Skip to content

Latest commit

 

History

History
276 lines (267 loc) · 13.4 KB

readme.md

File metadata and controls

276 lines (267 loc) · 13.4 KB
Raw

This guide provides instructions on how to generate various credentials related to F5® Distributed Cloud Services from the platform.

F5® Distributed Cloud Console provides two types of credentials:

  • My credentials: Are generated and used for different authentication and authorization purposes while accessing F5® Distributed Cloud Services APIs or deploying apps using F5® Distributed Cloud Services vK8s.

  • Service credentials: Are generated by administrators to create custom service roles that are associated with service users.

Note: The My Credentials inherit the roles of the users. In case of service credentials, you can assign specific roles to the service user.

Using the instructions provided in this guide, you can create various types of credentials and download them for using in API requests.

Prerequisites

The following prerequisites apply:

  • A single-node or multi-node F5® Distributed Cloud Services site in case of application deployment.

My Credentials

My Credentials options can be generated and downloaded from the Console:

  • API Tokens: The tokens are used in site deployment, and also for the authorization in the API requests.

  • X.509 Certificates: These certificates are used in API requests.

  • vK8s KubeConfig: These are the vK8s KubeConfigs for deploying your applications using F5® Distributed Cloud Services vK8s.

Note: You can use either API certificate or API token for authenticating. It is recommended to use API certificates as they offer more robust security via Mutual TLS (mTLS) authentication. The API tokens are used with one-way TLS authentication.

Generate API Certificate

Features can be viewed, and managed in multiple services.

This example shows Credentials setup in Administration.

Step 1: Open F5® Distributed Cloud Console > select Create Credentials.
  • Open F5® Distributed Cloud Console homepage, select Administration box.

NEW HOME PAGE C Figure: Homepage

  • Select Personal Management in left column menu > select Credentials > + Create Credentials.

CREDS MAIN2 2B Figure: Create Credentials

Step 2: Configure Credential type.

  • Enter Name for your certificate.

  • Select vK8s KubeConfig in Credential type drop-down menu.

  • Select Namespace option in drop-down menu.

  • Select vK8s cluster name option in drop-down menu.

  • Select Expiry date from calendar drop-down.

CREDS KUBECONFIG 3 Figure: Create vK8s KubeConfig

Step 3: Generate and download vK8s KubeConfig Certificate.
  • Select Download button to generate and download vK8s KubeConfig certificate file.

CREDS KUBECONFIG 3 Figure: Generate and download vK8s KubeConfig Certificate

Note: The maximum allowed expiry date for users is set by the tenant administrator. The system allows the administrator to set a maximum expiry of 365 days. The default expiry is 90 days.

  • Use in deployments after generating.

source: https://f5-amer-ent.console.ves.volterra.io/web/workspaces/administration/personal-management/api_credentials

Importing JSON into POSTMAN

To import the json file **F5 XCS Postman Collection.postman_collection.json** into Postman go under import and then make necessary changes in the XCS Env Var to reflect your environemnt details such as tenant name, namespace, API cert and value, etc like the image below

Now right click on the tasks and choose to run all the tasks as follows:

Watch for a HTTP 200 response message code back in the response header