster <cce_02_0248__table519211353218> object Cluster information.
Table 6 Data structure of the cluster field
Parameter Type Description
server String Node IP address.
certificate-authority-data String Certificate authorization data.
insecure-skip-tls-verify Boolean Whether to skip the server certificate verification. If the cluster type is externalCluster, the value is true.
Table 7 Data structure of the users field
Parameter Type Description
name String The value is fixed to user.
user user <cce_02_0248__table205311581434> object Stores the certificate information and ClientKey information of a specified user.
Table 8 Data structure of the user field
Parameter Type Description
client-certificate-data String Client certificate.
client-key-data String Contains PEM encoding data from the TLS client key file.
Table 9 Data structure of the contexts field
Parameter Type Description
name String

Context name.

  • If the publicIp parameter does not exist (that is, no EIP exists), there is only one cluster in the cluster list, and the value of this parameter is internal.
  • If the publicIp parameter exists (that is, the EIP exists), there is more than one cluster in the cluster list, and the value of this parameter is external.
context context <cce_02_0248__table47913919518> object Context information.
Table 10 Data structure of the context field
Parameter Type Description
cluster String Cluster context.
user String User context.

Response example:

{
    "kind": "Config",
    "apiVersion": "v1",
    "preferences": {},
    "clusters": [
        {
            "name": "internalCluster",
            "cluster": {
                "server": "https://192.168.1.7:5443",
                "certificate-authority-data": ""
            }
        }
    ],
    "users": [
        {
            "name": "user",
            "user": {
                "client-certificate-data": "",
                "client-key-data": ""
            }
        }
    ],
    "contexts": [
        {
            "name": "internal",
            "context": {
                "cluster": "internalCluster",
                "user": "user"
            }
        }
    ],
    "current-context": "internal"
}

Status Code

Table 11 <cce_02_0248__en-us_topic_0079614900_table46761928> describes the status code of this API.

Table 11 Status code
Status Code Description
200 Certificates of the specified cluster are successfully obtained.

For details about error status codes, see Status Code <cce_02_0084>.