All Products
Search
Document Center

Security Center:DescribeGroupedContainerInstances

Last Updated:Mar 11, 2024

Queries containers by group type.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
yundun-sas:DescribeGroupedContainerInstancesRead
  • All Resources
    *
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
CriteriastringNo

The search conditions for assets. Specify the value in the JSON format. Separate multiple search conditions with commas (,). Example: [{"name":"riskStatus","value":"YES"},{"name":"riskLevel","value":"2"}].

Note Supported search conditions include the instance ID, instance name, virtual private cloud (VPC) ID, region, and public IP address. You can call the DescribeCriteria operation to query the supported search conditions.
[{"name":"riskStatus","value":"YES"},{"name":"riskLevel","value":"2"}]
LogicalExpstringNo

The logical relationship that you want to use to evaluate multiple search conditions. Valid values:

  • OR: Search conditions are evaluated by using a logical OR.
  • AND: Search conditions are evaluated by using a logical AND.
OR
GroupFieldstringYes

The group type that you want to use to query containers. Valid values:

  • pod
  • appName
  • namespace
  • clusterId
pod
FieldValuestringNo

The keyword that you want to use to query containers. You must specify this parameter based on the value of the GroupField parameter.

  • If the GroupField parameter is set to pod, set this parameter to the name of the pod that you want to query.
  • If the GroupField parameter is set to appName, set this parameter to the name of the application that you want to query.
  • If the GroupField parameter is set to namespace, set this parameter to the namespace that you want to query.
  • If the GroupField parameter is set to clusterId, set this parameter to the ID of the cluster that you want to query.
Note Fuzzy match is supported.
cas-adad-qeqwe
PageSizeintegerNo

The number of entries to return on each page. Default value: 20.

Note We recommend that you do not leave this parameter empty.
20
CurrentPageintegerNo

The number of the page to return. Default value: 1.

1

Response parameters

ParameterTypeDescriptionExample
object
RequestIdstring

The ID of the request, which is used to locate and troubleshoot issues.

4E5BFDCF-B9DD-430D-9DA4-151BCB581C9D
PageInfoobject

The pagination information.

CurrentPageinteger

The page number of the returned page.

1
PageSizeinteger

The number of entries returned per page. Default value: 20.

20
TotalCountinteger

The total number of container assets returned.

25
Countinteger

The number of container assets returned on the current page.

20
GroupedContainerInstanceListobject []

The information about the container.

RiskLevelstring

The risk level. Valid values:

  • high
  • medium
  • low
low
HostIpstring

The IP address of the host in the container cluster.

172.114.XX.XX
Podstring

The name of the pod.

csi-plugin-2n****
RiskStatusstring

Indicates whether risks were detected. Valid values:

  • NO: No risks were detected.
  • YES: Risks were detected.
NO
CreateTimelong

The time when the cluster was created. Unit: milliseconds.

1600076893000
Namespacestring

The namespace of the cluster.

kube-system
CusterStatestring

The status of the cluster. Valid values:

  • running: The cluster is running.
  • stopped: The cluster is stopped.
  • deleted: The cluster is deleted.
  • delete_failed: The cluster failed to be deleted.
  • failed: The cluster failed to be created.
running
InstanceIdstring

The ID of the server.

i-8vb9ul5xec4tua4q****
RegionIdstring

The region ID of the instance.

cn-hangzhou
AppNamestring

The name of the application.

oss-liveness-probe
InstanceCountinteger

The number of pods, applications, clusters, or namespaces.

9
ClusterTypestring

The type of the cluster. Valid values:

  • Kubernetes: dedicated Kubernetes cluster.
  • ManagedKubernetes: standard managed cluster (edge cluster).
  • Ask: serverless Kubernetes (ASK) cluster.
ManagedKubernetes
ClusterNamestring

The name of the cluster.

test
PodIpstring

The IP address of the pod.

172.114.XX.XX
VulCountinteger

The number of vulnerabilities that are detected for the current pod, application, namespace, or cluster.

1
AlarmCountinteger

The number of alerts that are detected for the current pod, application, namespace, or cluster.

1
RiskInstanceCountinteger

The number of at-risk instances.

1
ClusterIdstring

The ID of the cluster.

cf3824769c85441b4bf3****
Imagestring

The container image.

registry-vpc.ap-southeast-5.aliyuncs.com/log-service-release/sls-connector:1.1.77
ImageRepoNamespacestring

The namespace of the image repository.

name001
ImageRepoNamestring

The name of the image repository.

test-003
ImageRepoTagstring

The tag that is added to the image repository.

dev-20220512-2
ImageDigeststring

The digest value of the image.

58e58c013f70bbfde140c8a55c1078074b3483479428d4069aa946827fd566cf
ImageUuidstring

The UUID of the image.

e4bdec1d9ba7e0967111a7ea467c****
HcCountinteger

The number of baseline risks that are detected for the current pod, application, namespace, or cluster.

20
SyncOpeninteger

Indicates whether the synchronization of cluster audit logs is enabled. Valid values:

  • 0: disabled.
  • 1: enabled.
1
SyncStatusinteger

The status of the synchronization of cluster audit logs. Valid values:

  • 0: The synchronization failed.
  • 1: The synchronization is successful.
1

Examples

Sample success responses

JSONformat

{
  "RequestId": "4E5BFDCF-B9DD-430D-9DA4-151BCB581C9D",
  "PageInfo": {
    "CurrentPage": 1,
    "PageSize": 20,
    "TotalCount": 25,
    "Count": 20
  },
  "GroupedContainerInstanceList": [
    {
      "RiskLevel": "low",
      "HostIp": "172.114.XX.XX",
      "Pod": "csi-plugin-2n****",
      "RiskStatus": "NO",
      "CreateTime": 1600076893000,
      "Namespace": "kube-system",
      "CusterState": "running",
      "InstanceId": "i-8vb9ul5xec4tua4q****",
      "RegionId": "cn-hangzhou",
      "AppName": "oss-liveness-probe",
      "InstanceCount": 9,
      "ClusterType": "ManagedKubernetes",
      "ClusterName": "test",
      "PodIp": "172.114.XX.XX",
      "VulCount": 1,
      "AlarmCount": 1,
      "RiskInstanceCount": 1,
      "ClusterId": "cf3824769c85441b4bf3****",
      "Image": "registry-vpc.ap-southeast-5.aliyuncs.com/log-service-release/sls-connector:1.1.77",
      "ImageRepoNamespace": "name001",
      "ImageRepoName": "test-003",
      "ImageRepoTag": "dev-20220512-2",
      "ImageDigest": "58e58c013f70bbfde140c8a55c1078074b3483479428d4069aa946827fd566cf",
      "ImageUuid": "e4bdec1d9ba7e0967111a7ea467c****",
      "HcCount": 20,
      "SyncOpen": 1,
      "SyncStatus": 1
    }
  ]
}

Error codes

HTTP status codeError codeError messageDescription
400IllegalParamIllegal param-
403NoPermissioncaller has no permissionYou are not authorized to do this operation.
500ServerErrorServerError-

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2024-01-11The Error code has changed. The response structure of the API has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    delete Error Codes: 400
Output ParametersThe response structure of the API has changed.
2021-12-21The Error code has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    delete Error Codes: 400