Obtain Credentials

Objective

This guide provides instructions on how to obtain credential information related to Volterra services from the VoltConsole.

The following types of files can be generated and downloaded from VoltConsole:

  • API Tokens - The tokens are used in site deployment and also for the authorization in the API requests.
  • X.509 Certificates - These certificates are used in API requests.
  • Kubeconfig - These are the kubeconfigs for deploying your applications using Volterra vK8s.

Using the instructions provided in this guide, you can create various types of credentials and download them.


Prerequisites

The following prerequisites apply:


Generate API Certificate

Step 1: Log into the VoltConsole using your tenant credentials and select IAM in the left configuration menu in the system namespace. Select My Credentials in the options and click Create credentials.

create cred
Figure: Create Credentials

Step 2: Enter a name for your certificate and select API Certificate for the Credential type field.

Step 3: Enter a password and repeat for confirmation.

Step 4: Optionally, select a date of expiry for the Expiry Date field. Click Download to download the certificate in the .p12 file format.

api cert
Figure: Create API Certificate

Note: The default expiry for the certificate is 10 days.

After generating, you can use it in API request. The following is a sample API request to delete a namespace.

curl -k  -X POST --cert-type P12 --cert ~/Downloads/<api-creds>.p12:<password> https://tenant>.console.ves.volterra.io/api/web/namespaces/<namespace>/cascade_delete -v

Note: It is recommended to specify the full path to certificate.


Generate Kubeconfig

Step 1: Log into the VoltConsole using your tenant credentials and select IAM in the left configuration menu in the system namespace. Select My Credentials in the options and click Create credentials.

create cred
Figure: Create Credentials

Step 2: Enter a name for your Kubeconfig file and select Kubeconfig for the Credential type field.

Step 3: Select namespace and vK8s cluster for the Namespace and VK8s cluster name fields respectively.

Step 4: Optionally, select a date of expiry for the Expiry Date field. Click Download to download the file.

cred kube
Figure: Create Kubeconfig

Note: The default expiry for the certificate is 10 days.

After generating, you can use it in deployments. The following is a sample kubectl request to view the the configuration:

kubectl config --kubeconfig=<kubeconfig-file> view

Generate API Tokens

Step 1: Log into the VoltConsole using your tenant credentials and select IAM in the left configuration menu in the system namespace. Select My Credentials in the options and click Create credentials.

create cred
Figure: Create Credentials

Step 2: Enter a name for your token and select API Token for the Credential type field.

Step 3: Optionally, select a date of expiry for the Expiry Date field. Click Generate.

apitoken generate
Figure: Create Credentials

Note: The default expiry for the API token is 10 days.

Step 4: Copy the API token using the Copy option and click Done.

api token generated
Figure: Generated API Token

After generating, you can use it in API request with the authorization header. The following is a sample API request:

curl -k -X GET https://<tenant>.console.ves.volterra.io/api/web/namespaces -H 'Authorization: APIToken <token value>'

Note: All API access with the token will have the same RBAC assigned to the user who created the token.


Revoke API Tokens

You can force an API token to be expired before its configured or default expiry time. Perform the following to revoke API tojkens:

Step 1: Log into the VoltConsole using your tenant credentials and select IAM in the left configuration menu in the system namespace. Select My Credentials in the options. A list of credentials gets displayed.

Step 2: Select the API token for which you want to force expiry and click ...-> Force Expiry.

token fexp
Figure: API Token Force Expiry Option

Step 3: Click Force Expire in the confirmation window to cause API token expiry.

token fexp confirm
Figure: API Token Force Expiry Confirmation


Concepts