For any update to EnvVarSource, please also update 'ui/src/messages/common.js'
GET /v1/deploymentswithrisk/{id}
GetDeploymentWithRisk returns a deployment and its risk given its ID.
Code | Message | Datatype |
---|---|---|
200 |
A successful response. |
|
0 |
An unexpected error response. |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
key |
String |
||||
value |
String |
||||
envVarSource |
UNSET, RAW, SECRET_KEY, CONFIG_MAP_KEY, FIELD, RESOURCE_FIELD, UNKNOWN, |
For any update to EnvVarSource, please also update 'ui/src/messages/common.js'
Enum Values |
---|
UNSET |
RAW |
SECRET_KEY |
CONFIG_MAP_KEY |
FIELD |
RESOURCE_FIELD |
UNKNOWN |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
code |
Integer |
int32 |
|||
message |
String |
||||
details |
List of ProtobufAny |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
level |
UNSET, EXTERNAL, NODE, INTERNAL, HOST, ROUTE, |
||||
serviceName |
String |
||||
serviceId |
String |
||||
serviceClusterIp |
String |
||||
servicePort |
Integer |
int32 |
|||
nodePort |
Integer |
int32 |
|||
externalIps |
List of |
||||
externalHostnames |
List of |
Any
contains an arbitrary serialized protocol buffer message along with a
URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(&foo)) { ... }
Example 2: Pack and unpack a message in Java.
Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } // or ... if (any.isSameTypeAs(Foo.getDefaultInstance())) { foo = any.unpack(Foo.getDefaultInstance()); }
Example 3: Pack and unpack a message in Python.
foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := &pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... }
The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
The JSON representation of an Any
value uses the regular
representation of the deserialized, embedded message, with an
additional field @type
which contains the type URL. Example:
package google.profile; message Person { string first_name = 1; string last_name = 2; }
{ "@type": "type.googleapis.com/google.profile.Person", "firstName": <string>, "lastName": <string> }
If the embedded message type is well-known and has a custom JSON
representation, that representation will be embedded adding a field
value
which holds the custom JSON in addition to the @type
field. Example (for message [google.protobuf.Duration][]):
{ "@type": "type.googleapis.com/google.protobuf.Duration", "value": "1.212s" }
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
@type |
String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
user |
String |
||||
role |
String |
||||
type |
String |
||||
level |
String |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
type |
UNCONFINED, RUNTIME_DEFAULT, LOCALHOST, |
||||
localhostProfile |
String |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
id |
String |
||||
config |
|||||
image |
|||||
securityContext |
|||||
volumes |
List of StorageVolume |
||||
ports |
List of StoragePortConfig |
||||
secrets |
List of StorageEmbeddedSecret |
||||
resources |
|||||
name |
String |
||||
livenessProbe |
|||||
readinessProbe |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
env |
List of ContainerConfigEnvironmentConfig |
||||
command |
List of |
||||
args |
List of |
||||
directory |
String |
||||
user |
String |
||||
uid |
String |
int64 |
|||
appArmorProfile |
String |
Next tag: 12
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
id |
String |
||||
name |
|||||
notPullable |
Boolean |
||||
isClusterLocal |
Boolean |
Next available tag: 36
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
id |
String |
||||
name |
String |
||||
hash |
String |
uint64 |
|||
type |
String |
||||
namespace |
String |
||||
namespaceId |
String |
||||
orchestratorComponent |
Boolean |
||||
replicas |
String |
int64 |
|||
labels |
Map of |
||||
podLabels |
Map of |
||||
labelSelector |
|||||
created |
Date |
date-time |
|||
clusterId |
String |
||||
clusterName |
String |
||||
containers |
List of StorageContainer |
||||
annotations |
Map of |
||||
priority |
String |
int64 |
|||
inactive |
Boolean |
||||
imagePullSecrets |
List of |
||||
serviceAccount |
String |
||||
serviceAccountPermissionLevel |
UNSET, NONE, DEFAULT, ELEVATED_IN_NAMESPACE, ELEVATED_CLUSTER_WIDE, CLUSTER_ADMIN, |
||||
automountServiceAccountToken |
Boolean |
||||
hostNetwork |
Boolean |
||||
hostPid |
Boolean |
||||
hostIpc |
Boolean |
||||
runtimeClass |
String |
||||
tolerations |
List of StorageToleration |
||||
ports |
List of StoragePortConfig |
||||
stateTimestamp |
String |
int64 |
|||
riskScore |
Float |
float |
|||
platformComponent |
Boolean |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
registry |
String |
||||
remote |
String |
||||
tag |
String |
||||
fullName |
String |
Label selector components are joined with logical AND, see https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
Next available tag: 3
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
matchLabels |
Map of |
This is actually a oneof, but we can’t make it one due to backwards compatibility constraints. |
|||
requirements |
List of StorageLabelSelectorRequirement |
Next available tag: 4
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
key |
String |
||||
op |
UNKNOWN, IN, NOT_IN, EXISTS, NOT_EXISTS, |
||||
values |
List of |
For any update to PermissionLevel, also update: - pkg/searchbasedpolicies/builders/k8s_rbac.go - ui/src/messages/common.js
Enum Values |
---|
UNSET |
NONE |
DEFAULT |
ELEVATED_IN_NAMESPACE |
ELEVATED_CLUSTER_WIDE |
CLUSTER_ADMIN |
Next Available Tag: 6
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
name |
String |
||||
containerPort |
Integer |
int32 |
|||
protocol |
String |
||||
exposure |
UNSET, EXTERNAL, NODE, INTERNAL, HOST, ROUTE, |
||||
exposedPort |
Integer |
int32 |
|||
exposureInfos |
List of PortConfigExposureInfo |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
cpuCoresRequest |
Float |
float |
|||
cpuCoresLimit |
Float |
float |
|||
memoryMbRequest |
Float |
float |
|||
memoryMbLimit |
Float |
float |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
id |
String |
||||
subject |
|||||
score |
Float |
float |
|||
results |
List of StorageRiskResult |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
name |
String |
||||
factors |
List of ResultFactor |
||||
score |
Float |
float |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
id |
String |
||||
namespace |
String |
||||
clusterId |
String |
||||
type |
UNKNOWN, DEPLOYMENT, NAMESPACE, CLUSTER, NODE, NODE_COMPONENT, IMAGE, IMAGE_COMPONENT, SERVICEACCOUNT, |
Next tag: 9
Enum Values |
---|
UNKNOWN |
DEPLOYMENT |
NAMESPACE |
CLUSTER |
NODE |
NODE_COMPONENT |
IMAGE |
IMAGE_COMPONENT |
SERVICEACCOUNT |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
privileged |
Boolean |
||||
selinux |
|||||
dropCapabilities |
List of |
||||
addCapabilities |
List of |
||||
readOnlyRootFilesystem |
Boolean |
||||
seccompProfile |
|||||
allowPrivilegeEscalation |
Boolean |
Enum Values |
---|
UNKNOWN_TAINT_EFFECT |
NO_SCHEDULE_TAINT_EFFECT |
PREFER_NO_SCHEDULE_TAINT_EFFECT |
NO_EXECUTE_TAINT_EFFECT |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
key |
String |
||||
operator |
TOLERATION_OPERATION_UNKNOWN, TOLERATION_OPERATOR_EXISTS, TOLERATION_OPERATOR_EQUAL, |
||||
value |
String |
||||
taintEffect |
UNKNOWN_TAINT_EFFECT, NO_SCHEDULE_TAINT_EFFECT, PREFER_NO_SCHEDULE_TAINT_EFFECT, NO_EXECUTE_TAINT_EFFECT, |
Enum Values |
---|
TOLERATION_OPERATION_UNKNOWN |
TOLERATION_OPERATOR_EXISTS |
TOLERATION_OPERATOR_EQUAL |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
name |
String |
||||
source |
String |
||||
destination |
String |
||||
readOnly |
Boolean |
||||
type |
String |
||||
mountPropagation |
NONE, HOST_TO_CONTAINER, BIDIRECTIONAL, |