PKI Security API overview
Stay organized with collections Save and categorize content based on your preferences.

The PKI Security API uses Kubernetes custom resources and relies on the Kubernetes Resource Model (KRM). It is used to manage and configure web certificates to secure web endpoints in your Google Distributed Cloud (GDC) air-gapped environment.

Service endpoint and discovery document

The API endpoint for the PKI Security API is https://GDC_API_SERVER_ENDPOINT/apis/pki.security.gdc.goog/v1 where MANAGEMENT_API_SERVER_ENDPOINT is the endpoint of the Management API server.

Using the kubectl proxy command, you can access the API endpoint URLs in your browser or with a tool such as curl to get the discovery document for the PKI Security API. The kubectl proxy command opens up a proxy to the Kubernetes API server on your local machine. After that command is running, you can access the document at the following URL: http://127.0.0.1:8001/apis/pki.security.gdc.goog/v1.

Example PKI BYO certificate issuer

The following is an example of a PKI Security bring-your-own (BYO) certificate issuer:

apiVersion: pki.security.gdc.goog/v1
kind: CertificateIssuer
metadata:
  name: byo-cert-issuer
  namespace: pki-system
  labels:
    pki.security.gdc.goog/is-default-issuer: "true"
spec:
  byoCertConfig:
    fallbackCertificateAuthority:
      name: default-web-tls-ca
      namespace: pki-system

PKI Security API overview Stay organized with collections Save and categorize content based on your preferences.

Service endpoint and discovery document

Example PKI BYO certificate issuer

PKI Security API overview
Stay organized with collections Save and categorize content based on your preferences.