You can call the DescribePolicyInstances operation to query a specified policy instance that is deployed in a Container Service for Kubernetes (ACK) cluster.
Debugging
Request syntax
GET /clusters/cluster_id/policies?policy_name=String&instance_name=String HTTP/1.1
Content-Type:application/jsonRequest parameters
| Parameter | Type | Required | Example | Description |
|---|---|---|---|---|
| cluster_id | String | Yes | c8155823d057948c69a**** |
The ID of the cluster that you want to query. |
| Parameter | Type | Required | Example | Description |
|---|---|---|---|---|
| policy_name | String | No | ACKPSPCapabilities |
The name of the policy that you want to query. |
| instance_name | String | No | allowed-repos-cz4s2 |
The name of the policy instance that you want to query. |
Response syntax
HTTP/1.1 200 OK
Content-Type:application/json
[ {
"ali_uid" : "String",
"cluster_id" : "String",
"instance_name" : "String",
"policy_name" : "String",
"policy_category" : "String",
"policy_description" : "String",
"policy_parameters" : "String",
"policy_severity" : "String",
"policy_scope" : "String",
"policy_action" : "String"
} ]Response parameters
| Parameter | Type | Example | Description |
|---|---|---|---|
| Array |
Details about the policy instance that is returned. |
||
| ali_uid | String | 16298168**** |
The UID of the Alibaba Cloud account that is used to deploy the policy instance. |
| cluster_id | String | c8155823d057948c69a**** |
The ID of the cluster where the policy instance is deployed. |
| instance_name | String | no-env-var-secrets-**** |
The name of the policy instance. |
| policy_name | String | ACKPSPCapabilities |
The name of the policy. |
| policy_category | String | k8s-general |
The type of the policy. |
| policy_description | String | Restricts secrets used in pod envs |
The description of the policy. |
| policy_parameters | String | "restrictedNamespaces": [ "test" ] |
The parameters of the policy instance. |
| policy_severity | String | low |
The severity level of the policy. |
| policy_scope | String | * |
The applicable scope of the policy instance. A value of * indicates all namespaces in the cluster. This is the default value. Multiple namespaces are separated by commas (,). |
| policy_action | String | deny |
The action of the policy. Valid values:
|
Sample requests
Submit the following sample request to query a specified policy instance that is deployed in an ACK cluster:
GET /clusters/c8155823d057948c69a****/policies?policy_name=ACKPSPCapabilities&instance_name=allowed-repos-cz4s2 HTTP/1.1
Host:cs.aliyuncs.com
Content-Type:application/jsonSample success responses
XML format
HTTP/1.1 200 OK
Content-Type:application/xml
<DescribePolicyInstancesResponse>
<ali_uid>16298168****</ali_uid>
<cluster_id>c8155823d057948c69a****</cluster_id>
<instance_name>no-env-var-secrets-****</instance_name>
<policy_name>ACKPSPCapabilities</policy_name>
<policy_category>k8s-general</policy_category>
<policy_description>Restricts secrets used in pod envs</policy_description>
<policy_parameters>"restrictedNamespaces": [ "test" ]</policy_parameters>
<policy_severity>low</policy_severity>
<policy_scope>*</policy_scope>
<policy_action>deny</policy_action>
</DescribePolicyInstancesResponse>JSON format
HTTP/1.1 200 OK
Content-Type:application/json
[ {
"ali_uid" : "16298168****",
"cluster_id" : "c8155823d057948c69a****",
"instance_name" : "no-env-var-secrets-****",
"policy_name" : "ACKPSPCapabilities",
"policy_category" : "k8s-general",
"policy_description" : "Restricts secrets used in pod envs",
"policy_parameters" : "\"restrictedNamespaces\": [ \"test\" ]",
"policy_severity" : "low",
"policy_scope" : "*",
"policy_action" : "deny"
} ]Error codes
For a list of error codes, visit the API Error Center.