Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 1. Security APIs
1.1. CertificateSigningRequest [certificates.k8s.io/v1]
- Description
CertificateSigningRequest objects provide a mechanism to obtain x509 certificates by submitting a certificate signing request, and having it asynchronously approved and issued.
Kubelets use this API to obtain: 1. client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client-kubelet" signerName). 2. serving certificates for TLS endpoints kube-apiserver can connect to securely (with the "kubernetes.io/kubelet-serving" signerName).
This API can be used to request client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client" signerName), or to obtain certificates from custom non-Kubernetes signers.
- Type
-
object
1.2. CredentialsRequest [cloudcredential.openshift.io/v1]
- Description
- CredentialsRequest is the Schema for the credentialsrequests API
- Type
-
object
1.3. PodSecurityPolicyReview [security.openshift.io/v1]
- Description
PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the
PodTemplateSpecin question.Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
- Type
-
object
1.4. PodSecurityPolicySelfSubjectReview [security.openshift.io/v1]
- Description
PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec
Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
- Type
-
object
1.5. PodSecurityPolicySubjectReview [security.openshift.io/v1]
- Description
PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.
Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).
- Type
-
object
1.6. RangeAllocation [security.openshift.io/v1]
- Description
RangeAllocation is used so we can easily expose a RangeAllocation typed for security group
Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
- Type
-
object
1.7. Secret [v1]
- Description
- Secret holds secret data of a certain type. The total bytes of the values in the Data field must be less than MaxSecretSize bytes.
- Type
-
object
1.8. SecurityContextConstraints [security.openshift.io/v1]
- Description
SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints.
Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
- Type
-
object
1.9. ServiceAccount [v1]
- Description
- ServiceAccount binds together: * a name, understood by users, and perhaps by peripheral systems, for an identity * a principal that can be authenticated and authorized * a set of secrets
- Type
-
object
