You can call the DescribePolicyInstances operation to query a specified policy instance that is deployed in a Container Service for Kubernetes (ACK) cluster.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request syntax

GET /clusters/cluster_id/policies?policy_name=String&instance_name=String HTTP/1.1
Content-Type:application/json

Request parameters

Table 1. Request path parameters
Parameter Type Required Example Description
cluster_id String Yes c8155823d057948c69a****

The ID of the cluster that you want to query.

Table 2. Request query parameters
Parameter Type Required Example Description
policy_name String No ACKPSPCapabilities

The name of the policy that you want to query.

instance_name String No allowed-repos-cz4s2

The name of the policy instance that you want to query.

Response syntax

HTTP/1.1 200 OK
Content-Type:application/json

[ {
  "ali_uid" : "String",
  "cluster_id" : "String",
  "instance_name" : "String",
  "policy_name" : "String",
  "policy_category" : "String",
  "policy_description" : "String",
  "policy_parameters" : "String",
  "policy_severity" : "String",
  "policy_scope" : "String",
  "policy_action" : "String"
} ]

Response parameters

Table 3. Response body parameters
Parameter Type Example Description
Array

Details about the policy instance that is returned.

ali_uid String 16298168****

The UID of the Alibaba Cloud account that is used to deploy the policy instance.

cluster_id String c8155823d057948c69a****

The ID of the cluster where the policy instance is deployed.

instance_name String no-env-var-secrets-****

The name of the policy instance.

policy_name String ACKPSPCapabilities

The name of the policy.

policy_category String k8s-general

The type of the policy.

policy_description String Restricts secrets used in pod envs

The description of the policy.

policy_parameters String "restrictedNamespaces": [ "test" ]

The parameters of the policy instance.

policy_severity String low

The severity level of the policy.

policy_scope String *

The applicable scope of the policy instance.

A value of * indicates all namespaces in the cluster. This is the default value.

Multiple namespaces are separated by commas (,).

policy_action String deny

The action of the policy. Valid values:

  • deny: Deployments that match the policy are denied.
  • warn: Alerts are generated for Deployments that match the policy.

Sample requests

Submit the following sample request to query a specified policy instance that is deployed in an ACK cluster:

GET /clusters/c8155823d057948c69a****/policies?policy_name=ACKPSPCapabilities&instance_name=allowed-repos-cz4s2 HTTP/1.1
Host:cs.aliyuncs.com
Content-Type:application/json

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<DescribePolicyInstancesResponse>
    <ali_uid>16298168****</ali_uid>
    <cluster_id>c8155823d057948c69a****</cluster_id>
    <instance_name>no-env-var-secrets-****</instance_name>
    <policy_name>ACKPSPCapabilities</policy_name>
    <policy_category>k8s-general</policy_category>
    <policy_description>Restricts secrets used in pod envs</policy_description>
    <policy_parameters>"restrictedNamespaces": [ "test" ]</policy_parameters>
    <policy_severity>low</policy_severity>
    <policy_scope>*</policy_scope>
    <policy_action>deny</policy_action>
</DescribePolicyInstancesResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

[ {
  "ali_uid" : "16298168****",
  "cluster_id" : "c8155823d057948c69a****",
  "instance_name" : "no-env-var-secrets-****",
  "policy_name" : "ACKPSPCapabilities",
  "policy_category" : "k8s-general",
  "policy_description" : "Restricts secrets used in pod envs",
  "policy_parameters" : "\"restrictedNamespaces\": [ \"test\" ]",
  "policy_severity" : "low",
  "policy_scope" : "*",
  "policy_action" : "deny"
} ]

Error codes

For a list of error codes, visit the API Error Center.