Search
SupportConsoleDevelopersStart a trialContact

Chapter 1. Security APIs

download PDF

1.1. CertificateSigningRequest [certificates.k8s.io/v1]

Description

CertificateSigningRequest objects provide a mechanism to obtain x509 certificates by submitting a certificate signing request, and having it asynchronously approved and issued.

Kubelets use this API to obtain: 1. client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client-kubelet" signerName). 2. serving certificates for TLS endpoints kube-apiserver can connect to securely (with the "kubernetes.io/kubelet-serving" signerName).

This API can be used to request client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client" signerName), or to obtain certificates from custom non-Kubernetes signers.

Type
object

1.2. CredentialsRequest [cloudcredential.openshift.io/v1]

Description
CredentialsRequest is the Schema for the credentialsrequests API
Type
object

1.3. PodSecurityPolicyReview [security.openshift.io/v1]

Description

PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the PodTemplateSpec in question.

Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).

Type
object

1.4. PodSecurityPolicySelfSubjectReview [security.openshift.io/v1]

Description

PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec

Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).

Type
object

1.5. PodSecurityPolicySubjectReview [security.openshift.io/v1]

Description

PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.

Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).

Type
object

1.6. RangeAllocation [security.openshift.io/v1]

Description

RangeAllocation is used so we can easily expose a RangeAllocation typed for security group

Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.

Type
object

1.7. Secret [v1]

Description
Secret holds secret data of a certain type. The total bytes of the values in the Data field must be less than MaxSecretSize bytes.
Type
object

1.8. SecurityContextConstraints [security.openshift.io/v1]

Description
SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object

1.9. ServiceAccount [v1]

Description
ServiceAccount binds together: * a name, understood by users, and perhaps by peripheral systems, for an identity * a principal that can be authenticated and authorized * a set of secrets
Type
object
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.