yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
61a61f01a7c982ce5d95c3b081fdcd517e9ac862
doc-exports/docs/cce/api-ref/cce_02_0248.html
Dong, Qiu Jian 3336ba8df7 CCE API for v1.23 
Reviewed-by: gtema <artem.goncharov@gmail.com>
Co-authored-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
Co-committed-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
2022-11-10 12:48:59 +00:00

29 KiB
Raw Blame History

Obtaining Cluster Certificates

Function

This API is used to obtain certificates of a specified cluster in form of kubeconfig file.

URI

POST /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercert

Table 1 describes the parameters of this API.

Table 1 Description

Parameter

Mandatory

Description

project_id

Yes

Project ID. For details about how to obtain the project ID, see How to Obtain Parameters in the API URI.

cluster_id

Yes

Cluster ID. For details about how to obtain the cluster ID, see How to Obtain Parameters in the API URI.

Request

Request parameters:

Table 2 andTable 3 describes the request parameters.

Table 2 Parameters in the request header

Parameter

Mandatory

Description

Content-Type

Yes

Message body type (format). Possible values:

  • application/json;charset=utf-8
  • application/json

X-Auth-Token

Yes

Requests for calling an API can be authenticated using either a token or AK/SK. If token-based authentication is used, this parameter is mandatory and must be set to a user token. For details on how to obtain a user token, see API Usage Guidelines.
Table 3 Parameters in the request body

Parameter

Mandatory

Type

Description

duration

Yes

Integer

Period during which a cluster certificate is valid, in days.

Validity period of the cluster certificate, in days. A cluster certificate can be valid for 1 to 1,825 days. If this parameter is set to -1, the validity period is 1,825 days (about 5 years).

Minimum: 1

Maximum: 1825

Example request:

Applying for a cluster access certificate valid for 30 days

{ 
  "duration": 30
}

Response

Response parameters:

Table 4 describes the response parameters.

Table 4 Response parameters

Parameter

Type

Description

kind

String

API type. The value is fixed at Config and cannot be changed.

apiVersion

String

API version. The value is fixed at v1 and cannot be changed.

preferences

Object

This field is not used currently and is left unspecified by default.

clusters

Array of clusters objects

Cluster list.

users

Array of users objects

Certificate information and client key information of a specified user.

contexts

Array of contexts objects

Context list.

current-context

String

Current context. If publicIp (VM EIP) exists, the value is external. If publicIp does not exist, the value is internal.
Table 5 Data structure of the clusters field

Parameter

Type

Description

name

String

Cluster name.

  • If the publicIp parameter does not exist (that is, no EIP exists), there is only one cluster in the cluster list, and the value of this parameter is internalCluster.
  • If the publicIp parameter exists (that is, the EIP exists), there is more than one cluster in the cluster list, and the value of this parameter is externalCluster.

cluster

cluster object

Cluster information.
Table 6 Data structure of the cluster field

Parameter

Type

Description

server

String

Node IP address.

certificate-authority-data

String

Certificate authorization data.

insecure-skip-tls-verify

Boolean

Whether to skip the server certificate verification. If the cluster type is externalCluster, the value is true.
Table 7 Data structure of the users field

Parameter

Type

Description

name

String

The value is fixed to user.

user

user object

Stores the certificate information and ClientKey information of a specified user.
Table 8 Data structure of the user field

Parameter

Type

Description

client-certificate-data

String

Client certificate.

client-key-data

String

Contains PEM encoding data from the TLS client key file.
Table 9 Data structure of the contexts field

Parameter

Type

Description

name

String

Context name.

  • If the publicIp parameter does not exist (that is, no EIP exists), there is only one cluster in the cluster list, and the value of this parameter is internal.
  • If the publicIp parameter exists (that is, the EIP exists), there is more than one cluster in the cluster list, and the value of this parameter is external.

context

context object

Context information.
Table 10 Data structure of the context field

Parameter

Type

Description

cluster

String

Cluster context.

user

String

User context.

Response example:

{
    "kind": "Config",
    "apiVersion": "v1",
    "preferences": {},
    "clusters": [
        {
            "name": "internalCluster",
            "cluster": {
                "server": "https://192.168.1.7:5443",
                "certificate-authority-data": ""
            }
        }
    ],
    "users": [
        {
            "name": "user",
            "user": {
                "client-certificate-data": "",
                "client-key-data": ""
            }
        }
    ],
    "contexts": [
        {
            "name": "internal",
            "context": {
                "cluster": "internalCluster",
                "user": "user"
            }
        }
    ],
    "current-context": "internal"
}

Status Code

Table 11 describes the status code of this API.

Table 11 Status code

Status Code

Description

200

Certificates of the specified cluster are successfully obtained.

For details about error status codes, see Status Code.

Parent topic: Cluster Management