红帽全球峰会1.7. Policy API
1.7.1. Overview
This documentation is for the Policy resource for Red Hat Advanced Cluster Management for Kubernetes. The Policy resource has four possible requests: create, query, delete and update.
1.7.1.1. Version information
Version : 2.0.0
1.7.1.2. Contact information
Contact Email : apiteam@swagger.io
1.7.1.3. License information
License : Apache 2.0
License URL : http://www.apache.org/licenses/LICENSE-2.0.html
Terms of service : http://swagger.io/terms/
1.7.1.4. URI scheme
BasePath : /kubernetes/apis
Schemes : HTTPS
1.7.1.5. Tags
- policy.open-cluster-management.io/v1 : Create and manage policies
1.7.1.6. External Docs
Description : Find out more about Swagger.
URL : http://swagger.io
1.7.2. Paths
1.7.2.1. Create a policy
POST /policy.open-cluster-management.io/v1/v1alpha1/namespaces/{namespace}/policies/{policy_name}1.7.2.1.1. Description
Create a policy.
1.7.2.1.2. Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Header |
COOKIE | Authorization: Bearer {ACCESS_TOKEN} ; ACCESS_TOKEN is the user access token. | string |
| Path |
namespace | Namespace that you want to use, for example, default. | string |
| Body |
body | Parameters describing the policy to be created. |
1.7.2.1.3. Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Success | No Content |
| 403 | Access forbidden | No Content |
| 404 | Resource not found | No Content |
| 500 | Internal service error | No Content |
| 503 | Service unavailable | No Content |
1.7.2.1.4. Consumes
-
application/json
1.7.2.1.5. Tags
- policy.open-cluster-management.io
1.7.2.1.6. Example HTTP request
1.7.2.1.6.1. Request body
{
"apiVersion": "policy.open-cluster-management.io/v1/v1alpha1",
"kind": "Policy",
"metadata": {
"name": "test-policy-swagger",
"description": "Example body for Policy API Swagger docs"
},
"spec": {
"remediationAction": "enforce",
"namespaces": {
"include": [
"default"
],
"exclude": [
"kube*"
]
},
"policy-templates": {
"kind": "ConfigurationPolicy",
"apiVersion": "policy.open-cluster-management.io/v1alpha1",
"complianceType": "musthave",
"metadata": {
"namespace": null,
"name": "test-role"
},
"selector": {
"matchLabels": {
"cloud": "IBM"
}
},
"spec" : {
"object-templates": {
"complianceType": "mustHave",
"objectDefinition": {
"apiVersion": "rbac.authorization.k8s.io/v1",
"kind": "Role",
"metadata": {
"name": "role-policy",
},
"rules": [
{
"apiGroups": [
"extensions",
"apps"
],
"resources": [
"deployments"
],
"verbs": [
"get",
"list",
"watch",
"delete"
]
},
{
"apiGroups": [
"core"
],
"resources": [
"pods"
],
"verbs": [
"create",
"update",
"patch"
]
},
{
"apiGroups": [
"core"
],
"resources": [
"secrets"
],
"verbs": [
"get",
"watch",
"list",
"create",
"delete",
"update",
"patchß"
],
},
],
},
},
},
},1.7.2.2. Query all policies
GET /policy.open-cluster-management.io/v1/v1alpha1/namespaces/{namespace}/policies/{policy_name}1.7.2.2.1. Description
Query your policies for more details.
1.7.2.2.2. Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Header |
COOKIE | Authorization: Bearer {ACCESS_TOKEN} ; ACCESS_TOKEN is the user access token. | string |
| Path |
namespace | Namespace that you want to apply the policy to, for example, default. | string |
1.7.2.2.3. Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Success | No Content |
| 403 | Access forbidden | No Content |
| 404 | Resource not found | No Content |
| 500 | Internal service error | No Content |
| 503 | Service unavailable | No Content |
1.7.2.2.4. Consumes
-
application/json
1.7.2.2.5. Tags
- policy.open-cluster-management.io
1.7.2.3. Query a single policy
GET /policy.open-cluster-management.io/v1/v1alpha1/namespaces/{namespace}/policies/{policy_name}1.7.2.3.1. Description
Query a single policy for more details.
1.7.2.3.2. Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Header |
COOKIE | Authorization: Bearer {ACCESS_TOKEN} ; ACCESS_TOKEN is the user access token. | string |
| Path |
policy_name | Name of the policy that you want to query. | string |
| Path |
namespace | Namespace that you want to use, for example, default. | string |
1.7.2.3.3. Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Success | No Content |
| 403 | Access forbidden | No Content |
| 404 | Resource not found | No Content |
| 500 | Internal service error | No Content |
| 503 | Service unavailable | No Content |
1.7.2.3.4. Tags
- policy.open-cluster-management.io
1.7.2.4. Delete a policy
DELETE /policy.open-cluster-management.io/v1/v1alpha1/namespaces/{namespace}/policies/{policy_name}1.7.2.4.1. Parameters
| Type | Name | Description | Schema |
|---|---|---|---|
| Header |
COOKIE | Authorization: Bearer {ACCESS_TOKEN} ; ACCESS_TOKEN is the user access token. | string |
| Path |
policy_name | Name of the policy that you want to delete. | string |
| Path |
namespace | Namespace that you want to use, for example, default. | string |
1.7.2.4.2. Responses
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Success | No Content |
| 403 | Access forbidden | No Content |
| 404 | Resource not found | No Content |
| 500 | Internal service error | No Content |
| 503 | Service unavailable | No Content |
1.7.2.4.3. Tags
- policy.open-cluster-management.io
1.7.3. Definitions
1.7.3.1. Policy
| Name | Description | Schema |
|---|---|---|
|
apiVersion | The versioned schema of Policy. | string |
|
kind | String value that represents the REST resource. | string |
|
metadata | Describes rules that define the policy. | object |
spec
| Name | Description | Schema |
|---|---|---|
|
remediationAction | Value that represents how violations are handled as defined in the resource. | string |
|
namespace | Value that represents which namespaces the policy is applied. | string |
policy-templates
| Name | Description | Schema |
|---|---|---|
|
apiVersion | The versioned schema of Policy. | string |
|
kind | String value that represents the REST resource. | string |
|
complianceType | The compliance standard. | string |
|
metadata | Describes rules that define the policy. | object |
|
clusterConditions | Section to define labels. | string |
|
rules | string |
selector
| Name | Description | Schema |
|---|---|---|
|
matchLabels | The label that is required for the policy to be applied to a namespace. | object |
|
cloud | The label that is required for the policy to be applied to a cloud provider. | string |
rules
| Name | Description | Schema |
|---|---|---|
|
apiGroups | List of APIs that the rule applies to. | string |
|
resources | A list of resource types. | object |
|
verbs | A list of verbs. | string |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}