Credentials

• Open F5® Distributed Cloud Console homepage, select Administration box.

Note: Homepage is role based, and your homepage may look different due to your role customization. Select All Workspaces drop-down menu to discover all options. Customize Settings: Administration > Personal Management > My Account > Edit work domain & skills button > Advanced box > check Work Domain boxes > Save changes button.

Figure: Homepage

Note: Confirm Namespace feature is in correct namespace, drop-down selector located in upper-left corner. Not available in all services.

• Select Personal Management in left column menu > select Credentials.

• Select + Add Credentials button.

Note: If options are not showing available, select Show link in Advanced nav options visible in bottom left corner. If needed, select Hide to minimize options from Advanced nav options mode.

Figure: Create Credentials

• Enter Name for your certificate.

• Select API Certificate in Credential type.

• Enter Password > Confirm Password.

• Select Expiry date in calendar drop-down.

Figure: Add Credentials

• Select Download to generate certificate in .p12 file format.

Figure: Create API Certificate

Note: The maximum allowed expiry date for users is set by the tenant administrator. The system allows the administrator to set a maximum expiry of 365 days. The default expiry is 90 days.

• Credential will appear in Credentials page if created.

Note: Reference date confirms correct Credential.

After generating, you can use the certificate in API request.

Sample API request to delete a namespace:

curl -k  -X POST --cert-type P12 --cert ~/Downloads/<api-creds>.p12:<password> https://tenant>.console.ves.volterra.io/api/web/namespaces/<namespace>/cascade_delete -v

Note: It is recommended to specify the full path to certificate.

• Open F5® Distributed Cloud Console homepage, select Administration box.

Figure: Homepage

• Select Personal Management in left column menu > select Credentials > + Add Credentials.

Figure: Create Credentials

• Enter Name for your certificate.

• Select vK8s KubeConfig in Credential type drop-down menu.

• Select Site in drop-down menu.

• Select Namespace option in drop-down menu.

• Select vK8s cluster name option in drop-down menu.

• Select Expiry date from calendar drop-down.

Figure: Create vK8s KubeConfig

• Select Download button to generate and download vK8s KubeConfig certificate file.

Figure: Generate and download vK8s KubeConfig Certificate

Note: The maximum allowed expiry date for users is set by the tenant administrator. The system allows the administrator to set a maximum expiry of 365 days. The default expiry is 90 days.

• Use in deployments after generating.

The following is a sample kubectl request to view the configuration:

kubectl config --kubeconfig=<kubeconfig-file> view

• Open F5® Distributed Cloud Console homepage, select Administration box.

Figure: Homepage

• Select Personal Management in left column menu > select Credentials > + Add Credentials.

Figure: Create Credentials

• Enter Name.

• Select API Token in Credential type drop-down menu.

• Select Expiry date from calendar drop-down.

• Select Generate button.

Figure: Add Credentials

Note: The maximum allowed expiry date for users is set by the tenant administrator. The system allows the administrator to set a maximum expiry of 365 days. The default expiry is 90 days.

• Select Copy button to copy API token.

• Select Done button to exit pop-up window.

Figure: Add Credentials

After generating, you can use it in API request with the authorization header.

The following is a sample API request:

curl -k -X GET https://<tenant>.console.ves.volterra.io/api/web/namespaces -H 'Authorization: APIToken <token value>'

Note: All API access with the token will have the same RBAC assigned to the user who created the token.

• Open F5® Distributed Cloud Console homepage, select Administration box.

Figure: Homepage

• Select Personal Management in left column menu > select Credentials.

Figure: Credentials

• API Token: Select ... in Actions column, select Force Expiry to revoke API Token.

• API Certificate: Select ... in Actions column, select Delete to revoke API Certificate.

Note: All certificates follow x.509 standard.

• vK8s KubeConfig Credential: Select ... in Actions column, select Delete to revoke vK8s KubeConfig Credential.

Figure: API Token Force Expiry Option

• In case of API Token, select Force Expiry in the confirmation window to cause API credential object expiry.

Figure: API Token Force Expiry Confirmation

Note: You can renew or delete an expired credential. Select ... > Renew against expired credential from the list of credentials to renew it. Set an expiry date, and select Renew Credential in the confirmation box. Select ... > Delete against expired credential from the list of credentials to delete it. Select Delete in the confirmation box.

• In case of API certificates or vK8s KubeConfigs, select Delete in the confirmation window. This forces the expiry for the object and also deletes it from the F5 system.

• Open F5® Distributed Cloud Console homepage, select Administration box.

• Select IAM in left-menus > select Service Credentials > select + Add Service Credentials.

• Select + Create service credentials button.

Figure: Open Service Credentials

• Enter Name in Credential Email box to generate unique email name, name@volterracredentials.io.

• Select API Certificate in Credential type drop-down menu.

• Enter Password > Confirm Password.

• Select Expiry date from calendar drop-down.

• Optionally select Assign Service Credential to Group. Select the groups to which you want to add the service credential and then select Assign to Group.

  Note: You can also assign service credentials to user groups when you enable SCIM.

• Optionally: Select Assign roles and namespaces to open pop-up window.

  • Select Namespace drop-down option.

    • all application namespaces

    • shared

    • system

    • default

    • your custom namespace, Example: aatw

  • Select Make Admin checkbox to grant the admin role.

  • Select Role boxes to select a role from the displayed options.

  Note: You can add more roles using the + Add another role.

  • Select Add roles button.

Figure: Open Service Credentials

Select Download button to download the certificate in .p12 file format.

Note: The maximum allowed expiry date for users is set by the tenant administrator. The system allows the administrator to set a maximum expiry of 365 days. The default expiry is 90 days.

• Open F5® Distributed Cloud Console homepage, select Administration box.

Figure: Homepage

• Select IAM, select Service Credentials > select + Add Service Credentials.

Figure: Credentials

• Enter Name in Credential Email box to generate unique email name, name@volterracredentials.io.

• Select vK8s KubeConfig in Credential type drop-down menu.

• Select Site in drop-down menu.

• Select Expiry date from calendar drop-down.

• Optionally select Assign Service Credential to Group. Select the groups to which you want to add the service credential and then select Assign to Group.

  Note: You can also assign service credentials to user groups when you enable SCIM.

• Optionally: Select Assign roles and namespaces to open pop-up window.

  • Select Namespace drop-down option.

    • all application namespaces

    • shared

    • system

    • default

    • your custom namespace, Example: aatw

  • Select Make Admin checkbox to grant the admin role.

  • Select Role boxes to select a role from the displayed options.

  Note: You can add more roles using the + Add another role.

  • Select Add roles button.

Select Download button.

Note: The maximum allowed expiry date for users is set by the tenant administrator. The system allows the administrator to set a maximum expiry of 365 days. The default expiry is 90 days.

• Open F5® Distributed Cloud Console homepage, select Administration box.

Figure: Homepage

• Select IAM, select Service Credentials > select + Add Service Credentials.

Figure: Credentials

• Enter Name in Credential Email box to generate unique email name, name@volterracredentials.io.

• Select API Token in Credential type drop-down menu.

• Select Expiry date from calendar drop-down.

• Optionally select Assign Service Credential to Group. Select the groups to which you want to add the service credential and then select Assign to Group.

  Note: You can also assign service credentials to user groups when you enable SCIM.

• Optionally: Select Assign roles and namespaces to open pop-up window.

  • Select Namespace drop-down option.

    • all application namespaces

    • shared

    • system

    • default

    • your custom namespace, Example: aatw

  • Select Make Admin checkbox to grant the admin role.

  • Select Role boxes to select a role from the displayed options.

  Note: You can add more roles using the + Assign Roles and Namespaces.

  • Select Assign roles button.

Figure: Create Service API Token

• Select Generate button to generate the service API token.

Figure: Create Service API Token

• Select Copy button to copy token.

Note: Ensure that you save the copied token for later use.

• Select Done button.

Figure: Copy Service API Token

• Open F5® Distributed Cloud Console homepage, select Administration box.

Note: Homepage is role based, and your homepage may look different due to your role customization. Visit [Homepage Customization] to adjust your homepage.

Figure: Homepage

• Select IAM > select Service Credentials > select + Add Service Credentials.

Figure: Credentials

• API Token: Select ... in Actions column, select Force Expiry to revoke API Token.

• API Certificate: Select ... in Actions column, select Delete to revoke API Certificate.

• vK8s KubeConfig Credential: Select ... in Actions column, select Delete to revoke vK8s KubeConfig Credential.

Figure: API Token Force Expiry Option

• In case of API Token, select Force Expiry in the confirmation window to cause API credential object expiry.

Figure: API Token Force Expiry Confirmation

Note: You can renew or delete an expired credential. For instructions, see Update Service Credentials.

• In case of API certificates or vK8s KubeConfigs, select Delete in the confirmation window. This forces the expiry for the object and also deletes it from the F5® Distributed Cloud Console.