Understanding Classic infrastructure credentials
Determine whether your account has access to the IBM Cloud infrastructure portfolio and learn about how IBM Cloud Kubernetes Service uses the API key to access the portfolio.
Access to IBM Cloud infrastructure works differently in Classic clusters. Infrastructure resources for Classic clusters are created in a separate IBM Cloud infrastructure account. Usually, your Pay-As-You-Go or Subscription account is linked to the IBM Cloud infrastructure account so that account owners can access classic infrastructure automatically. To authorize other users to access classic compute, storage, and networking resources, you must assign classic infrastructure roles.
To access the IBM Cloud infrastructure portfolio, you use an IBM Cloud Pay-As-You-Go or Subscription account.
You have two separate IBM Cloud infrastructure accounts and billing. By default, your new IBM Cloud account uses the new infrastructure account. To continue using the previous classic infrastructure account, manually set the credentials.
Accessing a different classic infrastructure account
Instead of using the default linked IBM Cloud infrastructure account to order infrastructure for clusters within a region, you might want to use a different IBM Cloud infrastructure account that you already have. You can link this infrastructure
account to your IBM Cloud account by using the ibmcloud ks credential set
command. The IBM Cloud infrastructure credentials are used instead
of the default Pay-As-You-Go or Subscription account's credentials that are stored for the region.
You can manually set infrastructure credentials to a different account only for classic clusters, not for VPC clusters.
The IBM Cloud infrastructure credentials that are set by the ibmcloud ks credential set
command persist after your session ends. If you remove IBM Cloud infrastructure credentials that were manually set with the ibmcloud ks credential unset --region <region>
command, the credentials of the Pay-As-You-Go or Subscription account are used instead. Note that this change can cause orphaned clusters.
Before you begin:
- If you are not using the account owner's credentials, ensure that the user whose credentials you want to set for the API key has the correct permissions.
- Log in to your account. If applicable, target the appropriate resource group. Set the context for your cluster.
To set infrastructure account credentials to access the IBM Cloud infrastructure portfolio:
-
Get the infrastructure account that you want to use to access the IBM Cloud infrastructure portfolio.
-
Find and record your
infrastructure username
. You use this username when you set API credentials.ibmcloud ks ibmcloud sl user list
- Set the infrastructure API credentials to use.
ibmcloud ks credential set classic --infrastructure-username <infrastructure_API_username> --infrastructure-api-key <infrastructure_API_authentication_key> --region <region>
- Verify that the correct credentials are set.
Example outputibmcloud ks credential get --region <region>
Infrastructure credentials for user name user@email.com set for resource group default.
- Set the infrastructure API credentials to use.
-
Create a cluster. To create the cluster, the infrastructure credentials that you set for the region and resource group are used.
-
Verify that your cluster uses the infrastructure account credentials that you set.
- Open the IBM Cloud clusters console and select your cluster.
- In the Overview tab, look for an Infrastructure User field.
- If you see that field, you don't use the default infrastructure credentials that come with your Pay-As-You-Go or Subscription account in this region. Instead, the region is set to use the different infrastructure account credentials that you set.