Stay organized with collections
Save and categorize content based on your preferences.
The PKI Security API uses Kubernetes custom resources and relies on the
Kubernetes Resource Model (KRM). It is used to manage and configure web
certificates to secure web endpoints in your Google Distributed Cloud (GDC) air-gapped
environment.
Service endpoint and discovery document
The API endpoint for the PKI Security API is https://GDC_API_SERVER_ENDPOINT/apis/pki.security.gdc.goog/v1
where MANAGEMENT_API_SERVER_ENDPOINT is the endpoint of the
Management API server.
Using the kubectl proxy command, you can access the API endpoint URLs in your
browser or with a tool such as curl to get the discovery document for the
PKI Security API. The kubectl proxy command opens up a proxy to the
Kubernetes API server on your local machine. After that command is running, you
can access the document at the following URL:
http://127.0.0.1:8001/apis/pki.security.gdc.goog/v1.
Example PKI BYO certificate issuer
The following is an example of a PKI Security bring-your-own (BYO) certificate issuer:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-05 UTC."],[[["The PKI Security API utilizes Kubernetes custom resources and the Kubernetes Resource Model (KRM) for managing web certificates."],["This API is designed to configure and manage web certificates in Google Distributed Cloud (GDC) air-gapped environments."],["The API endpoint is located at `https://`\u003cvar translate=\"no\"\u003eGDC_API_SERVER_ENDPOINT\u003c/var\u003e`/apis/pki.security.gdc.goog/v1`."],["You can use the `kubectl proxy` command to access the API endpoint URLs and obtain the discovery document."],["The provided example demonstrates a PKI Security bring-your-own (BYO) certificate issuer configuration, including a fallback certificate authority."]]],[]]