Reference of all available HTTP endpoints provided by Policy Reporter.
Method API Description Codes GET/healthzReturns if the App is healthy and required CRDs are installed 200, 503
curl -X GET "http://localhost:8080/healthz" Copy to clipboard { "error" : "No PolicyReport CRDs found" } Copy to clipboard Method API Description Codes GET/readyReturns if the App is up and running 200
curl -X GET "http://localhost:8080/ready" Copy to clipboard Method API Description Codes GET/v1/targetsList of configured targets 200, 500
curl -X GET "http://localhost:8080/v1/targets" Copy to clipboard [ { "name" : "UI" , "minimumPriority" : "warning" , "sources" :[ "Kube Bench" , "Kyverno" ], "skipExistingOnStartup" : true }, { "name" : "S3" , "minimumPriority" : "warning" , "skipExistingOnStartup" : true } ] Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/v1/policy-reportsList metadata of all available PolicyReport resources 200, 500
Filter Type Description Example sources string[]Filter by a list of sources kyvernolabels string[]Filter by a list of label-value pairs env:prod
curl -X GET "http://localhost:8080/v1/policy-reports?source=kyverno&labels=env:prod" Copy to clipboard { "items" : [ { "id" : "10176812858289583969" , "name" : "cpol-disallow-capabilities-strict" , "namespace" : "kube-system" , "source" : "kyverno" , "labels" : { "app.kubernetes.io/managed-by" : "kyverno" , "cpol.kyverno.io/disallow-capabilities-strict" : "12458" , "env" : "prod" }, "pass" : 13 , "skip" : 0 , "warn" : 0 , "error" : 0 , "fail" : 9 } ], "count" : 1 } Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/v1/cluster-policy-reportsList metadata of all available PolicyReport resources 200, 500
Filter Type Description Example sources string[]Filter by a list of sources kyvernolabels string[]Filter by a list of label-value pairs env:prod
curl -X GET "http://localhost:8080/v1/cluster-policy-reports?source=kyverno&labels=env:prod" Copy to clipboard { "items" : [ { "id" : "10176812858289583969" , "name" : "cpol-disallow-capabilities-strict" , "source" : "kyverno" , "labels" : { "app.kubernetes.io/managed-by" : "kyverno" , "cpol.kyverno.io/disallow-capabilities-strict" : "12458" , "env" : "prod" }, "pass" : 13 , "skip" : 0 , "warn" : 0 , "error" : 0 , "fail" : 9 } ], "count" : 1 } Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/v1/namespacesList of all Namespaces with PolicyReportResults 200, 500
Filter Type Description sources string[]Filter by a list of sources categories string[]Filter by a list of categories policies string[]Filter by a list of policies
curl -X GET "http://localhost:8080/v1/namespaces?source=kyverno&sorce=falco" Copy to clipboard [ "policy-reporter" , "blog" , "test" ] Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/v1/rule-status-countList of counts per result 200, 500
Filter Type Description Required rule stringSelect the Rule for the requested counts required policy stringSelect the Policy of selected Rule required
curl -X GET "http://localhost:8080/v1/rule-status-count?policy=require-non-root-groups&rule=autogen-check-fsGroup" Copy to clipboard [ { "status" : "pass" , "count" : 25 }, { "status" : "fail" , "count" : 0 }, { "status" : "warn" , "count" : 0 }, { "status" : "error" , "count" : 0 }, { "status" : "skip" , "count" : 0 } ] Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/v1/namespaced-resources/categoriesList of all defined PolicyReport and ClusterPolicyReport Categories 200, 500
Filter Type Description sources string[]Filter by a list of sources namespaces string[]Filter by a list of namespaces
curl -X GET "http://localhost:8080/v1/namespaced-resources/categories?source=kyverno" Copy to clipboard [ "Pod Security Standards (Default)" , "Pod Security Standards (Restricted)" ] Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/v1/namespaced-resources/policiesList of all Policies 200, 500
Filter Type Description sources string[]Filter by a list of sources categories string[]Filter by a list of categories namespaces string[]Filter by a list of namespaces
curl -X GET "http://localhost:8080/v1/namespaced-resources/policies?source=kyverno" Copy to clipboard [ "deny-privilege-escalation" , "disallow-add-capabilities" , "disallow-host-namespaces" , "disallow-host-path" , "disallow-host-ports" , "disallow-privileged-containers" , "disallow-selinux" , "require-default-proc-mount" , "require-non-root-groups" , "require-run-as-non-root" , "restrict-apparmor-profiles" , "restrict-seccomp" , "restrict-sysctls" , "restrict-volume-types" ] Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/v1/namespaced-resources/kindsList of all Kinds 200, 500
Filter Type Description sources string[]Filter by a list of sources namespaces string[]Filter by a list of namespaces
curl -X GET "http://localhost:8080/v1/namespaced-resources/kinds?source=kyverno" Copy to clipboard [ "CronJob" , "Deployment" , "Pod" , "StatefulSet" ] Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/v1/namespaced-resources/resourcesList of all Resources 200, 500
Filter Type Description sources string[]Filter by a list of sources categories string[]Filter by a list of categories policies string[]Filter by a list of policies namespaces string[]Filter by a list of namespaces kinds string[]Filter by a list of kinds
curl -X GET "http://localhost:8080/v1/namespaced-resources/resources?source=kyverno" Copy to clipboard [ { "kind" : "Pod" , "name" : "nginx" } ] Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/v1/namespaced-resources/sourcesList of all Sources 200, 500
curl -X GET "http://localhost:8080/v1/namespaced-resources/sources" Copy to clipboard [ "Kyverno" , "Kube Bench" ] Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/v1/namespaced-resources/status-countsCount of result status 200, 500
Filter Type Description Enum sources string[]Filter by a list of sources namespaces string[]Filter by a list of namespaces kinds string[]Filter by a list of kinds resources string[]Filter by a list of resources categories string[]Filter by a list of categories policies string[]Filter by a list of policies status string[]Filter by a list of status fail, pass, warn, error, skipseverities string[]Filter by a list of severities low, medium, high
curl -X GET "http://localhost:8080/v1/namespaced-resources/status-counts?source=kyverno&status=pass&status=fail" Copy to clipboard [ { "status" : "pass" , "items" :[ { "namespace" : "argo-cd" , "count" : 206 }, { "namespace" : "blog" , "count" : 34 }, { "namespace" : "policy-reporter" , "count" : 105 }, { "namespace" : "test" , "count" : 34 } ] }, { "status" : "fail" , "items" :[ { "namespace" : "argo-cd" , "count" : 4 }, { "namespace" : "blog" , "count" : 1 }, { "namespace" : "test" , "count" : 1 } ] } ] Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/v1/namespaced-resources/resultsList of namespace scoped results 200, 500
Filter Type Description Enum sources string[]Filter by a list of sources namespaces string[]Filter by a list of namespaces kinds string[]Filter by a list of kinds resources string[]Filter by a list of resources categories string[]Filter by a list of categories policies string[]Filter by a list of policies status string[]Filter by a list of status fail, pass, warn, error, skipseverities string[]Filter by a list of severities low, medium, highsearch stringFilter by search string labels string[]Filter by polr label-value pairs
Pagination Type Description Enum page intRequested List Page offset intResults per Page direction stringOrder of the results asc, desc
curl -X GET "http://localhost:8080/v1/namespaced-resources/results?source=kyverno&status=fail&namespaces=test&label" Copy to clipboard { "items" : [ { "id" : "e8b7f35799c2d3cf9a50b492a8566e66dad465d9" , "namespace" : "test" , "kind" : "Pod" , "name" : "nginx" , "category" : "Pod Security Standards (Restricted)" , "message" : "validation error: Running as root is not allowed. The fields spec.securityContext.runAsNonRoot, spec.containers[*].securityContext.runAsNonRoot, and spec.initContainers[*].securityContext.runAsNonRoot must be `true`. Rule check-containers[0] failed at path /spec/securityContext/runAsNonRoot/. Rule check-containers[1] failed at path /spec/containers/0/securityContext/." , "policy" : "require-run-as-non-root" , "rule" : "check-containers" , "status" : "fail" } ], "count" : 10 } Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/v1/cluster-resources/categoriesList of all defined PolicyReport and ClusterPolicyReport Categories 200, 500
Filter Type Description sources string[]Filter by a list of sources
curl -X GET "http://localhost:8080/v1/cluster-resources/categories?source=kyverno" Copy to clipboard [ "Pod Security Standards (Default)" , "Pod Security Standards (Restricted)" ] Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/v1/cluster-resources/policiesList of all Policies 200, 500
Filter Type Description sources string[]Filter by a list of sources categories string[]Filter by a list of categories
curl -X GET "http://localhost:8080/v1/cluster-resources/policies?source=kyverno" Copy to clipboard [ "require-ns-labels" ] Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/v1/cluster-resources/kindsList of all Kinds 200, 500
Filter Type Description sources string[]Filter by a list of sources namespaces string[]Filter by a list of namespaces
curl -X GET "http://localhost:8080/v1/cluster-resources/kinds?source=kyverno" Copy to clipboard [ "Namespace" ] Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/v1/cluster-resources/resourcesList of all Resources 200, 500
Filter Type Description sources string[]Filter by a list of sources categories string[]Filter by a list of categories policies string[]Filter by a list of policies kinds string[]Filter by a list of kinds
curl -X GET "http://localhost:8080/v1/cluster-resources/resources?source=kyverno" Copy to clipboard [ { "kind" : "Namespace" , "name" : "test" } ] Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/v1/cluster-resources/sourcesList of all Sources 200, 500
curl -X GET "http://localhost:8080/v1/cluster-resources/sources" Copy to clipboard [ "Kyverno" , "Kube Bench" ] Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/v1/cluster-resources/status-countsCount of result status 200, 500
Filter Type Description Enum sources string[]Filter by a list of sources kinds string[]Filter by a list of kinds categories string[]Filter by a list of categories policies string[]Filter by a list of policies status string[]Filter by a list of status fail, pass, warn, error, skipseverities string[]Filter by a list of severities low, medium, high
curl -X GET "http://localhost:8080/v1/cluster-resources/status-counts?source=kyverno&status=pass&status=fail" Copy to clipboard [ { "status" : "pass" , "count" : 0 }, { "status" : "fail" , "count" : 26 } ] Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/v1/cluster-resources/resultsList of cluster scoped results 200, 500
Filter Type Description Enum sources string[]Filter by a list of sources kinds string[]Filter by a list of kinds categories string[]Filter by a list of categories policies string[]Filter by a list of policies status string[]Filter by a list of status fail, pass, warn, error, skipseverities string[]Filter by a list of severities low, medium, highsearch stringFilter by search string labels string[]Filter by cpolr label-value pairs
Pagination Type Description Enum page intRequested List Page offset intResults per Page direction stringOrder of the results asc, desc
curl -X GET "http://localhost:8080/v1/cluster-resources/results?source=kyverno&status=fail&labels=app:test" Copy to clipboard { "items" : [ { "id" : "ca7c83998f8633b4e0da1de36e2996202e14e7a4" , "kind" : "Namespace" , "name" : "blog" , "category" : "Convention" , "message" : "validation error: The label `thisshouldntexist` is required. Rule check-for-labels-on-namespace failed at path /metadata/labels/thisshouldntexist/" , "policy" : "require-ns-labels" , "rule" : "check-for-labels-on-namespace" , "status" : "fail" } ], "count" : 10 } Copy to clipboard { "message" : "Error Message" } Copy to clipboard Method API Description Codes GET/metricsPrometheus Metrics API 200
Gauge: Summary count of each status per CluserPolicyReport, only available in detailed metrics mode
Label Description nameName of the ClusterPolicyReport statusStatus of the Summary count
Gauge: One Entry represent one Result in a ClusterPolicyReport. Deleted Results will also be removed from the Metrics
Label Description categoryCategory of the Result kindKind of the result resource nameName of the result resource policyPolicy of the result reportName of the ClusterPolicyReport where this result was found ruleRule of the result severitySeverity of the result sourceSource of the result statusStatus of the Result
Gauge: Summary count of each status per PolicyReport, only available in detailed metrics mode
Label Description nameName of the PolicyReport statusStatus of the Summary count namespaceNamespace of the PolicyReport
Gauge: One Entry represent one Result in a PolicyReport. Deleted Results will also be removed from the Metrics
Label Description categoryCategory of the Result kindKind of the result resource nameName of the result resource namespaceNamespace of the result resource policyPolicy of the result reportName of the ClusterPolicyReport where this result was found ruleRule of the result severitySeverity of the result sourceSource of the result statusStatus of the Result
curl -X GET "http://localhost:8080/metrics" Copy to clipboard # HELP cluster_policy_report_result List of all ClusterPolicyReport Results
# TYPE cluster_policy_report_result gauge
cluster_policy_report_result{category="",kind="Namespace",name="argo-cd",policy="require-ns-labels",report="clusterpolicyreport",rule="check-for-labels-on-namespace",severity="",status="fail"} 1
# HELP cluster_policy_report_summary Summary of all ClusterPolicyReports
# TYPE cluster_policy_report_summary gauge
cluster_policy_report_summary{name="clusterpolicyreport",status="Error"} 0
cluster_policy_report_summary{name="clusterpolicyreport",status="Fail"} 26
cluster_policy_report_summary{name="clusterpolicyreport",status="Pass"} 0
cluster_policy_report_summary{name="clusterpolicyreport",status="Skip"} 0
cluster_policy_report_summary{name="clusterpolicyreport",status="Warn"} 0
# HELP policy_report_result List of all PolicyReport Results
# TYPE policy_report_result gauge
policy_report_result{category="Pod Security Standards (Default)",kind="Pod",name="nginx",namespace="test",policy="disallow-add-capabilities",report="polr-ns-test",rule="capabilities",severity="medium",status="pass"} 1
# HELP policy_report_summary Summary of all PolicyReports
# TYPE policy_report_summary gauge
policy_report_summary{name="polr-ns-test",namespace="test",status="Error"} 0
policy_report_summary{name="polr-ns-test",namespace="test",status="Fail"} 1
policy_report_summary{name="polr-ns-test",namespace="test",status="Pass"} 34
policy_report_summary{name="polr-ns-test",namespace="test",status="Skip"} 0
policy_report_summary{name="polr-ns-test",namespace="test",status="Warn"} 0 Copy to clipboard 
