Create, update, list and delete Kubernetes records for compliance scans (using PC). This record is used to authenticate to a Kubernetes application (version 1.x) running on a Unix host.
Requirement - Unix authentication is required. So, you’ll also need a Unix record for the asset on which Kubernetes is installed.
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
action={action} |
Required | String |
Specify create, update, delete (using POST) or list (using GET or POST). See List Auth Records for type |
|
echo_request={0|1} |
Optional | Integer |
Set to 1 to view (echo) input parameters in XML output. By default, parameters are not included. |
|
details={Basic} |
Optional | Boolean |
Default value is Basic. You can choose from None, Basic, and All. |
|
ids={value} |
Required to list, update or delete record and optional to create record | Integer |
Kubernetes authentication IDs. Specify record IDs and/or ID ranges (for example, 1359-1407). Multiple entries are comma-separated. |
|
title={value} |
Required to create record | String |
The record title. The title must be unique and may include a maximum of 255 characters (ascii). |
|
comments={value} |
Optional | String |
User-defined notes about the record. Maximum of 1999 characters (ascii). |
|
Kubernetes |
|||
|
unix_bin_path= {value} |
Optional | Path |
Absolute path of the 'kubectl' command. |
|
unix_conf_path={value} |
Optional | Path |
Absolute path of the Kubernetes configuration file. |
|
Target Hosts |
|||
|
ips={value} |
Required | Integer |
The IP addresses for the Kubernetes targets you want to authenticate to. Multiple entries are comma-separated. This parameter and the add_ips parameter or the remove_ips parameter cannot be specified in the same request. |
|
add_ips={value} |
Optional and valid only to update record | Integer |
IPs to be added to an existing record. You may enter a combination of IPs and IP ranges. Multiple entries are comma separated. |
|
remove_ips={value} |
Optional and valid to update record | Integer |
IPs to be removed from your record. You may enter a combination of IPs and ranges. Multiple entries are comma separated. |
|
network_id={value} |
Optional to create or update record, and valid when the networks feature is enabled | Integer |
The network ID for the record. |
API Request
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d "action=create&title=kubernetesauthrecord&unix_bin_path=/usr/bin/kubectl&unix_conf_path=/root/kube/config&ips=10.10.10.10&comments=kube auth record" "https://<qualys_base_url>/api/2.0/fo/auth/kubernetes/"
XML Output
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2020-08-30T11:30:58Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Created</TEXT> <ID_SET> <ID>94170</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>
API Request
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d"action=update&ids=10001&title=kubernetes authrecord&unix_bin_path=/usr/bin/kubectl&unix_conf_path=/root/kube/config""https://<qualys_base_url>/api/2.0/fo/auth/kubernetes/"
XML Output
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "https://<qualys_base_url> /api/2.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2020-08-30T12:30:58Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Updated</TEXT> <ID_SET> <ID>94170</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>
<platform API server>/api/2.0/fo/auth/auth_records.dtd
<platform API server>/api/2.0/fo/auth/kubernetes/auth_kubernetes_list_output.dtd