DeploymentService | API reference | Red Hat Advanced Cluster Security for Kubernetes 4.5

CountDeployments

GET /v1/deploymentscount

CountDeployments returns the number of deployments.

Description

Parameters

Query Parameters

Name	Required	Default
query	-	null
pagination.limit	-	null
pagination.offset	-	null
pagination.sortOption.field	-	null
pagination.sortOption.reversed	-	null
pagination.sortOption.aggregateBy.aggrFunc	-	UNSET
pagination.sortOption.aggregateBy.distinct	-	null

Name

Description

Required

Default

Pattern

query

null

pagination.limit

null

pagination.offset

null

pagination.sortOption.field

null

pagination.sortOption.reversed

null

pagination.sortOption.aggregateBy.aggrFunc

UNSET

pagination.sortOption.aggregateBy.distinct

null

Return Type

V1CountDeploymentsResponse

Content Type

application/json

Responses

Table 1. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1CountDeploymentsResponse
0	An unexpected error response.	RuntimeError

Samples

ExportDeployments

GET /v1/export/deployments

Description

Parameters

Query Parameters

Name	Description	Required	Default	Pattern
timeout		-	null
query		-	null

Name

Description

Required

Default

Pattern

timeout

null

query

null

Return Type

Stream_result_of_v1ExportDeploymentResponse

Content Type

application/json

Responses

Table 2. HTTP Response Codes
Code	Message	Datatype
200	A successful response.(streaming responses)	Stream_result_of_v1ExportDeploymentResponse
0	An unexpected error response.	RuntimeError

Samples

GetDeployment

GET /v1/deployments/{id}

GetDeployment returns a deployment given its ID.

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
id		X	null

Name

Description

Required

Default

Pattern

null

Return Type

StorageDeployment

Content Type

application/json

Responses

Table 3. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	StorageDeployment
0	An unexpected error response.	RuntimeError

Samples

GetDeploymentWithRisk

GET /v1/deploymentswithrisk/{id}

GetDeploymentWithRisk returns a deployment and its risk given its ID.

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
id		X	null

Name

Description

Required

Default

Pattern

null

Return Type

V1GetDeploymentWithRiskResponse

Content Type

application/json

Responses

Table 4. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1GetDeploymentWithRiskResponse
0	An unexpected error response.	RuntimeError

Samples

GetLabels

GET /v1/deployments/metadata/labels

GetLabels returns the labels used by deployments.

Description

Parameters

Return Type

V1DeploymentLabelsResponse

Content Type

application/json

Responses

Table 5. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1DeploymentLabelsResponse
0	An unexpected error response.	RuntimeError

Samples

ListDeployments

GET /v1/deployments

ListDeployments returns the list of deployments.

Description

Parameters

Query Parameters

Name	Required	Default
query	-	null
pagination.limit	-	null
pagination.offset	-	null
pagination.sortOption.field	-	null
pagination.sortOption.reversed	-	null
pagination.sortOption.aggregateBy.aggrFunc	-	UNSET
pagination.sortOption.aggregateBy.distinct	-	null

Name

Description

Required

Default

Pattern

query

null

pagination.limit

null

pagination.offset

null

pagination.sortOption.field

null

pagination.sortOption.reversed

null

pagination.sortOption.aggregateBy.aggrFunc

UNSET

pagination.sortOption.aggregateBy.distinct

null

Return Type

V1ListDeploymentsResponse

Content Type

application/json

Responses

Table 6. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1ListDeploymentsResponse
0	An unexpected error response.	RuntimeError

Samples

ListDeploymentsWithProcessInfo

GET /v1/deploymentswithprocessinfo

ListDeploymentsWithProcessInfo returns the list of deployments with process information.

Description

Parameters

Query Parameters

Name	Required	Default
query	-	null
pagination.limit	-	null
pagination.offset	-	null
pagination.sortOption.field	-	null
pagination.sortOption.reversed	-	null
pagination.sortOption.aggregateBy.aggrFunc	-	UNSET
pagination.sortOption.aggregateBy.distinct	-	null

Name

Description

Required

Default

Pattern

query

null

pagination.limit

null

pagination.offset

null

pagination.sortOption.field

null

pagination.sortOption.reversed

null

pagination.sortOption.aggregateBy.aggrFunc

UNSET

pagination.sortOption.aggregateBy.distinct

null

Return Type

V1ListDeploymentsWithProcessInfoResponse

Content Type

application/json

Responses

Table 7. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1ListDeploymentsWithProcessInfoResponse
0	An unexpected error response.	RuntimeError

Samples

Common object reference

ContainerConfigEnvironmentConfig

Field Name

Required

Nullable

Type

Description

Format

key

String

value

String

envVarSource

EnvironmentConfigEnvVarSource

UNSET, RAW, SECRET_KEY, CONFIG_MAP_KEY, FIELD, RESOURCE_FIELD, UNKNOWN,

ContainerNameAndBaselineStatusBaselineStatus

Enum Values
INVALID
NOT_GENERATED
UNLOCKED
LOCKED

Enum Values

INVALID

NOT_GENERATED

UNLOCKED

LOCKED

DeploymentLabelsResponseLabelValues

Field Name Required Nullable Type Description Format

values

List of string

EnvironmentConfigEnvVarSource

For any update to EnvVarSource, please also update 'ui/src/messages/common.js'

Enum Values
UNSET
RAW
SECRET_KEY
CONFIG_MAP_KEY
FIELD
RESOURCE_FIELD
UNKNOWN

Enum Values

UNSET

RAW

SECRET_KEY

CONFIG_MAP_KEY

FIELD

RESOURCE_FIELD

UNKNOWN

ListDeploymentsWithProcessInfoResponseDeploymentWithProcessInfo

Field Name

Required

Nullable

Type

Description

Format

deployment

StorageListDeployment

baselineStatuses

List of StorageContainerNameAndBaselineStatus

PortConfigExposureInfo

Field Name Required Nullable Type Description Format

level

PortConfigExposureLevel

UNSET, EXTERNAL, NODE, INTERNAL, HOST, ROUTE,

serviceName

String

serviceId

String

serviceClusterIp

String

servicePort

Integer

int32

nodePort

Integer

int32

externalIps

List of string

externalHostnames

List of string

PortConfigExposureLevel

Enum Values
UNSET
EXTERNAL
NODE
INTERNAL
HOST
ROUTE

Enum Values

UNSET

EXTERNAL

NODE

INTERNAL

HOST

ROUTE

ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Field Name Required Nullable Type Description Format

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

typeUrl

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

value

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

ResultFactor

Field Name

Required

Nullable

Type

Description

Format

message

String

url

String

RuntimeError

Field Name

Required

Nullable

Type

Description

Format

error

String

code

Integer

int32

message

String

details

List of ProtobufAny

RuntimeStreamError

Field Name

Required

Nullable

Type

Description

Format

grpcCode

Integer

int32

httpCode

Integer

int32

message

String

httpStatus

String

details

List of ProtobufAny

SeccompProfileProfileType

Enum Values
UNCONFINED
RUNTIME_DEFAULT
LOCALHOST

Enum Values

UNCONFINED

RUNTIME_DEFAULT

LOCALHOST

SecurityContextSELinux

Field Name

Required

Nullable

Type

Description

Format

user

String

role

String

type

String

level

String

SecurityContextSeccompProfile

Field Name

Required

Nullable

Type

Description

Format

type

SeccompProfileProfileType

UNCONFINED, RUNTIME_DEFAULT, LOCALHOST,

localhostProfile

String

StorageContainer

Field Name

Required

Nullable

Type

Description

Format

String

config

StorageContainerConfig

image

StorageContainerImage

securityContext

StorageSecurityContext

volumes

List of StorageVolume

ports

List of StoragePortConfig

secrets

List of StorageEmbeddedSecret

resources

StorageResources

name

String

livenessProbe

StorageLivenessProbe

readinessProbe

StorageReadinessProbe

StorageContainerConfig

Field Name Required Nullable Type Description Format

env

List of ContainerConfigEnvironmentConfig

command

List of string

args

List of string

StorageContainerImage

Next tag: 12

Field Name

Required

Nullable

Type

Description

Format

String

name

StorageImageName

notPullable

Boolean

isClusterLocal

Boolean

StorageContainerNameAndBaselineStatus

ContainerNameAndBaselineStatus represents a cached result of process evaluation on a specific container name.

Field Name

Required

Nullable

Type

Description

Format

containerName

String

baselineStatus

ContainerNameAndBaselineStatusBaselineStatus

INVALID, NOT_GENERATED, UNLOCKED, LOCKED,

anomalousProcessesExecuted

Boolean

StorageDeployment

Next available tag: 35

Field Name Required Nullable Type Description Format

String

name

String

hash

String

uint64

type

String

namespace

String

namespaceId

String

orchestratorComponent

Boolean

replicas

String

int64

labels

Map of string

podLabels

Map of string

labelSelector

StorageLabelSelector

created

Date

date-time

clusterId

String

clusterName

String

containers

List of StorageContainer

annotations

Map of string

priority

String

int64

inactive

Boolean

imagePullSecrets

List of string

serviceAccount

String

serviceAccountPermissionLevel

StoragePermissionLevel

UNSET, NONE, DEFAULT, ELEVATED_IN_NAMESPACE, ELEVATED_CLUSTER_WIDE, CLUSTER_ADMIN,

automountServiceAccountToken

Boolean

hostNetwork

Boolean

hostPid

Boolean

hostIpc

Boolean

runtimeClass

String

tolerations

List of StorageToleration

ports

List of StoragePortConfig

stateTimestamp

String

int64

riskScore

Float

float

StorageEmbeddedSecret

Field Name

Required

Nullable

Type

Description

Format

name

String

path

String

StorageImageName

Field Name

Required

Nullable

Type

Description

Format

registry

String

remote

String

tag

String

fullName

String

StorageLabelSelector

Label selector components are joined with logical AND, see     https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

Next available tag: 3

Field Name Required Nullable Type Description Format

matchLabels

Map of string

This is actually a oneof, but we can’t make it one due to backwards compatibility constraints.

requirements

List of StorageLabelSelectorRequirement

StorageLabelSelectorOperator

Enum Values
UNKNOWN
IN
NOT_IN
EXISTS
NOT_EXISTS

Enum Values

UNKNOWN

NOT_IN

EXISTS

NOT_EXISTS

StorageLabelSelectorRequirement

Next available tag: 4

Field Name Required Nullable Type Description Format

key

String

StorageLabelSelectorOperator

UNKNOWN, IN, NOT_IN, EXISTS, NOT_EXISTS,

values

List of string

StorageListDeployment

Next available tag: 9

Field Name

Required

Nullable

Type

Description

Format

String

hash

String

uint64

name

String

cluster

String

clusterId

String

namespace

String

created

Date

date-time

priority

String

int64

StorageLivenessProbe

Field Name

Required

Nullable

Type

Description

Format

defined

Boolean

StoragePermissionLevel

For any update to PermissionLevel, also update: - pkg/searchbasedpolicies/builders/k8s_rbac.go - ui/src/messages/common.js

Enum Values
UNSET
NONE
DEFAULT
ELEVATED_IN_NAMESPACE
ELEVATED_CLUSTER_WIDE
CLUSTER_ADMIN

Enum Values

UNSET

NONE

DEFAULT

ELEVATED_IN_NAMESPACE

ELEVATED_CLUSTER_WIDE

CLUSTER_ADMIN

StoragePortConfig

Next Available Tag: 6

Field Name

Required

Nullable

Type

Description

Format

name

String

containerPort

Integer

int32

protocol

String

exposure

PortConfigExposureLevel

UNSET, EXTERNAL, NODE, INTERNAL, HOST, ROUTE,

exposedPort

Integer

int32

exposureInfos

List of PortConfigExposureInfo

StorageReadinessProbe

Field Name

Required

Nullable

Type

Description

Format

defined

Boolean

StorageResources

Field Name	Type	Format
cpuCoresRequest	Float	float
cpuCoresLimit	Float	float
memoryMbRequest	Float	float
memoryMbLimit	Float	float

Field Name

Required

Nullable

Type

Description

Format

cpuCoresRequest

Float

float

cpuCoresLimit

Float

float

memoryMbRequest

Float

float

memoryMbLimit

Float

float

StorageRisk

Field Name

Required

Nullable

Type

Description

Format

String

subject

StorageRiskSubject

score

Float

float

results

List of StorageRiskResult

StorageRiskResult

Field Name

Required

Nullable

Type

Description

Format

name

String

factors

List of ResultFactor

score

Float

float

StorageRiskSubject

Field Name

Required

Nullable

Type

Description

Format

String

namespace

String

clusterId

String

type

StorageRiskSubjectType

UNKNOWN, DEPLOYMENT, NAMESPACE, CLUSTER, NODE, NODE_COMPONENT, IMAGE, IMAGE_COMPONENT, SERVICEACCOUNT,

StorageRiskSubjectType

Next tag: 9

Enum Values
UNKNOWN
DEPLOYMENT
NAMESPACE
CLUSTER
NODE
NODE_COMPONENT
IMAGE
IMAGE_COMPONENT
SERVICEACCOUNT

Enum Values

UNKNOWN

DEPLOYMENT

NAMESPACE

CLUSTER

NODE

NODE_COMPONENT

IMAGE

IMAGE_COMPONENT

SERVICEACCOUNT

StorageSecurityContext

Field Name Required Nullable Type Description Format

privileged

Boolean

selinux

SecurityContextSELinux

dropCapabilities

List of string

addCapabilities

List of string

readOnlyRootFilesystem

Boolean

seccompProfile

SecurityContextSeccompProfile

allowPrivilegeEscalation

Boolean

StorageTaintEffect

Enum Values
UNKNOWN_TAINT_EFFECT
NO_SCHEDULE_TAINT_EFFECT
PREFER_NO_SCHEDULE_TAINT_EFFECT
NO_EXECUTE_TAINT_EFFECT

Enum Values

UNKNOWN_TAINT_EFFECT

NO_SCHEDULE_TAINT_EFFECT

PREFER_NO_SCHEDULE_TAINT_EFFECT

NO_EXECUTE_TAINT_EFFECT

StorageToleration

Field Name

Required

Nullable

Type

Description

Format

key

String

operator

StorageTolerationOperator

TOLERATION_OPERATION_UNKNOWN, TOLERATION_OPERATOR_EXISTS, TOLERATION_OPERATOR_EQUAL,

value

String

taintEffect

StorageTaintEffect

UNKNOWN_TAINT_EFFECT, NO_SCHEDULE_TAINT_EFFECT, PREFER_NO_SCHEDULE_TAINT_EFFECT, NO_EXECUTE_TAINT_EFFECT,

StorageTolerationOperator

Enum Values

TOLERATION_OPERATION_UNKNOWN

TOLERATION_OPERATOR_EXISTS

TOLERATION_OPERATOR_EQUAL

StorageVolume

Field Name

Required

Nullable

Type

Description

Format

name

String

source

String

destination

String

readOnly

Boolean

type

String

mountPropagation

VolumeMountPropagation

NONE, HOST_TO_CONTAINER, BIDIRECTIONAL,

StreamResultOfV1ExportDeploymentResponse

Stream result of v1ExportDeploymentResponse

Field Name

Required

Nullable

Type

Description

Format

result

V1ExportDeploymentResponse

error

RuntimeStreamError

V1CountDeploymentsResponse

Field Name

Required

Nullable

Type

Description

Format

count

Integer

int32

V1DeploymentLabelsResponse

Field Name Required Nullable Type Description Format

labels

Map of DeploymentLabelsResponseLabelValues

values

List of string

V1ExportDeploymentResponse

Field Name

Required

Nullable

Type

Description

Format

deployment

StorageDeployment

V1GetDeploymentWithRiskResponse

Field Name

Required

Nullable

Type

Description

Format

deployment

StorageDeployment

risk

StorageRisk

V1ListDeploymentsResponse

Field Name

Required

Nullable

Type

Description

Format

deployments

List of StorageListDeployment

V1ListDeploymentsWithProcessInfoResponse

Field Name

Required

Nullable

Type

Description

Format

deployments

List of ListDeploymentsWithProcessInfoResponseDeploymentWithProcessInfo

VolumeMountPropagation

Enum Values

NONE

HOST_TO_CONTAINER

BIDIRECTIONAL