调用DescribePolicyInstances获取集群中当前部署的策略实例。

调试

您可以在OpenAPI Explorer中直接运行该接口,免去您计算签名的困扰。运行成功后,OpenAPI Explorer可以自动生成SDK代码示例。

请求语法

GET /clusters/cluster_id/policies?policy_name=String&instance_name=String HTTP/1.1
Content-Type:application/json

请求参数

表 1. 请求Path参数
参数名称 类型 是否必选 示例 说明
cluster_id String c8155823d057948c69a****

目标集群ID

表 2. 请求Query参数
参数名称 类型 是否必选 示例 说明
policy_name String ACKPSPCapabilities

策略治理规则名称

instance_name String allowed-repos-cz4s2

策略实例名称

响应体语法

HTTP/1.1 200 OK
Content-Type:application/json

[ {
  "ali_uid" : "String",
  "cluster_id" : "String",
  "instance_name" : "String",
  "policy_name" : "String",
  "policy_category" : "String",
  "policy_description" : "String",
  "policy_parameters" : "String",
  "policy_severity" : "String",
  "policy_scope" : "String",
  "policy_action" : "String"
} ]

响应参数

表 3. 响应Body参数
参数名称 类型 示例 说明
Array

策略实例列表

ali_uid String 16298168****

策略实例实施者UID

cluster_id String c8155823d057948c69a****

目标集群ID

instance_name String no-env-var-secrets-****

规则实例名称

policy_name String ACKPSPCapabilities

策略治理规则名称

policy_category String k8s-general

策略类型名称

policy_description String Restricts secrets used in pod envs

规则模板描述

policy_parameters String "restrictedNamespaces": [ "test" ]

当前规则实例的配置参数

policy_severity String low

规则实例治理等级

policy_scope String *

策略实例实施范围:

默认"*"代表集群所有命名空间。

否则返回作用Namespaces名称,多个Namespaces以逗号(,)分隔。

policy_action String deny

规则治理动作,取值:

  • deny:拦截违规部署
  • warn:告警

请求示例

根据以下示例获取集群中当前部署的策略实例列表:

GET /clusters/c8155823d057948c69a****/policies?policy_name=ACKPSPCapabilities&instance_name=allowed-repos-cz4s2 HTTP/1.1
Host:cs.aliyuncs.com
Content-Type:application/json

正常返回示例

XML格式

HTTP/1.1 200 OK
Content-Type:application/xml

<DescribePolicyInstancesResponse>
    <Created>2021-11-19T16:21:05+08:00</Created>
    <Updated>2021-11-19T16:21:05+08:00</Updated>
    <ali_uid>1629816869803434</ali_uid>
    <cluster_id>c2316479e840445628bc1df377ec84****</cluster_id>
    <instance_name>allowed-repos-cz4s2</instance_name>
    <policy_name>ACKAllowedRepos</policy_name>
    <policy_category>k8s-general</policy_category>
    <policy_description>Requires container images to begin with a repo string from a specified list.</policy_description>
    <policy_parameters>repos:
- registry.cn-beijing.aliyuncs.com/acs/
- registry.cn-beijing.aliyuncs.com/acs/
</policy_parameters>
    <policy_severity>high</policy_severity>
    <policy_scope>test1</policy_scope>
    <policy_action>warn</policy_action>
    <total_violations>0</total_violations>
    <is_deleted>0</is_deleted>
</DescribePolicyInstancesResponse>
<DescribePolicyInstancesResponse>
    <Created>2021-11-19T16:21:00+08:00</Created>
    <Updated>2021-11-19T16:21:00+08:00</Updated>
    <ali_uid>1629816869803434</ali_uid>
    <cluster_id>c2316479e840445628bc1df377ec8****</cluster_id>
    <instance_name>allowed-repos-mqdsf</instance_name>
    <policy_name>ACKAllowedRepos</policy_name>
    <policy_category>k8s-general</policy_category>
    <policy_description>Requires container images to begin with a repo string from a specified list.</policy_description>
    <policy_parameters>repos:
- registry.cn-beijing.aliyuncs.com/acs/
- registry.cn-beijing.aliyuncs.com/acs/
</policy_parameters>
    <policy_severity>high</policy_severity>
    <policy_scope>default</policy_scope>
    <policy_action>deny</policy_action>
    <total_violations>0</total_violations>
    <is_deleted>0</is_deleted>
</DescribePolicyInstancesResponse>

JSON格式

HTTP/1.1 200 OK
Content-Type:application/json

[ {
  "Created" : "2021-11-19T16:21:05+08:00",
  "Updated" : "2021-11-19T16:21:05+08:00",
  "ali_uid" : "1629816869803434",
  "cluster_id" : "c2316479e840445628bc1df377ec84****",
  "instance_name" : "allowed-repos-cz4s2",
  "policy_name" : "ACKAllowedRepos",
  "policy_category" : "k8s-general",
  "policy_description" : "Requires container images to begin with a repo string from a specified list.",
  "policy_parameters" : "repos:\n- registry.cn-beijing.aliyuncs.com/acs/\n- registry.cn-beijing.aliyuncs.com/acs/\n",
  "policy_severity" : "high",
  "policy_scope" : "test1",
  "policy_action" : "warn",
  "total_violations" : 0,
  "is_deleted" : 0
}, {
  "Created" : "2021-11-19T16:21:00+08:00",
  "Updated" : "2021-11-19T16:21:00+08:00",
  "ali_uid" : "1629816869803434",
  "cluster_id" : "c2316479e840445628bc1df377ec8****",
  "instance_name" : "allowed-repos-mqdsf",
  "policy_name" : "ACKAllowedRepos",
  "policy_category" : "k8s-general",
  "policy_description" : "Requires container images to begin with a repo string from a specified list.",
  "policy_parameters" : "repos:\n- registry.cn-beijing.aliyuncs.com/acs/\n- registry.cn-beijing.aliyuncs.com/acs/\n",
  "policy_severity" : "high",
  "policy_scope" : "default",
  "policy_action" : "deny",
  "total_violations" : 0,
  "is_deleted" : 0
} ]

错误码

访问错误中心查看更多错误码。