Creating a service ID by using IBM Cloud Private CLI

Prerequisites

• Install and setup the Kubernetes command-line tool, kubectl. See Install and Set Up kubectl . Note: You need to install version 1.10.1.

• Install and setup the IBM Cloud CLI. See CLI and tools overview to get started.

• Install the IBM Cloud Private CLI plugin. See Installing the IBM Cloud Private CLI to get started.

Creating a service ID

1. Log in to IBM Cloud Private and set the namespace to generate tokens. The command prompts you for a password and account.

   cloudctl login -a https://<cluster-domain-name>:8443 -u <username> -n kube-system --skip-ssl-validation
   

2. Run the following commands to list IAM commands and data:

   • cloudctl iam

     Output
     ------
     NAME:
      cloudctl iam - Manage identities and access to resources
     USAGE:
      cloudctl iam command [arguments...] [command options]
     
     COMMANDS:
      roles                    List roles
      saml-disable             Disable SAML authentication
      saml-enable              Enable SAML authentication
      saml-export-metadata     Export the SAML metadata content to create a SAML integration. Requires SAML to be enabled with 'cloudctl iam saml-enable'.
      saml-status              Get the SAML configuration status.
      saml-upload-metadata     Upload SAML metadata content to complete the SAML integration.
      service-api-key          List details of a service API key
      service-api-key-create   Create a service API key
      service-api-key-delete   Delete a service API key
      service-api-key-update   Update a service API key
      service-api-keys         List all API keys of a service
      service-id               Display details of a service ID
      service-id-create        Create a service ID
      service-id-delete        Delete a service ID
      service-id-update        Update a service ID
      service-ids              List all service IDs.
      service-policies         List all service policies of specified service
      service-policy           Display details of a service policy
      service-policy-create    Create a service policy
      service-policy-delete    Delete a service policy
      service-policy-update    Update a service policy
      services                 List services
      help
     Enter 'cloudctl iam help [command]' for more information about a command.
     

   • cloudctl iam roles

     Output
     ------
     Getting system defined roles as admin...
     OK
     
     Name                   ID                                                    Description   
     Viewer                 crn:v1:icp:private:iam::::role:Viewer                 Viewers can take actions that do not change state (i.e. read only).   
     ClusterAdministrator   crn:v1:icp:private:iam::::role:ClusterAdministrator   ClusterAdministrators can take all actions including the ability to manage access control.   
     Administrator          crn:v1:icp:private:iam::::role:Administrator          Administrators can take all actions including the ability to manage access control.   
     Editor                 crn:v1:icp:private:iam::::role:Editor                 Editors can take actions that can modify the state and create/delete sub-resources.   
     Operator               crn:v1:icp:private:iam::::role:Operator               Operators can take actions required to configure and operate resources.
     

   • cloudctl iam services

     Output
     ------
     Getting system defined services as admin...
     OK
     
     ID                         Name                         Display Name                Supported Roles   
     5adf7987e6ace7000a023556   idmgmt                       service-identity-manager    ClusterAdministrator, Operator, Editor, Viewer, Administrator   
     5adf7987e6ace7000a023557   idprovider                   service-identity-provider   ClusterAdministrator, Operator, Editor, Viewer, Administrator   
     5adf7987e6ace7000a023558   idauth                       service-auth-service        ClusterAdministrator, Operator, Editor, Viewer, Administrator   
     5adf7987e6ace7000a023559   identity                     service-identity            ClusterAdministrator, Operator, Editor, Viewer, Administrator   
     5adf79e1fc55aa00c8e05bf1   helm-api-service             helmapi-repos               ClusterAdministrator, Administrator, Operator, Editor, Viewer   
     5adf79e7fc55aa00c8e05bf2   elasticsearch-service        elasticsearch               ClusterAdministrator, Administrator, Operator   
     5adf79e8fc55aa00c8e05bf3   service-monitoring-service   service-monitoring          ClusterAdministrator, Administrator, Operator
     

3. Create the service ID for a service, run the following command, where NAME is <meteringserviceId> and [-d, --description DESCRIPTION] is <service id for metering>:

    cloudctl iam service-id-create <meteringserviceId> -d <service id for metering>
   

    Output
    ------
    Creating service ID meteringserviceId bound to current account as admin...
    OK
    Service ID meteringserviceId is created successfully
   
    Name          meteringserviceId
    Description   service id for metering
    CRN           crn:v1:icp:private:k8::n/kube-system::serviceid:ServiceId-58451b31-607b-42b4-99c8-1ceeea96bb48
    Bound To      crn:v1:icp:private:k8::n/kube-system:::
   

   You can manage service IDs, create and manage API keys, and create and manage policies for access to specific services that are needed by an application. See IBM Cloud Private CLI service API key commands for more service, API key, and policy commands and examples.