×

GET /v1/deploymentswithrisk/{id}

GetDeploymentWithRisk returns a deployment and its risk given its ID.

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Content Type

  • application/json

Responses

Table 1. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1GetDeploymentWithRiskResponse

0

An unexpected error response.

GooglerpcStatus

Samples

Common object reference

ContainerConfigEnvironmentConfig

Field Name Required Nullable Type Description Format

key

String

value

String

envVarSource

EnvironmentConfigEnvVarSource

UNSET, RAW, SECRET_KEY, CONFIG_MAP_KEY, FIELD, RESOURCE_FIELD, UNKNOWN,

EnvironmentConfigEnvVarSource

For any update to EnvVarSource, please also update 'ui/src/messages/common.js'
Enum Values

UNSET

RAW

SECRET_KEY

CONFIG_MAP_KEY

FIELD

RESOURCE_FIELD

UNKNOWN

GooglerpcStatus

Field Name Required Nullable Type Description Format

code

Integer

int32

message

String

details

List of ProtobufAny

PortConfigExposureInfo

Field Name Required Nullable Type Description Format

level

PortConfigExposureLevel

UNSET, EXTERNAL, NODE, INTERNAL, HOST, ROUTE,

serviceName

String

serviceId

String

serviceClusterIp

String

servicePort

Integer

int32

nodePort

Integer

int32

externalIps

List of string

externalHostnames

List of string

PortConfigExposureLevel

Enum Values

UNSET

EXTERNAL

NODE

INTERNAL

HOST

ROUTE

ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field Name Required Nullable Type Description Format

@type

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

ResultFactor

Field Name Required Nullable Type Description Format

message

String

url

String

SeccompProfileProfileType

Enum Values

UNCONFINED

RUNTIME_DEFAULT

LOCALHOST

SecurityContextSELinux

Field Name Required Nullable Type Description Format

user

String

role

String

type

String

level

String

SecurityContextSeccompProfile

Field Name Required Nullable Type Description Format

type

SeccompProfileProfileType

UNCONFINED, RUNTIME_DEFAULT, LOCALHOST,

localhostProfile

String

StorageContainer

Field Name Required Nullable Type Description Format

id

String

config

StorageContainerConfig

image

StorageContainerImage

securityContext

StorageSecurityContext

volumes

List of StorageVolume

ports

List of StoragePortConfig

secrets

List of StorageEmbeddedSecret

resources

StorageResources

name

String

livenessProbe

StorageLivenessProbe

readinessProbe

StorageReadinessProbe

StorageContainerConfig

Field Name Required Nullable Type Description Format

env

List of ContainerConfigEnvironmentConfig

command

List of string

args

List of string

directory

String

user

String

uid

String

int64

appArmorProfile

String

StorageContainerImage

Next tag: 12
Field Name Required Nullable Type Description Format

id

String

name

StorageImageName

notPullable

Boolean

isClusterLocal

Boolean

StorageDeployment

Next available tag: 36
Field Name Required Nullable Type Description Format

id

String

name

String

hash

String

uint64

type

String

namespace

String

namespaceId

String

orchestratorComponent

Boolean

replicas

String

int64

labels

Map of string

podLabels

Map of string

labelSelector

StorageLabelSelector

created

Date

date-time

clusterId

String

clusterName

String

containers

List of StorageContainer

annotations

Map of string

priority

String

int64

inactive

Boolean

imagePullSecrets

List of string

serviceAccount

String

serviceAccountPermissionLevel

StoragePermissionLevel

UNSET, NONE, DEFAULT, ELEVATED_IN_NAMESPACE, ELEVATED_CLUSTER_WIDE, CLUSTER_ADMIN,

automountServiceAccountToken

Boolean

hostNetwork

Boolean

hostPid

Boolean

hostIpc

Boolean

runtimeClass

String

tolerations

List of StorageToleration

ports

List of StoragePortConfig

stateTimestamp

String

int64

riskScore

Float

float

platformComponent

Boolean

StorageEmbeddedSecret

Field Name Required Nullable Type Description Format

name

String

path

String

StorageImageName

Field Name Required Nullable Type Description Format

registry

String

remote

String

tag

String

fullName

String

StorageLabelSelector

Label selector components are joined with logical AND, see     https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

Next available tag: 3

Field Name Required Nullable Type Description Format

matchLabels

Map of string

This is actually a oneof, but we can’t make it one due to backwards compatibility constraints.

requirements

List of StorageLabelSelectorRequirement

StorageLabelSelectorOperator

Enum Values

UNKNOWN

IN

NOT_IN

EXISTS

NOT_EXISTS

StorageLabelSelectorRequirement

Next available tag: 4
Field Name Required Nullable Type Description Format

key

String

op

StorageLabelSelectorOperator

UNKNOWN, IN, NOT_IN, EXISTS, NOT_EXISTS,

values

List of string

StorageLivenessProbe

Field Name Required Nullable Type Description Format

defined

Boolean

StoragePermissionLevel

For any update to PermissionLevel, also update: - pkg/searchbasedpolicies/builders/k8s_rbac.go - ui/src/messages/common.js
Enum Values

UNSET

NONE

DEFAULT

ELEVATED_IN_NAMESPACE

ELEVATED_CLUSTER_WIDE

CLUSTER_ADMIN

StoragePortConfig

Next Available Tag: 6
Field Name Required Nullable Type Description Format

name

String

containerPort

Integer

int32

protocol

String

exposure

PortConfigExposureLevel

UNSET, EXTERNAL, NODE, INTERNAL, HOST, ROUTE,

exposedPort

Integer

int32

exposureInfos

List of PortConfigExposureInfo

StorageReadinessProbe

Field Name Required Nullable Type Description Format

defined

Boolean

StorageResources

Field Name Required Nullable Type Description Format

cpuCoresRequest

Float

float

cpuCoresLimit

Float

float

memoryMbRequest

Float

float

memoryMbLimit

Float

float

StorageRisk

Field Name Required Nullable Type Description Format

id

String

subject

StorageRiskSubject

score

Float

float

results

List of StorageRiskResult

StorageRiskResult

Field Name Required Nullable Type Description Format

name

String

factors

List of ResultFactor

score

Float

float

StorageRiskSubject

Field Name Required Nullable Type Description Format

id

String

namespace

String

clusterId

String

type

StorageRiskSubjectType

UNKNOWN, DEPLOYMENT, NAMESPACE, CLUSTER, NODE, NODE_COMPONENT, IMAGE, IMAGE_COMPONENT, SERVICEACCOUNT,

StorageRiskSubjectType

Next tag: 9
Enum Values

UNKNOWN

DEPLOYMENT

NAMESPACE

CLUSTER

NODE

NODE_COMPONENT

IMAGE

IMAGE_COMPONENT

SERVICEACCOUNT

StorageSecurityContext

Field Name Required Nullable Type Description Format

privileged

Boolean

selinux

SecurityContextSELinux

dropCapabilities

List of string

addCapabilities

List of string

readOnlyRootFilesystem

Boolean

seccompProfile

SecurityContextSeccompProfile

allowPrivilegeEscalation

Boolean

StorageTaintEffect

Enum Values

UNKNOWN_TAINT_EFFECT

NO_SCHEDULE_TAINT_EFFECT

PREFER_NO_SCHEDULE_TAINT_EFFECT

NO_EXECUTE_TAINT_EFFECT

StorageToleration

Field Name Required Nullable Type Description Format

key

String

operator

StorageTolerationOperator

TOLERATION_OPERATION_UNKNOWN, TOLERATION_OPERATOR_EXISTS, TOLERATION_OPERATOR_EQUAL,

value

String

taintEffect

StorageTaintEffect

UNKNOWN_TAINT_EFFECT, NO_SCHEDULE_TAINT_EFFECT, PREFER_NO_SCHEDULE_TAINT_EFFECT, NO_EXECUTE_TAINT_EFFECT,

StorageTolerationOperator

Enum Values

TOLERATION_OPERATION_UNKNOWN

TOLERATION_OPERATOR_EXISTS

TOLERATION_OPERATOR_EQUAL

StorageVolume

Field Name Required Nullable Type Description Format

name

String

source

String

destination

String

readOnly

Boolean

type

String

mountPropagation

VolumeMountPropagation

NONE, HOST_TO_CONTAINER, BIDIRECTIONAL,

V1GetDeploymentWithRiskResponse

Field Name Required Nullable Type Description Format

deployment

StorageDeployment

risk

StorageRisk

VolumeMountPropagation

Enum Values

NONE

HOST_TO_CONTAINER

BIDIRECTIONAL