copyright | lastupdated | keywords | subcollection | ||
---|---|---|---|---|---|
|
2021-03-30 |
kubernetes, iks, istio, add-on |
containers |
{:DomainName: data-hd-keyref="APPDomain"} {:DomainName: data-hd-keyref="DomainName"} {:android: data-hd-operatingsystem="android"} {:api: .ph data-hd-interface='api'} {:apikey: data-credential-placeholder='apikey'} {:app_key: data-hd-keyref="app_key"} {:app_name: data-hd-keyref="app_name"} {:app_secret: data-hd-keyref="app_secret"} {:app_url: data-hd-keyref="app_url"} {:authenticated-content: .authenticated-content} {:beta: .beta} {:c#: data-hd-programlang="c#"} {:cli: .ph data-hd-interface='cli'} {:codeblock: .codeblock} {:curl: .ph data-hd-programlang='curl'} {:deprecated: .deprecated} {:dotnet-standard: .ph data-hd-programlang='dotnet-standard'} {:download: .download} {:external: target="_blank" .external} {:faq: data-hd-content-type='faq'} {:fuzzybunny: .ph data-hd-programlang='fuzzybunny'} {:generic: data-hd-operatingsystem="generic"} {:generic: data-hd-programlang="generic"} {:gif: data-image-type='gif'} {:go: .ph data-hd-programlang='go'} {:help: data-hd-content-type='help'} {:hide-dashboard: .hide-dashboard} {:hide-in-docs: .hide-in-docs} {:important: .important} {:ios: data-hd-operatingsystem="ios"} {:java: .ph data-hd-programlang='java'} {:java: data-hd-programlang="java"} {:javascript: .ph data-hd-programlang='javascript'} {:javascript: data-hd-programlang="javascript"} {:new_window: target="_blank"} {:note .note} {:note: .note} {:objectc data-hd-programlang="objectc"} {:org_name: data-hd-keyref="org_name"} {:php: data-hd-programlang="php"} {:pre: .pre} {:preview: .preview} {:python: .ph data-hd-programlang='python'} {:python: data-hd-programlang="python"} {:route: data-hd-keyref="route"} {:row-headers: .row-headers} {:ruby: .ph data-hd-programlang='ruby'} {:ruby: data-hd-programlang="ruby"} {:runtime: architecture="runtime"} {:runtimeIcon: .runtimeIcon} {:runtimeIconList: .runtimeIconList} {:runtimeLink: .runtimeLink} {:runtimeTitle: .runtimeTitle} {:screen: .screen} {:script: data-hd-video='script'} {:service: architecture="service"} {:service_instance_name: data-hd-keyref="service_instance_name"} {:service_name: data-hd-keyref="service_name"} {:shortdesc: .shortdesc} {:space_name: data-hd-keyref="space_name"} {:step: data-tutorial-type='step'} {:subsection: outputclass="subsection"} {:support: data-reuse='support'} {:swift: .ph data-hd-programlang='swift'} {:swift: data-hd-programlang="swift"} {:table: .aria-labeledby="caption"} {:term: .term} {:tip: .tip} {:tooling-url: data-tooling-url-placeholder='tooling-url'} {:troubleshoot: data-hd-content-type='troubleshoot'} {:tsCauses: .tsCauses} {:tsResolve: .tsResolve} {:tsSymptoms: .tsSymptoms} {:tutorial: data-hd-content-type='tutorial'} {:ui: .ph data-hd-interface='ui'} {:unity: .ph data-hd-programlang='unity'} {:url: data-credential-placeholder='url'} {:user_ID: data-hd-keyref="user_ID"} {:vbnet: .ph data-hd-programlang='vb.net'} {:video: .video}
{: #api-at-iam}
When you use {{site.data.keyword.containerlong}} such as through the command line or console, the service calls application programming interface (API) methods to complete your requests. In {{site.data.keyword.cloud_notm}} IAM, each API operation is associated with an IAM action that the user must have an access role to use the API operation. You can keep track of the requests that you make with an {{site.data.keyword.at_full_notm}} instance. {: shortdesc}
Review the following list of {{site.data.keyword.cloud_notm}} Identity and Access Management (IAM) actions and {{site.data.keyword.at_full_notm}} events that correspond to each API method in {{site.data.keyword.containerlong_notm}}.
For more information, see the following topics.
- {{site.data.keyword.containerlong_notm}} API docs{: external}
- User access permissions
- {{site.data.keyword.at_full_notm}} events.
{: #ks-account}
Review the following account API methods, their corresponding actions in {{site.data.keyword.cloud_notm}} IAM, and the events that are sent to {{site.data.keyword.at_full_notm}} for {{site.data.keyword.containerlong_notm}}. {: shortdesc}
API Method | Description | IAM action for the API | Event sent to {{site.data.keyword.cloudaccesstrailshort}} |
---|---|---|---|
DELETE/v1/credentials | Remove {{site.data.keyword.cloud_notm}} infrastructure account credentials from your {{site.data.keyword.containerlong_notm}} account. | containers-kubernetes.cluster.create | containers-kubernetes.account.delete |
GET/v1/addons | List available add-ons that you can enable in a cluster. | - | - |
GET/v1/config | List configuration values for your {{site.data.keyword.cloud_notm}} account. | containers-kubernetes.cluster.read | - |
GET/v1/credentials | View the {{site.data.keyword.cloud_notm}} infrastructure account credentials that are set for your {{site.data.keyword.containerlong_notm}} account. | containers-kubernetes.cluster.read | - |
GET/v1/datacenters/{datacenter}/machine-types | List available machine types for a zone (data center). | - | - |
GET/v1/datacenters/{datacenter}/vlans | List available VLANs for a zone. | - | - |
GET/v1/infra-permissions | Get details on the permissions that the {{site.data.keyword.cloud_notm}} infrastructure credentials have. | containers-kubernetes.cluster.read | - |
GET/v1/kube-versions | Deprecated: List available Kubernetes versions. | - | - |
GET/v1/locations | List available locations. | - | - |
GET/v1/messages | View the current user messages. | - | - |
GET/v1/prodconfig | List product-specific values to substitute for variables in other files. | - | - |
GET/v1/regions | Deprecated: List available Kubernetes Service regions. | - | - |
GET/v1/subnets | List available {{site.data.keyword.cloud_notm}} infrastructure subnets. | containers-kubernetes.cluster.read | - |
GET/v1/subnets/vlan-spanning | View the VLAN spanning status. | containers-kubernetes.cluster.read | - |
GET/v1/user-config | View a user's ability to create free and standard clusters in a region and resource group. | containers-kubernetes.cluster.read | - |
GET/v1/versions | List available {{site.data.keyword.containerlong_notm}} versions. | containers-kubernetes.cluster.read | - |
GET/v1/zones | List available zones (data centers). | - | - |
GET/v2/getMessages | View the current user messages. | - | - |
GET/v2/getQuota | View the quota for resources per region in the account. | containers-kubernetes.cluster.read | - |
GET/v2/getVersions | List available {{site.data.keyword.containerlong_notm}} versions. | containers-kubernetes.cluster.read | - |
GET/v2/vpc/getZones | List available zones in a region. | - | - |
POST/v1/credentials | Set {{site.data.keyword.cloud_notm}} infrastructure account credentials for your {{site.data.keyword.containerlong_notm}} account. | containers-kubernetes.cluster.create | - |
POST/v1/keys | Reset the IAM API key. | containers-kubernetes.cluster.create | - |
{: summary="The rows are read from left to right. The first column is the API method. The second column is a description of the method. The third column is the action that the user must have an access policy to the service in {{site.data.keyword.cloud_notm}} Identity and Access Management (IAM), if any. The fourth column is the event that is sent for the method to {{site.data.keyword.at_full_notm}} instance, if any."} | |||
{: caption="Account API methods, IAM actions, and {{site.data.keyword.cloudaccesstrailshort}} events."} |
{: #ks-cluster}
Review the following cluster API methods, their corresponding actions in {{site.data.keyword.cloud_notm}} IAM, and the events that are sent to {{site.data.keyword.at_full_notm}} for {{site.data.keyword.containerlong_notm}}. {: shortdesc}
API Method | Description | IAM action for the API | {{site.data.keyword.cloudaccesstrailshort}} event |
---|---|---|---|
DELETE/v1/clusters/{idOrName} | Delete a cluster. | containers-kubernetes.cluster.create | containers-kubernetes.cluster.delete |
DELETE/v1/clusters/{idOrName}/apiserverconfigs/auditwebhook | Delete an audit webhook configuration. | containers-kubernetes.cluster.operate | containers-kubernetes.cluster.delete |
DELETE/v1/clusters/{idOrName}/services/{namespace}/{serviceInstanceId} | Unbind an {{site.data.keyword.cloud_notm}} service from a cluster. | containers-kubernetes.cluster.operate | containers-kubernetes.service.delete |
DELETE/v1/clusters/{idOrName}/usersubnets/{subnetId}/vlans/{vlanId} | Remove a user-managed subnet from a cluster. | containers-kubernetes.cluster.operate | containers-kubernetes.vlan.delete |
GET/v1/clusters | List the clusters that you have access to. | containers-kubernetes.cluster.read | - |
GET/v1/clusters/{idOrName} | View details for a cluster. | containers-kubernetes.cluster.read | - |
GET/v1/clusters/{idOrName}/addons | View details of the add-ons that are enabled in a cluster. | containers-kubernetes.cluster.read | - |
GET/v1/clusters/{idOrName}/apiserverconfigs/auditwebhook | View details for an audit webhook configuration. | containers-kubernetes.cluster.read | - |
GET/v1/clusters/{idOrName}/config | Get the cluster-specific configuration and certificates. | containers-kubernetes.cluster.read | containers-kubernetes.cluster.config |
GET/v1/clusters/{idOrName}/services | List the {{site.data.keyword.cloud_notm}} services bound to a cluster across all namespaces. | containers-kubernetes.cluster.read | - |
GET/v1/clusters/{idOrName}/services/{namespace} | List the {{site.data.keyword.cloud_notm}} services bound to a specific namespace in a cluster. | containers-kubernetes.cluster.read | - |
GET/v1/clusters/{idOrName}/subnets | List subnets from your {{site.data.keyword.cloud_notm}} infrastructure account that are bound to a cluster. | containers-kubernetes.cluster.read | - |
GET/v1/clusters/{idOrName}/usersubnets | List user-managed subnets that are bound to a cluster. | containers-kubernetes.cluster.read | - |
GET/v1/clusters/{idOrName}/webhooks | List all webhooks for a cluster. | containers-kubernetes.cluster.read | - |
GET/v1/clusters/{idOrName}/workerpools | List the worker pools in a cluster. | containers-kubernetes.cluster.read | - |
GET/v2/classic/getCluster | Get detailed cluster information. | containers-kubernetes.cluster.read | - |
GET/v2/classic/getClusters | List the classic clusters that you have access to. | containers-kubernetes.cluster.read | - |
GET/v2/classic/getVLANs | List available classic infrastructure VLANs for a zone. | containers-kubernetes.cluster.read | - |
GET/v2/getCluster | View details for a cluster. | containers-kubernetes.cluster.read | - |
GET/v2/getClusterAddons | View details of the add-ons that are enabled in a cluster. | containers-kubernetes.cluster.read | - |
GET/v2/getCRKs | List the root keys for a key management service (KMS) instance. | containers-kubernetes.cluster.read | - |
GET/v2/getFlavors | List available flavors types for a VPC zone (data center). | - | - |
GET/v2/getKMSInstances | Get key management service (KMS) instances tied to an account | containers-kubernetes.cluster.read | - |
GET/v2/getKubeconfig | Get the cluster's kubeconfig file. Optionally include the network configuration file. | containers-kubernetes.cluster.read | containers-kubernetes.account.get |
GET/v2/vpc/getCluster | Get detailed information for a VPC cluster. | containers-kubernetes.cluster.read | - |
GET/v2/vpc/getClusters | List the VPC clusters that you have access to. | containers-kubernetes.cluster.read | - |
GET/v2/vpc/getSubnets | View subnets for a given VPC. | containers-kubernetes.cluster.read | - |
GET/v2/vpc/getVPC | View details of a VPC. | containers-kubernetes.cluster.read | - |
GET/v2/vpc/getVPCs | View available VPCs for the infrastructure provider. | containers-kubernetes.cluster.read | - |
PATCH/v1/clusters/{idOrName}/addons | Enable, disable, or update add-ons for a cluster. | containers-kubernetes.cluster.create | containers-kubernetes.cluster.update |
PATCH/v1/clusters/{idOrName}/subnets/{subnetId} | Detach a public or private portable subnet from a cluster. | containers-kubernetes.cluster.operate | containers-kubernetes.subnet.update |
POST/v1/clusters | Create a cluster. | containers-kubernetes.cluster.create | containers-kubernetes.cluster.create |
POST/v1/clusters/{idOrName}/kms | Create a {{site.data.keyword.keymanagementserviceshort}} configuration for a cluster. | containers-kubernetes.cluster.create | containers-kubernetes.account.update |
POST/v1/clusters/{idOrName}/services | Bind an {{site.data.keyword.cloud_notm}} service to a cluster. | containers-kubernetes.cluster.update | containers-kubernetes.service.create |
POST/v1/clusters/{idOrName}/usersubnets | Add an existing user-managed subnet to a cluster. | containers-kubernetes.cluster.operate | containers-kubernetes.subnet.create |
POST/v1/clusters/{idOrName}/vlans/{vlanId} | Create an {{site.data.keyword.cloud_notm}} infrastructure subnet and add it to an existing cluster. | containers-kubernetes.cluster.create | containers-kubernetes.vlan.create |
POST/v1/clusters/{idOrName}/webhooks | Add a webhook to a cluster. | containers-kubernetes.cluster.update | containers-kubernetes.cluster.create |
POST/v2/applyRBACAndGetKubeconfig | Apply IAM roles to the cluster, then retrieve the cluster's kubeconfig file. Optionally include the network configuration file. | containers-kubernetes.cluster.create | containers-kubernetes.cluster.update |
POST/v2/autoUpdateMaster | Set the autoupdate status of the cluster master. | containers-kubernetes.cluster.create | containers-kubernetes.account.update |
POST/v2/disablePrivateServiceEndpoint | Disable a private cloud service endpoint for a cluster. | containers-kubernetes.cluster.create | containers-kubernetes.cluster.update |
POST/v2/disablePublicServiceEndpoint | Disable a public cloud service endpoint for a cluster. | containers-kubernetes.cluster.create | containers-kubernetes.cluster.update |
POST/v2/enableKMS | Enable a key management service (KMS) for a cluster | containers-kubernetes.cluster.create | containers-kubernetes.account.update |
POST/v2/enablePrivateServiceEndpoint | Enable the private cloud service endpoint for a cluster. | containers-kubernetes.cluster.create | containers-kubernetes.cluster.update |
POST/v2/enablePublicServiceEndpoint | Enable the public cloud service endpoint for a cluster. | containers-kubernetes.cluster.create | containers-kubernetes.cluster.update |
POST/v2/enablePullSecret | Create image pull secret to {{site.data.keyword.registrylong_notm}} in the default Kubernetes namespace. | containers-kubernetes.cluster.operate | containers-kubernetes.cluster.update |
POST/v2/refreshMaster | Refresh the Kubernetes master. | containers-kubernetes.cluster.operate | containers-kubernetes.account.update |
POST/v2/updateMaster | Update the version of the Kubernetes cluster master node. | containers-kubernetes.cluster.operate | containers-kubernetes.account.update |
POST/v2/vpc/createCluster | Create a VPC cluster. | containers-kubernetes.cluster.create | containers-kubernetes.cluster.create |
PUT/v1/clusters/{idOrName} | Update the version of the Kubernetes cluster master node. | containers-kubernetes.cluster.operate | containers-kubernetes.cluster.update |
PUT/v1/clusters/{idOrName}/apiserverconfigs/auditwebhook | Create or update an audit webhook configuration for a cluster. | containers-kubernetes.cluster.update | containers-kubernetes.cluster.update |
PUT/v1/clusters/{idOrName}/masters | Refresh the Kubernetes master. | containers-kubernetes.cluster.operate | containers-kubernetes.cluster.update |
PUT/v1/clusters/{idOrName}/subnets/{subnetId} | Add an existing {{site.data.keyword.cloud_notm}} infrastructure subnet to an existing cluster. | containers-kubernetes.cluster.operate | containers-kubernetes.subnet.update |
{: summary="The rows are read from left to right. The first column is the API method. The second column is a description of the method. The third column is the action that the user must have an access policy to the service in {{site.data.keyword.cloud_notm}} Identity and Access Management (IAM), if any. The fourth column is the event that is sent for the method to {{site.data.keyword.at_full_notm}} instance, if any."} | |||
{: caption="Cluster API methods, IAM actions, and {{site.data.keyword.cloudaccesstrailshort}} events."} |
{: #ks-ingress}
Review the following Ingress API methods, their corresponding actions in {{site.data.keyword.cloud_notm}} IAM, and the events that are sent to {{site.data.keyword.at_full_notm}} for {{site.data.keyword.containerlong_notm}}. {: shortdesc}
API Method | Description | IAM action for the API | {{site.data.keyword.cloudaccesstrailshort}} event |
---|---|---|---|
GET/ingress/v2/secret/getSecret | View Ingress secret details. | containers-kubernetes.cluster.create | cluster-ingress-secret.get |
GET/ingress/v2/secret/getSecrets | View Ingress secrets for a cluster. | containers-kubernetes.cluster.create | cluster-ingress-secret.list |
POST/ingress/v2/secret/createSecret | Create an Ingress secret for a certificate. | containers-kubernetes.cluster.create | cluster-ingress-secret.create |
POST/ingress/v2/secret/deleteSecret | Delete an Ingress secret from the cluster. | containers-kubernetes.cluster.create | cluster-ingress-secret.delete |
POST/ingress/v2/secret/updateSecret | Update an Ingress secret for a certificate. | containers-kubernetes.cluster.create | cluster-ingress-secret.update |
GET/ingress/v2/load-balancer/configuration | Get the configuration of load balancers for Ingress ALBs. | containers-kubernetes.cluster.read | |
PATCH/ingress/v2/load-balancer/configuration | Update the configuration of load balancers for Ingress ALBs. | containers-kubernetes.cluster.operate | |
{: summary="The rows are read from left to right. The first column is the API method. The second column is a description of the method. The third column is the action that the user must have an access policy to the service in {{site.data.keyword.cloud_notm}} Identity and Access Management (IAM), if any. The fourth column is the event that is sent for the method to {{site.data.keyword.at_full_notm}} instance, if any."} | |||
{: caption="Ingress API methods, IAM actions, and {{site.data.keyword.cloudaccesstrailshort}} events."} |
{: #ks-alb}
Review the following Ingress application load balancer (ALB) API methods, their corresponding actions in {{site.data.keyword.cloud_notm}} IAM, and the events that are sent to {{site.data.keyword.at_full_notm}} for {{site.data.keyword.containerlong_notm}}. {: shortdesc}
API Method | Description | IAM action for the API | {{site.data.keyword.cloudaccesstrailshort}} event |
---|---|---|---|
DELETE/v1/alb/albs/{albID} | Disable an ALB in a classic cluster. | containers-kubernetes.cluster.update | cluster-alb.delete |
DELETE/v1/alb/clusters/{idOrName}/albsecrets | Delete an ALB secret that is imported from {{site.data.keyword.cloudcerts_short}} from a classic cluster. | containers-kubernetes.cluster.create | cluster-ingress-secret.delete |
GET/v1/alb/albs/{albID} | View details of an ALB in a classic cluster. | containers-kubernetes.cluster.read | cluster-alb.get |
GET/v1/alb/albtypes | List the ALB types that are supported in classic clusters. | containers-kubernetes.cluster.read | - |
GET/v1/alb/clusters/{idOrName} | List all ALBs in a classic cluster. | containers-kubernetes.cluster.read | cluster-alb.list |
GET/v1/alb/clusters/{idOrName}/albsecrets | View details of an ALB secret that you imported from {{site.data.keyword.cloudcerts_short}} to a classic cluster. | containers-kubernetes.cluster.create | cluster-ingress-secret.list |
GET/v1/alb/clusters/{idOrName}/updatepolicy | Check if automatic updates for Ingress ALBs are enabled in a classic cluster. | containers-kubernetes.cluster.update | cluster-alb-policy.get |
GET/v2/alb/getAlb | View details of an ALB. | containers-kubernetes.cluster.read | cluster-alb.get |
GET/v2/alb/getAlbImages | List supported Ingress controller images. | containers-kubernetes.cluster.read | alb-image.list |
GET/v2/alb/getClusterAlbs | List all ALBs in a cluster. | containers-kubernetes.cluster.read | cluster-alb.list |
GET/v2/alb/getMigrationStatus | Get the status of the Ingress migration process. | containers-kubernetes.cluster.read | cluster-alb-migration-status.get |
GET/v2/alb/getStatus | Get the status of the Ingress resources in a cluster. | containers-kubernetes.cluster.read | cluster-ingress-status.get |
POST/v1/alb/albs | Enable an existing ALB in a classic cluster. | containers-kubernetes.cluster.update | cluster-alb.enable |
POST/v1/alb/albsecrets | Import an ALB secret from {{site.data.keyword.cloudcerts_short}} to a cluster. | containers-kubernetes.cluster.create | cluster-ingress-secret.create |
POST/v1/alb/clusters/{idOrName}/zone/{zoneId} | Create a public or private ALB in a classic cluster. | containers-kubernetes.cluster.update | cluster-alb.create |
POST/v2/alb/cleanupMigration | Clean up any Ingress resources and configmaps that are no longer needed after an Ingress migration. | containers-kubernetes.cluster.create | cluster-alb-migration.cleanup |
POST/v2/alb/startMigration | Start a migration of your {{site.data.keyword.cloud_notm}} Ingress configmap and Ingress resources to the Kubernetes Ingress format. | containers-kubernetes.cluster.create | cluster-alb-migration.start |
POST/v2/alb/updateAlb | Update ALBs in a cluster. | containers-kubernetes.cluster.update | cluster-alb.update |
POST/v2/alb/vpc/createAlb | Create a public or private ALB in a VPC cluster. | containers-kubernetes.cluster.update | cluster-alb.create |
POST/v2/alb/vpc/disableAlb | Disable an ALB in a VPC cluster. | containers-kubernetes.cluster.update | cluster-alb.delete |
POST/v2/alb/vpc/enableAlb | Enable an existing ALB in a VPC cluster. | containers-kubernetes.cluster.update | cluster-alb.enable |
PUT/v1/alb/albsecrets | Update an ALB secret that you imported from {{site.data.keyword.cloudcerts_short}}. | containers-kubernetes.cluster.create | cluster-ingress-secret.update |
PUT/v1/alb/clusters/{idOrName}/update | Force a one-time update of all ALB pods to the latest build. | containers-kubernetes.cluster.update | cluster-alb.update |
PUT/v1/alb/clusters/{idOrName}/updatepolicy | Enable or disable automatic updates for the Ingress ALBs in a cluster. | containers-kubernetes.cluster.update | cluster-alb-policy.update |
PUT/v1/alb/clusters/{idOrName}/updaterollback | Roll back all ALB pods in a cluster to their previously running build. | containers-kubernetes.cluster.update | cluster-alb-policy.update |
{: summary="The rows are read from left to right. The first column is the API method. The second column is a description of the method. The third column is the action that the user must have an access policy to the service in {{site.data.keyword.cloud_notm}} Identity and Access Management (IAM), if any. The fourth column is the event that is sent for the method to {{site.data.keyword.at_full_notm}} instance, if any."} | |||
{: caption="ALB API methods, IAM actions, and {{site.data.keyword.cloudaccesstrailshort}} events."} |
{: #ks-logging}
Review the following Fluentd logging configuration API methods, their corresponding actions in {{site.data.keyword.cloud_notm}} IAM, and the events that are sent to {{site.data.keyword.at_full_notm}} for {{site.data.keyword.containerlong_notm}}. {: shortdesc}
API Method | Description | IAM action for the API | {{site.data.keyword.cloudaccesstrailshort}} event |
---|---|---|---|
DELETE/v1/logging/{idOrName}/filterconfigs | Deletes all logging filter configurations for the cluster. | containers-kubernetes.cluster.update | containers-kubernetes.logging-filter.delete |
DELETE/v1/logging/{idOrName}/filterconfigs/{id} | Delete a logging filter configuration. | containers-kubernetes.cluster.update | containers-kubernetes.logging-filter.delete |
DELETE/v1/logging/{idOrName}/loggingconfig | Delete all log forwarding configurations for a cluster. | containers-kubernetes.cluster.update | containers-kubernetes.logging-config.delete |
DELETE/v1/logging/{idOrName}/loggingconfig/{logSource}/{id} | Delete a log forwarding configuration. | containers-kubernetes.cluster.update | containers-kubernetes.logging-config.delete |
GET/v1/log-collector/{idOrName}/masterlogs | Show the status for the most recent master log collection request. | containers-kubernetes.cluster.read | containers-kubernetes.masterlog-status |
GET/v1/logging/{idOrName}/clusterkeyowner | View information about the containers-kubernetes-key API key owner. | containers-kubernetes.cluster.read | - |
GET/v1/logging/{idOrName}/default | View the default logging endpoint for the target region. | containers-kubernetes.cluster.read | - |
GET/v1/logging/{idOrName}/filterconfigs | List all logging filter configurations in the cluster. | containers-kubernetes.cluster.read | - |
GET/v1/logging/{idOrName}/filterconfigs/{id} | View a logging filter configuration. | containers-kubernetes.cluster.read | - |
GET/v1/logging/{idOrName}/loggingconfig | List all log forwarding configurations in the cluster. | containers-kubernetes.cluster.read | - |
GET/v1/logging/{idOrName}/loggingconfig/{logSource} | List all log forwarding configurations for a log source in the cluster. | containers-kubernetes.cluster.read | - |
GET/v1/logging/{idOrName}/updatepolicy | Check if automatic updates for the Fluentd logging add-on are enabled in the cluster. | containers-kubernetes.cluster.read | - |
POST/v1/log-collector/{idOrName}/masterlogs | Create a new master log collection request. | containers-kubernetes.cluster.create | containers-kubernetes.masterlog-retrieve |
POST/v1/logging/{idOrName}/filterconfigs | Create a logging filter configuration. | containers-kubernetes.cluster.update | containers-kubernetes.logging-filter.create |
POST/v1/logging/{idOrName}/loggingconfig/{logSource} | Create a log forwarding configuration. | containers-kubernetes.cluster.update | containers-kubernetes.logging-config.create |
PUT/v1/logging/{idOrName}/filterconfigs/{id} | Update a logging filter configuration. | containers-kubernetes.cluster.update | - |
PUT/v1/logging/{idOrName}/loggingconfig/{logSource}/{id} | Update a log forwarding configuration. | containers-kubernetes.cluster.update | - |
PUT/v1/logging/{idOrName}/refresh | Refresh the cluster's logging configuration. | containers-kubernetes.cluster.update | containers-kubernetes.logging-config.refresh |
PUT/v1/logging/{idOrName}/updatepolicy | Enable or disable automatic updates for the Fluentd logging add-on in the cluster. | containers-kubernetes.cluster.create | containers-kubernetes.logging-autoupdate.changed |
{: summary="The rows are read from left to right. The first column is the API method. The second column is a description of the method. The third column is the action that the user must have an access policy to the service in {{site.data.keyword.cloud_notm}} Identity and Access Management (IAM), if any. The fourth column is the event that is sent for the method to {{site.data.keyword.at_full_notm}} instance, if any."} | |||
{: caption="Logging API methods, IAM actions, and {{site.data.keyword.cloudaccesstrailshort}} events."} |
{: #ks-nlb-dns}
Review the following network load balancer (NLB) domain name system (DNS) API methods, their corresponding actions in {{site.data.keyword.cloud_notm}} IAM, and the events that are sent to {{site.data.keyword.at_full_notm}} for {{site.data.keyword.containerlong_notm}}. {: shortdesc}
API Method | Description | IAM action for the API | {{site.data.keyword.cloudaccesstrailshort}} event |
---|---|---|---|
DELETE/v1/nlb-dns/clusters/{idOrName}/host/{nlbHost}/ip/{nlbIP}/remove | Remove an IP address from an NLB subdomain. | containers-kubernetes.cluster.update | cluster-nlb-dns.delete |
GET/v1/nlb-dns/clusters/{idOrName}/list | List registered NLB subdomains and NLB IP addresses. | containers-kubernetes.cluster.read | cluster-nlb-dns.list |
GET/v1/nlb-dns/health/clusters/{idOrName}/host/{nlbHost}/config | View the health check monitor settings for an NLB subdomain. | containers-kubernetes.cluster.read | cluster-nlb-dns-monitor.get |
GET/v1/nlb-dns/health/clusters/{idOrName}/list | List the health check monitor settings for all NLB subdomains. | containers-kubernetes.cluster.read | cluster-nlb-dns-monitor.list |
GET/v1/nlb-dns/health/clusters/{idOrName}/status | List the health check status for the IPs behind NLB subdomains in a cluster. | containers-kubernetes.cluster.read | cluster-nlb-dns-monitor-status.list |
GET/v2/nlb-dns/getNlbDNSList | List registered NLB subdomains in a cluster. | containers-kubernetes.cluster.read | cluster-nlb-dns.list |
PATCH/v1/nlb-dns/health/clusters/{idOrName}/config | Configure a health check monitor for an NLB subdomain. | containers-kubernetes.cluster.update | cluster-nlb-dns-monitor.create |
POST/v1/nlb-dns/clusters/{idOrName}/register | Create a NLB subdomain and associate one or more NLB IP addresses with it. | containers-kubernetes.cluster.update | cluster-nlb-dns.update |
POST/v2/nlb-dns/deleteSecret | Remove a secret from an NLB subdomain. | containers-kubernetes.cluster.update | cluster-ingress-secret.delete |
POST/v2/nlb-dns/regenerateCert | Regenerate certificates for a secret. | containers-kubernetes.cluster.update | cluster-ingress-secret.update |
POST/v2/nlb-dns/vpc/createNlbDNS | Create a NLB subdomain in a VPC cluster and associate a load balancer hostname with it. | containers-kubernetes.cluster.update | cluster-nlb-dns.create |
POST/v2/nlb-dns/vpc/removeLBHostname | Remove the load balancer hostname from the DNS record for an existing NLB subdomain. | containers-kubernetes.cluster.update | cluster-lb-hostname.delete |
POST/v2/nlb-dns/vpc/ReplaceLBHostname | Update the DNS record for an NLB subdomain by replacing the load balancer hostname. | containers-kubernetes.cluster.update | cluster-lb-hostname.update |
PUT/v1/nlb-dns/clusters/{idOrName}/add | Update a DNS record by adding an NLB IP address. | containers-kubernetes.cluster.update | cluster-nlb-dns.update |
PUT/v1/nlb-dns/clusters/{idOrName}/health | Enable or disable a health check monitor for an NLB subdomain. | containers-kubernetes.cluster.update | cluster-nlb-dns-monitor.update |
{: summary="The rows are read from left to right. The first column is the API method. The second column is a description of the method. The third column is the action that the user must have an access policy to the service in {{site.data.keyword.cloud_notm}} Identity and Access Management (IAM), if any. The fourth column is the event that is sent for the method to {{site.data.keyword.at_full_notm}} instance, if any."} | |||
{: caption="NLB DNS API methods, IAM actions, and {{site.data.keyword.cloudaccesstrailshort}} events."} |
{: #ks-observability-logging}
Review the following observability logging API methods, their corresponding actions in {{site.data.keyword.cloud_notm}} IAM, and the events that are sent to {{site.data.keyword.at_full_notm}} for {{site.data.keyword.containerlong_notm}}. {: shortdesc}
API Method | Description | IAM action for the API | {{site.data.keyword.cloudaccesstrailshort}} event |
---|---|---|---|
GET/v2/observe/logging/getConfig | Show the details of an existing {{site.data.keyword.la_short}} configuration. | containers-kubernetes.cluster.read | - |
GET/v2/observe/logging/getConfigs | List all {{site.data.keyword.la_short}} configurations for a cluster. | containers-kubernetes.cluster.read | - |
POST/v2/observe/logging/createConfig | Create a {{site.data.keyword.la_short}} configuration for a cluster. | containers-kubernetes.cluster.create | containers-kubernetes.observe.logging.create |
POST/v2/observe/logging/discoverAgent | Discover a {{site.data.keyword.la_short}} agent previously deployed in the cluster. | containers-kubernetes.cluster.create | - |
POST/v2/observe/logging/modifyConfig | Update a {{site.data.keyword.la_short}} configuration in the cluster. | containers-kubernetes.cluster.create | containers-kubernetes.observe.logging.modify |
POST/v2/observe/logging/removeConfig | Remove a {{site.data.keyword.la_short}} configuration from a cluster. | containers-kubernetes.cluster.create | containers-kubernetes.observe.logging.remove |
{: summary="The rows are read from left to right. The first column is the API method. The second column is a description of the method. The third column is the action that the user must have an access policy to the service in {{site.data.keyword.cloud_notm}} Identity and Access Management (IAM), if any. The fourth column is the event that is sent for the method to {{site.data.keyword.at_full_notm}} instance, if any."} | |||
{: caption="Observability logging API methods, IAM actions, and {{site.data.keyword.cloudaccesstrailshort}} events."} |
{: #ks-observability-monitoring}
Review the following observability monitoring API methods, their corresponding actions in {{site.data.keyword.cloud_notm}} IAM, and the events that are sent to {{site.data.keyword.at_full_notm}} for {{site.data.keyword.containerlong_notm}}. {: shortdesc}
API Method | Description | IAM action for the API | {{site.data.keyword.cloudaccesstrailshort}} event |
---|---|---|---|
GET/v2/observe/monitoring/getConfig | Show the details of an existing {{site.data.keyword.mon_short}} configuration. | containers-kubernetes.cluster.read | - |
GET/v2/observe/monitoring/getConfigs | List all {{site.data.keyword.mon_short}} configurations for a cluster. | containers-kubernetes.cluster.read | - |
POST/v2/observe/monitoring/createConfig | Create a {{site.data.keyword.mon_short}} configuration for a cluster. | containers-kubernetes.cluster.create | containers-kubernetes.observe.monitoring.create |
POST/v2/observe/monitoring/discoverAgent | Discover a {{site.data.keyword.mon_short}} agent previously deployed in the cluster. | containers-kubernetes.cluster.create | - |
POST/v2/observe/monitoring/modifyConfig | Update a {{site.data.keyword.mon_short}} configuration in the cluster. | containers-kubernetes.cluster.create | containers-kubernetes.observe.monitoring.modify |
POST/v2/observe/monitoring/removeConfig | Remove a {{site.data.keyword.mon_short}} configuration from a cluster. | containers-kubernetes.cluster.create | containers-kubernetes.observe.monitoring.remove |
{: summary="The rows are read from left to right. The first column is the API method. The second column is a description of the method. The third column is the action that the user must have an access policy to the service in {{site.data.keyword.cloud_notm}} Identity and Access Management (IAM), if any. The fourth column is the event that is sent for the method to {{site.data.keyword.at_full_notm}} instance, if any."} | |||
{: caption="Observability monitoring API methods, IAM actions, and {{site.data.keyword.cloudaccesstrailshort}} events."} |
{: #ks-acl}
Review the following access control list (ACL) API methods, their corresponding actions in {{site.data.keyword.cloud_notm}} IAM, and the events that are sent to {{site.data.keyword.at_full_notm}} for {{site.data.keyword.containerlong_notm}} if you use a private cloud service endpoint allowlist. {: shortdesc}
API Method | Description | IAM action for the API | {{site.data.keyword.cloudaccesstrailshort}} event |
---|---|---|---|
DELETE/v1/acl/{idOrName} | Disable the private cloud service endpoint allowlist feature for a cluster. | containers-kubernetes.cluster.create | containers-kubernetes.network-acl.delete |
GET/v1/acl/{idOrName} | Get the subnets in the private cloud service endpoint allowlist. | containers-kubernetes.cluster.read | containers-kubernetes.network-acl.get |
PATCH/v1/acl/{idOrName}/add | Add subnets to a cluster's private cloud service endpoint allowlist. | containers-kubernetes.cluster.create | containers-kubernetes.network-acl.update |
PATCH/v1/acl/{idOrName}/rm | Remove subnets from a cluster's private cloud service endpoint allowlist. | containers-kubernetes.cluster.create | containers-kubernetes.network-acl.update |
POST/v1/acl/{idOrName}/enable | Enables the private cloud service endpoint allowlist feature for a cluster. | containers-kubernetes.cluster.create | containers-kubernetes.network-acl.update |
{: summary="The rows are read from left to right. The first column is the API method. The second column is a description of the method. The third column is the action that the user must have an access policy to the service in {{site.data.keyword.cloud_notm}} Identity and Access Management (IAM), if any. The fourth column is the event that is sent for the method to {{site.data.keyword.at_full_notm}} instance, if any."} | |||
{: caption="ACL API methods, IAM actions, and {{site.data.keyword.cloudaccesstrailshort}} events."} |
{: #sat-api}
Review the following API methods, their corresponding actions in {{site.data.keyword.cloud_notm}} IAM, and the events that are sent to {{site.data.keyword.at_full_notm}} for {{site.data.keyword.satellitelong_notm}}. {: shortdesc}
API Method | Description | IAM action for the API | {{site.data.keyword.cloudaccesstrailshort}} event |
---|---|---|---|
GET/v2/nlb-dns/getSatLocationSubdomains | List registered NLB subdomains in a Satellite location. | containers-kubernetes.cluster.read | - |
POST/v2/nlb-dns/registerMSCDomains | Register NLB subdomains c001 , c002 , and c003 , which each correspond to an IP address of a host that is assigned to the {{site.data.keyword.satelliteshort}} location control plane. The c000 subdomain corresponds to all of the IP addresses for the cluster. Also, register one CNAME, ce00 , for the specified {{site.data.keyword.satelliteshort}} location control plane. |
containers-kubernetes.cluster.operate | - |
GET/v2/satellite/getClusters | List the {{site.data.keyword.cloud_notm}} Satellite clusters that you have access to. | containers-kubernetes.cluster.read | - |
GET/v2/satellite/getController | Get the details for an {{site.data.keyword.cloud_notm}} Satellite location. | containers-kubernetes.cluster.read | - |
GET/v2/satellite/getControllers | List the {{site.data.keyword.cloud_notm}} Satellite locations that you have access to. | containers-kubernetes.cluster.read | - |
GET/v2/satellite/hostqueue/getHosts | List the hosts in your {{site.data.keyword.cloud_notm}} Satellite location. | containers-kubernetes.cluster.read | - |
POST/v2/satellite/createCluster | Create an {{site.data.keyword.cloud_notm}} Satellite cluster. | containers-kubernetes.cluster.create | containers-kubernetes.cluster.create |
POST/v2/satellite/createController | Create an {{site.data.keyword.cloud_notm}} Satellite location. | containers-kubernetes.cluster.create | containers-kubernetes.cluster.create |
POST/v2/satellite/hostqueue/createAssignment | Assign a host to an {{site.data.keyword.cloud_notm}} Satellite location or cluster. | containers-kubernetes.cluster.operate | containers-kubernetes.cluster.create |
POST/v2/satellite/hostqueue/createRegistrationScript | Attach a host to an {{site.data.keyword.cloud_notm}} Satellite location. | containers-kubernetes.cluster.operate | containers-kubernetes.cluster.create |
POST/v2/satellite/hostqueue/removeHost | Remove a host from an {{site.data.keyword.cloud_notm}} Satellite location or cluster. | containers-kubernetes.cluster.operate | containers-kubernetes.cluster.delete |
POST/v2/satellite/hostqueue/updateHost | Update a host in your {{site.data.keyword.cloud_notm}} Satellite location. | containers-kubernetes.cluster.operate | containers-kubernetes.cluster.update |
POST/v2/satellite/removeController | Remove an {{site.data.keyword.cloud_notm}} Satellite Location. | containers-kubernetes.cluster.create | containers-kubernetes.cluster.delete |
{: summary="The rows are read from left to right. The first column is the API method. The second column is a description of the method. The third column is the action that the user must have an access policy to the service in {{site.data.keyword.cloud_notm}} Identity and Access Management (IAM), if any. The fourth column is the event that is sent for the method to {{site.data.keyword.at_full_notm}} instance, if any."} | |||
{: caption="{{site.data.keyword.satelliteshort}} API methods, IAM actions, and {{site.data.keyword.cloudaccesstrailshort}} events."} |
{: #ks-storage}
Review the following storage API methods, their corresponding actions in {{site.data.keyword.cloud_notm}} IAM, and the events that are sent to {{site.data.keyword.at_full_notm}} for {{site.data.keyword.containerlong_notm}}. {: shortdesc}
API Method | Description | IAM action for the API | {{site.data.keyword.cloudaccesstrailshort}} event |
---|---|---|---|
GET/v2/storage/getAttachment | Get details of a storage attachment. | containers-kubernetes.cluster.read | containers-kubernetes.containers-kubernetes.storage.attachment.read |
GET/v2/storage/getAttachments | List storage attachments | containers-kubernetes.cluster.read | containers-kubernetes.containers-kubernetes.storage.attachment.read |
GET/v2/storage/getVolume | Get the details of a storage volume. | containers-kubernetes.cluster.read | containers-kubernetes.containers-kubernetes.storage.volume.read |
GET/v2/storage/getVolumes | List storage volumes for a cluster or for the account if no cluster is provided. | containers-kubernetes.cluster.read | containers-kubernetes.containers-kubernetes.storage.volume.read |
POST/v2/storage/createAttachment | Attach a volume to a worker node. | containers-kubernetes.cluster.update | containers-kubernetes.containers-kubernetes.storage.attachment.create |
POST/v2/storage/deleteAttachment | Detach a volume from a worker node. | containers-kubernetes.cluster.update | containers-kubernetes.containers-kubernetes.storage.attachment.delete |
{: summary="The rows are read from left to right. The first column is the API method. The second column is a description of the method. The third column is the action that the user must have an access policy to the service in {{site.data.keyword.cloud_notm}} Identity and Access Management (IAM), if any. The fourth column is the event that is sent for the method to {{site.data.keyword.at_full_notm}} instance, if any."} | |||
{: caption="Storage API methods, IAM actions, and {{site.data.keyword.cloudaccesstrailshort}} events."} |
{: #ks-workers}
Review the following worker node and worker pool API methods, their corresponding actions in {{site.data.keyword.cloud_notm}} IAM, and the events that are sent to {{site.data.keyword.at_full_notm}} for {{site.data.keyword.containerlong_notm}}. {: shortdesc}
API Method | Description | IAM action for the API | {{site.data.keyword.cloudaccesstrailshort}} event |
---|---|---|---|
DELETE/v1/clusters/{idOrName}/workerpools/{poolidOrName} | Remove a worker pool from a cluster. | containers-kubernetes.cluster.operate | containers-kubernetes.workerpool.delete |
DELETE/v1/clusters/{idOrName}/workerpools/{poolidOrName}/zones/{zoneid} | Remove a zone from a worker pool. | containers-kubernetes.cluster.operate | containers-kubernetes.zone.delete |
DELETE/v1/clusters/{idOrName}/workers/{workerId} | Delete a worker node from a cluster. | containers-kubernetes.cluster.operate | containers-kubernetes.worker.delete |
GET/v1/clusters/{idOrName}/workerpools/{poolidOrName} | View details for a worker pool. | containers-kubernetes.cluster.read | - |
GET/v1/clusters/{idOrName}/workers | List all worker nodes in a cluster. | containers-kubernetes.cluster.read | - |
GET/v1/clusters/{idOrName}/workers/{workerId} | View details of a worker node. | containers-kubernetes.cluster.read | - |
GET/v2/classic/getWorker | View details of a worker node for classic cluster. | containers-kubernetes.cluster.read | - |
GET/v2/classic/getWorkerPool | View details of a worker pool for a classic cluster. | containers-kubernetes.cluster.read | - |
GET/v2/classic/getWorkerPools | View details of a worker pool for a classic cluster. | containers-kubernetes.cluster.read | - |
GET/v2/classic/getWorkers | View all workers for a classic cluster. | containers-kubernetes.cluster.read | - |
GET/v2/getWorker | View details of a worker node for cluster. | containers-kubernetes.cluster.read | - |
GET/v2/getWorkerPool | View details of a worker pool for a cluster. | containers-kubernetes.cluster.read | - |
GET/v2/getWorkerPools | View details of a worker pool for a cluster. | containers-kubernetes.cluster.read | - |
GET/v2/getWorkers | View all workers for cluster. | containers-kubernetes.cluster.read | - |
GET/v2/vpc/getWorker | View details of a worker node for VPC cluster. | containers-kubernetes.cluster.read | - |
GET/v2/vpc/getWorkerPool | View details of a worker pool for a VPC cluster. | containers-kubernetes.cluster.read | - |
GET/v2/vpc/getWorkerPools | View details of a worker pool for a VPC cluster. | containers-kubernetes.cluster.read | - |
GET/v2/vpc/getWorkers | View all workers for VPC cluster. | containers-kubernetes.cluster.read | - |
PATCH/v1/clusters/{idOrName}/workerpools/{poolidOrName} | Resize or rebalance a worker pool. | containers-kubernetes.cluster.operate | containers-kubernetes.workerpool.update |
PATCH/v1/clusters/{idOrName}/workerpools/{poolidOrName}/zones/{zoneid} | Updates network configuration for a worker pool for a given zone. | containers-kubernetes.cluster.operate | containers-kubernetes.zone.update |
POST/v1/clusters/{idOrName}/workerpools | Create a worker pool for a cluster. | containers-kubernetes.cluster.operate | containers-kubernetes.workerpool.create |
POST/v1/clusters/{idOrName}/workerpools/{poolidOrName}/zones | Add a zone to the specified worker pool for a cluster. | containers-kubernetes.cluster.operate | containers-kubernetes.workerpool.create |
POST/v1/clusters/{idOrName}/workers | Add worker nodes to a cluster. | containers-kubernetes.cluster.operate | containers-kubernetes.worker.create |
POST/v2/rebalanceWorkerPool | Rebalance workers in a worker pool. | containers-kubernetes.cluster.operate | containers-kubernetes.account.update |
POST/v2/removeWorker | Delete a worker node from a cluster. | containers-kubernetes.cluster.operate | containers-kubernetes.account.delete |
POST/v2/removeWorkerPool | Removes a worker pool. | containers-kubernetes.cluster.operate | containers-kubernetes.account.delete |
POST/v2/replaceWorker | Replace a worker node with a new worker node. | containers-kubernetes.cluster.operate | containers-kubernetes.account.update |
POST/v2/resizeWorkerPool | Resize an existing worker pool. | containers-kubernetes.cluster.operate | containers-kubernetes.workerpool.update |
POST/v2/setWorkerPoolLabels | Set custom labels for a worker pool. | containers-kubernetes.cluster.operate | containers-kubernetes.account.update |
POST/v2/setWorkerPoolTaints | Set custom taints for a worker pool. | containers-kubernetes.cluster.operate | containers-kubernetes.account.update |
POST/v2/vpc/createWorkerPool | Create a worker pool for a VPC cluster. | containers-kubernetes.cluster.operate | containers-kubernetes.account.create |
POST/v2/vpc/createWorkerPoolZone | Create a zone in the specified worker pool for a VPC cluster. | containers-kubernetes.cluster.operate | containers-kubernetes.account.create |
POST/v2/vpc/replaceWorker | Replace a worker node with a new worker node. | containers-kubernetes.cluster.operate | containers-kubernetes.account.create |
PUT/v1/clusters/{idOrName}/workers/{workerId} | Reboot, reload, or update a worker node for a cluster. | containers-kubernetes.cluster.operate | containers-kubernetes.worker.update |
{: summary="The rows are read from left to right. The first column is the API method. The second column is a description of the method. The third column is the action that the user must have an access policy to the service in {{site.data.keyword.cloud_notm}} Identity and Access Management (IAM), if any. The fourth column is the event that is sent for the method to {{site.data.keyword.at_full_notm}} instance, if any."} | |||
{: caption="Worker node and worker pool API methods, IAM actions, and {{site.data.keyword.cloudaccesstrailshort}} events."} |