Mantenha tudo organizado com as coleções
Salve e categorize o conteúdo com base nas suas preferências.
A API PKI Security usa recursos personalizados do Kubernetes e depende do
modelo de recursos do Kubernetes (KRM). Ele é usado para gerenciar e configurar certificados da Web para proteger endpoints da Web no ambiente isolado do Google Distributed Cloud (GDC).
Endpoint de serviço e documento de descoberta
O endpoint de API da API de segurança de PKI é https://GDC_API_SERVER_ENDPOINT/apis/pki.security.gdc.goog/v1, em que MANAGEMENT_API_SERVER_ENDPOINT é o endpoint do servidor da API Management.
Usando o comando kubectl proxy, é possível acessar os URLs endpoint de API no
navegador ou com uma ferramenta como curl para receber o documento de descoberta da
API PKI Security. O comando kubectl proxy abre um proxy para o
servidor da API Kubernetes na sua máquina local. Depois que esse comando estiver em execução, você
poderá acessar o documento no seguinte URL:
http://127.0.0.1:8001/apis/pki.security.gdc.goog/v1.
Exemplo de emissor de certificado BYO da ICP
Confira um exemplo de emissor de certificado de segurança BYO (traga seu próprio) da ICP:
[[["Fácil de entender","easyToUnderstand","thumb-up"],["Meu problema foi resolvido","solvedMyProblem","thumb-up"],["Outro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Informações incorretas ou exemplo de código","incorrectInformationOrSampleCode","thumb-down"],["Não contém as informações/amostras de que eu preciso","missingTheInformationSamplesINeed","thumb-down"],["Problema na tradução","translationIssue","thumb-down"],["Outro","otherDown","thumb-down"]],["Última atualização 2025-09-04 UTC."],[[["\u003cp\u003eThe PKI Security API utilizes Kubernetes custom resources and the Kubernetes Resource Model (KRM) for managing web certificates.\u003c/p\u003e\n"],["\u003cp\u003eThis API is designed to configure and manage web certificates in Google Distributed Cloud (GDC) air-gapped environments.\u003c/p\u003e\n"],["\u003cp\u003eThe API endpoint is located at \u003ccode\u003ehttps://\u003c/code\u003e\u003cvar translate=no\u003eGDC_API_SERVER_ENDPOINT\u003c/var\u003e\u003ccode\u003e/apis/pki.security.gdc.goog/v1\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eYou can use the \u003ccode\u003ekubectl proxy\u003c/code\u003e command to access the API endpoint URLs and obtain the discovery document.\u003c/p\u003e\n"],["\u003cp\u003eThe provided example demonstrates a PKI Security bring-your-own (BYO) certificate issuer configuration, including a fallback certificate authority.\u003c/p\u003e\n"]]],[],null,["# PKI Security API overview\n\nThe PKI Security API uses Kubernetes custom resources and relies on the\nKubernetes Resource Model (KRM). It is used to manage and configure web\ncertificates to secure web endpoints in your Google Distributed Cloud (GDC) air-gapped\nenvironment.\n\nService endpoint and discovery document\n---------------------------------------\n\nThe API endpoint for the PKI Security API is `https://`\u003cvar translate=\"no\"\u003eGDC_API_SERVER_ENDPOINT\u003c/var\u003e`/apis/pki.security.gdc.goog/v1`\nwhere \u003cvar translate=\"no\"\u003eMANAGEMENT_API_SERVER_ENDPOINT\u003c/var\u003e is the endpoint of the\nManagement API server.\n\nUsing the `kubectl proxy` command, you can access the API endpoint URLs in your\nbrowser or with a tool such as `curl` to get the discovery document for the\nPKI Security API. The `kubectl proxy` command opens up a proxy to the\nKubernetes API server on your local machine. After that command is running, you\ncan access the document at the following URL:\n`http://127.0.0.1:8001/apis/pki.security.gdc.goog/v1`.\n\nExample PKI BYO certificate issuer\n----------------------------------\n\nThe following is an example of a PKI Security bring-your-own (BYO) certificate issuer: \n\n apiVersion: pki.security.gdc.goog/v1\n kind: CertificateIssuer\n metadata:\n name: byo-cert-issuer\n namespace: pki-system\n labels:\n pki.security.gdc.goog/is-default-issuer: \"true\"\n spec:\n byoCertConfig:\n fallbackCertificateAuthority:\n name: default-web-tls-ca\n namespace: pki-system"]]