Credentials

Objective

This guide provides instructions on how to obtain credential information related to Volterra services from the VoltConsole.

The following types of files can be generated and downloaded from VoltConsole:

  • API Tokens - The tokens are used in site deployment and also for the authorization in the API requests.
  • X.509 Certificates - These certificates are used in API requests.
  • Kubeconfig - These are the kubeconfigs for deploying your applications using Volterra vK8s.

Using the instructions provided in this guide, you can create various types of credentials and download them.


Prerequisites

The following prerequisites apply:


Generate API Certificate

Step 1: Start credential creation in VoltConsole.

Log into the VoltConsole using your tenant credentials and click on the General option in the namespace selector. Click My Credentials in the options under Personal Management and click Create credentials.

create cred new
Figure: Create Credentials

Step 2:Configure name and select credential type.

Enter a name for your certificate and select API Certificate for the Credential type field.

Step 3:Enter a password and repeat for confirmation.
Step 4: Generate the certificate and download it.

Optionally, select a date of expiry for the Expiry Date field. Click Download to download the certificate in the .p12 file format.

api cert new
Figure: Create API Certificate

Note: The default expiry for the certificate is 10 days.

After generating, you can use it in API request. The following is a sample API request to delete a namespace.

curl -k  -X POST --cert-type P12 --cert ~/Downloads/<api-creds>.p12:<password> https://tenant>.console.ves.volterra.io/api/web/namespaces/<namespace>/cascade_delete -v

Note: It is recommended to specify the full path to certificate.


Generate Kubeconfig

Step 1: Start creating credentials in VoltConsole.

Log into the VoltConsole using your tenant credentials and click on the General option in the namespace selector. Click My Credentials in the options under Personal Management and click Create credentials.

create cred new
Figure: Create Credentials

Step 2:Set a name and select the type of credentials.

Enter a name for your Kubeconfig file and select Kubeconfig for the Credential type field.

Step 3: Select namespace and vK8s cluster name.

Select namespace and vK8s cluster for the Namespace and VK8s cluster name fields respectively.

Step 4:Create the kubeconfig and download.

Optionally, select a date of expiry for the Expiry Date field. Click Download to download the file.

cred kube new
Figure: Create Kubeconfig

Note: The default expiry for the kubeconfig is 10 days.

After generating, you can use it in deployments. The following is a sample kubectl request to view the configuration:

kubectl config --kubeconfig=<kubeconfig-file> view

Generate API Tokens

Step 1: Start creating credentials in VoltConsole.

Log into the VoltConsole using your tenant credentials and click on the General option in the namespace selector. Click My Credentials in the options under Personal Management and click Create credentials.

create cred new
Figure: Create Credentials

Step 2: Set a name and select type of credentials.

Enter a name for your token and select API Token for the Credential type field.

Step 3:Complete token creation.

Optionally, select a date of expiry for the Expiry Date field. Click Generate.

api token generate new
Figure: Create Credentials

Note: The default expiry for the API token is 10 days.

Step 4:Obtain the token.

Copy the API token using the Copy option and click Done.

api token generated
Figure: Generated API Token

After generating, you can use it in API request with the authorization header. The following is a sample API request:

curl -k -X GET https://<tenant>.console.ves.volterra.io/api/web/namespaces -H 'Authorization: APIToken <token value>'

Note: All API access with the token will have the same RBAC assigned to the user who created the token.


Revoke API Tokens

You can force an API token to be expired before its configured or default expiry time. Perform the following to revoke API tokens:

Step 1: Navigate to your credentials and VoltConsole.

Log into the VoltConsole using your tenant credentials and click on the General option in the namespace selector. Click My Credentials in the options under Personal Management.

Step 2: Perform revoke operation for an existing credential object.

Select the API token for which you want to force expiry and click ...-> Force Expiry.

token fexp new
Figure: API Token Force Expiry Option

Step 3: Complete revoke operation.

Click Force Expire in the confirmation window to cause API token expiry.

token fexp confirm new
Figure: API Token Force Expiry Confirmation

Note: You can renew or delete an expired credential. Click ...->Renew against expired credential from the list of credentials to renew it. Set an expiry date and click Renew Credential in the confirmation box. Click ... -> Delete against expired credential from the list of credentials to delete it. Click Delete in the confirmation box.


Concepts