openapi: 3.0.0 info: contact: email: info@portainer.io description: > The Portainer API is an HTTP API served by Portainer. It is used by the Portainer UI, and anything you can do in the UI can also be done via the HTTP API. API examples are available in the [Portainer documentation](https://documentation.portainer.io/api/api-examples/) You can find out more about Portainer [on our website](http://portainer.io) and get some support on [Slack](http://portainer.io/slack/). # Authentication Most of the API endpoints require authentication, as well as some level of authorization. Portainer uses JSON Web Tokens to manage authentication. You must provide a token in the **Authorization** header of each request using the **Bearer** scheme. Example: ``` Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE ``` # Security Each API endpoint has an associated access policy, documented in its description. The following policies are available: - Public access - Authenticated access - Restricted access - Administrator access ### Public access No authentication is required. ### Authenticated access Authentication is required. ### Restricted access Authentication is required. Additional checks may apply to verify access to the resource, and returned data may be filtered. ### Administrator access Authentication and an administrator role are both required. # Execute Docker requests Portainer does not expose dedicated endpoints for managing Docker resources (create a container, remove a volume, etc). Instead, it acts as a reverse-proxy to the Docker HTTP API, allowing you to execute Docker requests via the Portainer HTTP API. To do so, use the `/endpoints/{id}/docker` endpoint. Note that this endpoint is not documented below due to Swagger limitations. It has a restricted access policy, so authentication is still required. Any request made to this endpoint is proxied to the Docker API of the associated environment - request and response objects are identical to those in the [Docker official documentation](https://docs.docker.com/engine/api). # Private Registry When using a private registry, include a Base64-encoded JSON string in the request header. The header parameter name is `X-Registry-Auth` and the value should encode the following structure: ‘{"registryId":\}’ where `` is the ID of the registry where the repository was created. Example encoded value: ``` eyJyZWdpc3RyeUlkIjoxfQ== ``` license: name: zlib url: https://github.com/portainer/portainer/blob/develop/LICENSE title: PortainerCE API version: 2.43.0 paths: /auth: post: description: >- **Access policy**: public Use this environment(endpoint) to authenticate against Portainer using a username and password. operationId: AuthenticateUser requestBody: content: application/json: schema: $ref: "#/components/schemas/auth.authenticatePayload" description: Credentials used for authentication required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/auth.authenticateResponse" "400": description: Invalid request "422": description: Invalid Credentials "500": description: Server error summary: Authenticate tags: - auth /auth/logout: post: description: "**Access policy**: public" operationId: Logout responses: "204": description: Success "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Logout tags: - auth /auth/oauth/validate: post: description: "**Access policy**: public" operationId: ValidateOAuth requestBody: content: application/json: schema: $ref: "#/components/schemas/auth.oauthPayload" description: OAuth Credentials used for authentication required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/auth.authenticateResponse" "400": description: Invalid request "422": description: Invalid Credentials "500": description: Server error summary: Authenticate with OAuth tags: - auth /backup: post: description: >- Creates an archive with a system data snapshot that could be used to restore the system. **Access policy**: admin operationId: Backup requestBody: content: application/json: schema: $ref: "#/components/schemas/backup.backupPayload" description: An object contains the password to encrypt the backup with responses: "200": description: Success "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Creates an archive with a system data snapshot that could be used to restore the system. tags: - backup /custom_templates: get: description: |- List available custom templates. **Access policy**: authenticated operationId: CustomTemplateList parameters: - description: Template types in: query name: type required: true style: form explode: false schema: type: array items: enum: - 1 - 2 - 3 type: integer - description: Filter by edge templates in: query name: edge schema: type: boolean responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/portainer.CustomTemplate" type: array "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List available custom templates tags: - custom_templates "/custom_templates/{id}": delete: description: |- Remove a template. **Access policy**: authenticated operationId: CustomTemplateDelete parameters: - description: Template identifier in: path name: id required: true schema: type: integer responses: "204": description: Success "400": description: Invalid request "403": description: Access denied to resource "404": description: Template not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove a template tags: - custom_templates get: description: |- Retrieve details about a template. **Access policy**: authenticated operationId: CustomTemplateInspect parameters: - description: Template identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.CustomTemplate" "400": description: Invalid request "404": description: Template not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect a custom template tags: - custom_templates put: description: |- Update a template. **Access policy**: authenticated operationId: CustomTemplateUpdate parameters: - description: Template identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/customtemplates.customTemplateUpdatePayload" description: Template details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.CustomTemplate" "400": description: Invalid request "403": description: Permission denied to access template "404": description: Template not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update a template tags: - custom_templates "/custom_templates/{id}/file": get: description: |- Retrieve the content of the Stack file for the specified custom template **Access policy**: authenticated operationId: CustomTemplateFile parameters: - description: Template identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/customtemplates.fileResponse" "400": description: Invalid request "404": description: Custom template not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Get Template stack file content. tags: - custom_templates "/custom_templates/{id}/git_fetch": put: description: |- Retrieve details about a template created from git repository method. **Access policy**: authenticated operationId: CustomTemplateGitFetch parameters: - description: Template identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/customtemplates.fileResponse" "400": description: Invalid request "404": description: Custom template not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Fetch the latest config file content based on custom template's git repository configuration tags: - custom_templates /custom_templates/create/file: post: description: |- Create a custom template. **Access policy**: authenticated operationId: CustomTemplateCreateFile requestBody: content: multipart/form-data: schema: type: object properties: Title: description: Title of the template type: string Description: description: Description of the template type: string Note: description: A note that will be displayed in the UI. Supports HTML content type: string Platform: description: Platform associated to the template (1 - 'linux', 2 - 'windows') type: integer enum: - 1 - 2 Type: description: Type of created stack (1 - swarm, 2 - compose, 3 - kubernetes) type: integer enum: - 1 - 2 - 3 File: description: File type: string format: binary Logo: description: URL of the template's logo type: string Variables: description: A json array of variables definitions type: string required: - Title - Description - Note - Platform - Type - File required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.CustomTemplate" "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a custom template tags: - custom_templates /custom_templates/create/repository: post: description: |- Create a custom template. **Access policy**: authenticated operationId: CustomTemplateCreateRepository requestBody: content: application/json: schema: $ref: "#/components/schemas/customtemplates.customTemplateFromGitRepositoryPayl\ oad" description: Required when using method=repository required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.CustomTemplate" "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a custom template tags: - custom_templates /custom_templates/create/string: post: description: |- Create a custom template. **Access policy**: authenticated operationId: CustomTemplateCreateString requestBody: content: application/json: schema: $ref: "#/components/schemas/customtemplates.customTemplateFromFileContentPayloa\ d" description: body required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.CustomTemplate" "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a custom template tags: - custom_templates "/docker/{environmentId}/containers/{containerId}/gpus": get: description: "**Access policy**:" operationId: dockerContainerGpusInspect parameters: - description: Environment identifier in: path name: environmentId required: true schema: type: integer - description: Container identifier in: path name: containerId required: true schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/containers.containerGpusResponse" "400": description: Bad request "404": description: Environment or container not found "500": description: Internal server error security: - jwt: [] summary: Fetch container gpus data tags: - docker "/docker/{environmentId}/dashboard": get: description: "**Access policy**: restricted" operationId: dockerDashboard parameters: - description: Environment identifier in: path name: environmentId required: true schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/docker.dashboardResponse" "400": description: Bad request "500": description: Internal server error security: - jwt: [] summary: Get counters for the dashboard tags: - docker "/docker/{environmentId}/images": get: description: "**Access policy**:" operationId: dockerImagesList parameters: - description: Environment identifier in: path name: environmentId required: true schema: type: integer - description: Include image usage information in: query name: withUsage schema: type: boolean responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/images.ImageResponse" type: array "400": description: Bad request "500": description: Internal server error security: - jwt: [] summary: Fetch images tags: - docker /edge_groups: get: description: "**Access policy**: administrator" operationId: EdgeGroupList responses: "200": description: EdgeGroups content: application/json: schema: items: $ref: "#/components/schemas/edgegroups.decoratedEdgeGroup" type: array "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: list EdgeGroups tags: - edge_groups post: description: "**Access policy**: administrator" operationId: EdgeGroupCreate requestBody: content: application/json: schema: $ref: "#/components/schemas/edgegroups.edgeGroupCreatePayload" description: EdgeGroup data required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.EdgeGroup" "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Create an EdgeGroup tags: - edge_groups "/edge_groups/{id}": delete: description: "**Access policy**: administrator" operationId: EdgeGroupDelete parameters: - description: EdgeGroup Id in: path name: id required: true schema: type: integer responses: "204": description: No Content "409": description: Edge group is in use by an Edge stack or Edge job "500": description: Server error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Deletes an EdgeGroup tags: - edge_groups get: description: "**Access policy**: administrator" operationId: EdgeGroupInspect parameters: - description: EdgeGroup Id in: path name: id required: true schema: type: integer responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.EdgeGroup" "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Inspects an EdgeGroup tags: - edge_groups put: description: "**Access policy**: administrator" operationId: EdgeGroupUpdate parameters: - description: EdgeGroup Id in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/edgegroups.edgeGroupUpdatePayload" description: EdgeGroup data required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.EdgeGroup" "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Updates an EdgeGroup tags: - edge_groups /edge_jobs: get: description: "**Access policy**: administrator" operationId: EdgeJobList responses: "200": description: OK content: application/json: schema: items: $ref: "#/components/schemas/portainer.EdgeJob" type: array "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Fetch EdgeJobs list tags: - edge_jobs "/edge_jobs/{id}": delete: description: "**Access policy**: administrator" operationId: EdgeJobDelete parameters: - description: EdgeJob Id in: path name: id required: true schema: type: integer responses: "204": description: No Content "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Delete an EdgeJob tags: - edge_jobs get: description: "**Access policy**: administrator" operationId: EdgeJobInspect parameters: - description: EdgeJob Id in: path name: id required: true schema: type: integer responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.EdgeJob" "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Inspect an EdgeJob tags: - edge_jobs put: description: "**Access policy**: administrator" operationId: EdgeJobUpdate parameters: - description: EdgeJob Id in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/edgejobs.edgeJobUpdatePayload" description: EdgeGroup data required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.EdgeJob" "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Update an EdgeJob tags: - edge_jobs "/edge_jobs/{id}/file": get: description: "**Access policy**: administrator" operationId: EdgeJobFile parameters: - description: EdgeJob Id in: path name: id required: true schema: type: integer responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/edgejobs.edgeJobFileResponse" "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Fetch a file of an EdgeJob tags: - edge_jobs "/edge_jobs/{id}/tasks": get: description: "**Access policy**: administrator" operationId: EdgeJobTasksList parameters: - description: EdgeJob Id in: path name: id required: true schema: type: integer responses: "200": description: OK content: application/json: schema: items: $ref: "#/components/schemas/edgejobs.taskContainer" type: array "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Fetch the list of tasks on an EdgeJob tags: - edge_jobs "/edge_jobs/{id}/tasks/{taskID}/logs": delete: description: "**Access policy**: administrator" operationId: EdgeJobTasksClear parameters: - description: EdgeJob Id in: path name: id required: true schema: type: integer - description: Task Id in: path name: taskID required: true schema: type: integer responses: "204": description: No Content "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Clear the log for a specifc task on an EdgeJob tags: - edge_jobs get: description: "**Access policy**: administrator" operationId: EdgeJobTaskLogsInspect parameters: - description: EdgeJob Id in: path name: id required: true schema: type: integer - description: Task Id in: path name: taskID required: true schema: type: integer responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/edgejobs.fileResponse" "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Fetch the log for a specifc task on an EdgeJob tags: - edge_jobs post: description: "**Access policy**: administrator" operationId: EdgeJobTasksCollect parameters: - description: EdgeJob Id in: path name: id required: true schema: type: integer - description: Task Id in: path name: taskID required: true schema: type: integer responses: "204": description: No Content "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Collect the log for a specifc task on an EdgeJob tags: - edge_jobs /edge_jobs/create/file: post: description: "**Access policy**: administrator" operationId: EdgeJobCreateFile requestBody: content: multipart/form-data: schema: type: object properties: file: description: Content of the Stack file type: string format: binary Name: description: Name of the stack type: string CronExpression: description: A cron expression to schedule this job type: string EdgeGroups: description: JSON stringified array of Edge Groups ids type: string Endpoints: description: JSON stringified array of Environment ids type: string Recurring: description: If recurring type: boolean required: - file - Name - CronExpression - EdgeGroups - Endpoints required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.EdgeGroup" "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Create an EdgeJob from a file tags: - edge_jobs /edge_jobs/create/string: post: description: "**Access policy**: administrator" operationId: EdgeJobCreateString requestBody: content: application/json: schema: $ref: "#/components/schemas/edgejobs.edgeJobCreateFromFileContentPayload" description: EdgeGroup data when method is string required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.EdgeGroup" "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Create an EdgeJob from a text tags: - edge_jobs /edge_stacks: get: description: "**Access policy**: administrator" operationId: EdgeStackList parameters: - description: will summarize the statuses in: query name: summarizeStatuses schema: type: boolean responses: "200": description: OK content: application/json: schema: items: $ref: "#/components/schemas/portainer.EdgeStack" type: array "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Fetches the list of EdgeStacks tags: - edge_stacks "/edge_stacks/{id}": delete: description: "**Access policy**: administrator" operationId: EdgeStackDelete parameters: - description: EdgeStack Id in: path name: id required: true schema: type: integer responses: "204": description: No Content "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Delete an EdgeStack tags: - edge_stacks get: description: "**Access policy**: administrator" operationId: EdgeStackInspect parameters: - description: EdgeStack Id in: path name: id required: true schema: type: integer responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.EdgeStack" "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Inspect an EdgeStack tags: - edge_stacks put: description: "**Access policy**: administrator" operationId: EdgeStackUpdate parameters: - description: EdgeStack Id in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/edgestacks.updateEdgeStackPayload" description: EdgeStack data required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.EdgeStack" "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Update an EdgeStack tags: - edge_stacks "/edge_stacks/{id}/file": get: description: "**Access policy**: administrator" operationId: EdgeStackFile parameters: - description: EdgeStack Id in: path name: id required: true schema: type: integer responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/edgestacks.stackFileResponse" "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Fetches the stack file for an EdgeStack tags: - edge_stacks "/edge_stacks/{id}/status": put: description: Authorized only if the request is done by an Edge Environment(Endpoint) operationId: EdgeStackStatusUpdate parameters: - description: EdgeStack Id in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/edgestacks.updateStatusPayload" description: EdgeStack status payload required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.EdgeStack" "400": description: Bad Request "403": description: Forbidden "404": description: Not Found "500": description: Internal Server Error summary: Update an EdgeStack status tags: - edge_stacks /edge_stacks/create/file: post: description: "**Access policy**: administrator" operationId: EdgeStackCreateFile parameters: - description: if true, will not create an edge stack, but just will check the settings and return a non-persisted edge stack object in: query name: dryrun schema: type: string requestBody: content: multipart/form-data: schema: type: object properties: Name: description: Name of the stack. it must only consist of lowercase alphanumeric characters, hyphens, or underscores as well as start with a letter or number type: string file: description: Content of the Stack file type: string format: binary EdgeGroups: description: JSON stringified array of Edge Groups ids type: string DeploymentType: description: deploy type 0 - 'compose', 1 - 'kubernetes' type: integer Registries: description: JSON stringified array of Registry ids to use for this stack type: string UseManifestNamespaces: description: Uses the manifest's namespaces instead of the default one, relevant only for kube environments type: boolean PrePullImage: description: Pre Pull image type: boolean RetryDeploy: description: Retry deploy type: boolean required: - Name - file - EdgeGroups - DeploymentType required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.EdgeStack" "400": description: Bad request "500": description: Internal server error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Create an EdgeStack from file tags: - edge_stacks /edge_stacks/create/repository: post: description: "**Access policy**: administrator" operationId: EdgeStackCreateRepository parameters: - description: if true, will not create an edge stack, but just will check the settings and return a non-persisted edge stack object in: query name: dryrun schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/edgestacks.edgeStackFromGitRepositoryPayload" description: stack config required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.EdgeStack" "400": description: Bad request "500": description: Internal server error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Create an EdgeStack from a git repository tags: - edge_stacks /edge_stacks/create/string: post: description: "**Access policy**: administrator" operationId: EdgeStackCreateString parameters: - description: if true, will not create an edge stack, but just will check the settings and return a non-persisted edge stack object in: query name: dryrun schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/edgestacks.edgeStackFromStringPayload" description: stack config required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.EdgeStack" "400": description: Bad request "500": description: Internal server error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Create an EdgeStack from a text tags: - edge_stacks /endpoint_groups: get: description: >- List all environment(endpoint) groups based on the current user authorizations. Will return all environment(endpoint) groups if using an administrator account otherwise it will only return authorized environment(endpoint) groups. **Access policy**: restricted operationId: EndpointGroupList parameters: - description: If true, each environment(endpoint) group will include the number of environments(endpoints) associated to it and breakdown by type in: query name: size schema: type: boolean responses: "200": description: Environment(Endpoint) group content: application/json: schema: items: $ref: "#/components/schemas/endpointgroups.EndpointGroupResponse" type: array "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List Environment(Endpoint) groups tags: - endpoint_groups post: description: |- Create a new environment(endpoint) group. **Access policy**: administrator requestBody: content: application/json: schema: $ref: "#/components/schemas/endpointgroups.endpointGroupCreatePayload" description: Environment(Endpoint) Group details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.EndpointGroup" "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create an Environment(Endpoint) Group tags: - endpoint_groups "/endpoint_groups/{id}": delete: description: |- Remove an environment(endpoint) group. **Access policy**: administrator operationId: EndpointGroupDelete parameters: - description: EndpointGroup identifier in: path name: id required: true schema: type: integer responses: "204": description: Success "400": description: Invalid request "404": description: EndpointGroup not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove an environment(endpoint) group tags: - endpoint_groups get: description: |- Retrieve details abont an environment(endpoint) group. **Access policy**: administrator parameters: - description: Environment(Endpoint) group identifier in: path name: id required: true schema: type: integer - description: If true, include the number of environments and breakdown by type in: query name: size schema: type: boolean responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/endpointgroups.EndpointGroupResponse" "400": description: Invalid request "404": description: EndpointGroup not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect an Environment(Endpoint) group tags: - endpoint_groups put: description: |- Update an environment(endpoint) group. **Access policy**: administrator operationId: EndpointGroupUpdate parameters: - description: EndpointGroup identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/endpointgroups.endpointGroupUpdatePayload" description: EndpointGroup details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.EndpointGroup" "400": description: Invalid request "404": description: EndpointGroup not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update an environment(endpoint) group tags: - endpoint_groups "/endpoint_groups/{id}/endpoints/{endpointId}": delete: description: "**Access policy**: administrator" operationId: EndpointGroupDeleteEndpoint parameters: - description: EndpointGroup identifier in: path name: id required: true schema: type: integer - description: Environment(Endpoint) identifier in: path name: endpointId required: true schema: type: integer responses: "204": description: Success "400": description: Invalid request "404": description: EndpointGroup not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Removes environment(endpoint) from an environment(endpoint) group tags: - endpoint_groups put: description: |- Add an environment(endpoint) to an environment(endpoint) group **Access policy**: administrator operationId: EndpointGroupAddEndpoint parameters: - description: EndpointGroup identifier in: path name: id required: true schema: type: integer - description: Environment(Endpoint) identifier in: path name: endpointId required: true schema: type: integer responses: "204": description: Success "400": description: Invalid request "404": description: EndpointGroup not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Add an environment(endpoint) to an environment(endpoint) group tags: - endpoint_groups /endpoints: delete: deprecated: true description: >- Deprecated: use the `POST` endpoint instead. Remove multiple environments and optionally clean-up associated resources. **Access policy**: Administrator only. operationId: EndpointDeleteBatchDeprecated requestBody: $ref: "#/components/requestBodies/endpoints.endpointDeleteBatchPayload" responses: "204": description: Environment(s) successfully deleted. "207": description: Partial success. Some environments were deleted successfully, while others failed. content: application/json: schema: $ref: "#/components/schemas/endpoints.endpointDeleteBatchPartialResponse" "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to delete the specified environments. security: - ApiKeyAuth: [] jwt: [] summary: Remove multiple environments tags: - endpoints get: description: >- List all environments(endpoints) based on the current user authorizations. Will return all environments(endpoints) if using an administrator or team leader account otherwise it will only return authorized environments(endpoints). **Access policy**: restricted operationId: EndpointList parameters: - description: Start searching from in: query name: start schema: type: integer - description: Limit results to this value in: query name: limit schema: type: integer - description: Sort results by this value in: query name: sort schema: type: string enum: - Name - Group - Status - LastCheckIn - EdgeID - PlatformType - Health - Id - description: Order sorted results by desc/asc in: query name: order schema: type: string - description: Search query in: query name: search schema: type: string - description: List environments(endpoints) of these groups in: query name: groupIds style: form explode: false schema: type: array items: type: integer - description: List environments(endpoints) by this status in: query name: status style: form explode: false schema: type: array items: type: integer - description: List environments(endpoints) of this type in: query name: types style: form explode: false schema: type: array items: enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 type: integer - description: Filter environments by platform type in: query name: platformTypes style: form explode: false schema: type: array items: enum: - 0 - 1 - 2 - 3 - 4 type: integer - description: If true, return only environments with an outdated agent in: query name: outdated schema: type: boolean - description: Exclude environments of these groups in: query name: excludeGroupIds style: form explode: false schema: type: array items: type: integer - description: search environments(endpoints) with these tags (depends on tagsPartialMatch) in: query name: tagIds style: form explode: false schema: type: array items: type: integer - description: If true, will return environment(endpoint) which has one of tagIds, if false (or missing) will return only environments(endpoints) that has all the tags in: query name: tagsPartialMatch schema: type: boolean - description: will return only these environments(endpoints) in: query name: endpointIds style: form explode: false schema: type: array items: type: integer - description: will exclude these environments(endpoints) in: query name: excludeIds style: form explode: false schema: type: array items: type: integer - description: will return only environments with on of these agent versions in: query name: agentVersions style: form explode: false schema: type: array items: type: string - description: if exists true show only edge async agents, false show only standard edge agents. if missing, will show both types (relevant only for edge agents) in: query name: edgeAsync schema: type: boolean - description: if true, show only untrusted edge agents, if false show only trusted edge agents (relevant only for edge agents) in: query name: edgeDeviceUntrusted schema: type: boolean - description: if bigger then zero, show only edge agents that checked-in in the last provided seconds (relevant only for edge agents) in: query name: edgeCheckInPassedSeconds schema: type: number - description: if true, the snapshot data won't be retrieved in: query name: excludeSnapshots schema: type: boolean - description: will return only environments(endpoints) with this name in: query name: name schema: type: string - description: will return the environments of the specified edge stack in: query name: edgeStackId schema: type: integer - description: only applied when edgeStackId exists. Filter the returned environments based on their deployment status in the stack (not the environment status!) in: query name: edgeStackStatus schema: type: integer enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 - 12 - 13 - description: List environments(endpoints) of these edge groups in: query name: edgeGroupIds style: form explode: false schema: type: array items: type: integer - description: Exclude environments(endpoints) of these edge groups in: query name: excludeEdgeGroupIds style: form explode: false schema: type: array items: type: integer responses: "200": description: Endpoints content: application/json: schema: items: $ref: "#/components/schemas/portainer.Endpoint" type: array "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List environments(endpoints) tags: - endpoints post: description: >- Create a new environment(endpoint) that will be used to manage an environment(endpoint). **Access policy**: administrator operationId: EndpointCreate requestBody: content: multipart/form-data: schema: type: object properties: Name: description: "Name that will be used to identify this environment(endpoint) (example: my-environment)" type: string EndpointCreationType: description: "Environment(Endpoint) type. Value must be one of: 1 (Local Docker environment), 2 (Agent environment), 3 (Azure environment), 4 (Edge agent environment) or 5 (Local Kubernetes Environment)" type: integer enum: - 0 - 1 - 2 - 3 - 4 - 5 ContainerEngine: description: "Container engine used by the environment(endpoint). Value must be one of: 'docker' or 'podman'" type: string URL: description: "URL or IP address of a Docker host (example: docker.mydomain.tld:2375). Defaults to local if not specified (Linux: /var/run/docker.sock, Windows: //./pipe/docker_engine). Cannot be empty if EndpointCreationType is set to 4 (Edge agent environment)" type: string PublicURL: description: "URL or IP address where exposed containers will be reachable. Defaults to URL if not specified (example: docker.mydomain.tld:2375)" type: string GroupID: description: Environment(Endpoint) group identifier. If not specified will default to 1 (unassigned). type: integer TLS: description: Require TLS to connect against this environment(endpoint). Must be true if EndpointCreationType is set to 2 (Agent environment) type: boolean TLSSkipVerify: description: Skip server verification when using TLS. Must be true if EndpointCreationType is set to 2 (Agent environment) type: boolean TLSSkipClientVerify: description: Skip client verification when using TLS. Must be true if EndpointCreationType is set to 2 (Agent environment) type: boolean TLSCACertFile: description: TLS CA certificate file type: string format: binary TLSCertFile: description: TLS client certificate file type: string format: binary TLSKeyFile: description: TLS client key file type: string format: binary AzureApplicationID: description: Azure application ID. Required if environment(endpoint) type is set to 3 type: string AzureTenantID: description: Azure tenant ID. Required if environment(endpoint) type is set to 3 type: string AzureAuthenticationKey: description: Azure authentication key. Required if environment(endpoint) type is set to 3 type: string TagIds: description: JSON-parsable array of tag identifiers to which this environment(endpoint) is associated type: string EdgeCheckinInterval: description: The check in interval for edge agent (in seconds) type: integer EdgeTunnelServerAddress: description: URL or IP address that will be used to establish a reverse tunnel type: string Gpus: description: List of GPUs - json stringified array of {name, value} structs type: string required: - Name - EndpointCreationType required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.Endpoint" "400": description: Invalid request "409": description: Name is not unique "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a new environment(endpoint) tags: - endpoints "/endpoints/{id}": delete: description: >- Remove the environment associated to the specified identifier and optionally clean-up associated resources. **Access policy**: Administrator only. operationId: EndpointDelete parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer responses: "204": description: Environment successfully deleted. "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "403": description: Unauthorized access or operation not allowed. "404": description: Unable to find the environment with the specified identifier inside the database. "500": description: Server error occurred while attempting to delete the environment. security: - ApiKeyAuth: [] jwt: [] summary: Remove an environment tags: - endpoints get: description: |- Retrieve details about an environment(endpoint). **Access policy**: restricted operationId: EndpointInspect parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer - description: if true, the snapshot data won't be retrieved in: query name: excludeSnapshot schema: type: boolean responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.Endpoint" "400": description: Invalid request "404": description: Environment(Endpoint) not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect an environment(endpoint) tags: - endpoints put: description: |- Update an environment(endpoint). **Access policy**: authenticated operationId: EndpointUpdate parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/endpoints.endpointUpdatePayload" description: Environment(Endpoint) details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.Endpoint" "400": description: Invalid request "404": description: Environment(Endpoint) not found "409": description: Name is not unique "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update an environment(endpoint) tags: - endpoints "/endpoints/{id}/association": put: description: |- De-association an edge environment(endpoint). **Access policy**: administrator operationId: EndpointAssociationDelete parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer responses: "204": description: Success "400": description: Invalid request "404": description: Environment(Endpoint) not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: De-association an edge environment(endpoint) tags: - endpoints "/endpoints/{id}/docker/v2/browse/put": post: description: |- Use this environment(endpoint) to upload TLS files. **Access policy**: administrator parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer - description: Optional volume identifier to upload the file in: query name: volumeID schema: type: string requestBody: content: multipart/form-data: schema: type: object properties: Path: description: The destination path to upload the file to type: string file: description: The file to upload type: string format: binary required: - Path - file required: true responses: "204": description: Success "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Upload a file under a specific path on the file system of an environment (endpoint) tags: - endpoints "/endpoints/{id}/dockerhub/{registryId}": get: description: |- get docker pull limits for a docker hub registry in the environment **Access policy**: operationId: endpointDockerhubStatus parameters: - description: endpoint ID in: path name: id required: true schema: type: integer - description: registry ID in: path name: registryId required: true schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/endpoints.dockerhubStatusResponse" "400": description: Invalid request "403": description: Permission denied "404": description: registry or endpoint not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: fetch docker pull limits tags: - endpoints "/endpoints/{id}/edge/jobs/{jobID}/logs": post: description: "**Access policy**: Edge agent only — requires X-PortainerAgent-EdgeID header" parameters: - description: environment Id in: path name: id required: true schema: type: integer - description: Job Id in: path name: jobID required: true schema: type: integer responses: "200": description: OK "400": description: Bad Request "403": description: Forbidden "500": description: Internal Server Error summary: Update the logs collected from an Edge Job tags: - edge_agent "/endpoints/{id}/edge/stacks/{stackId}": get: description: "**Access policy**: Edge agent only — requires X-PortainerAgent-EdgeID header" parameters: - description: environment Id in: path name: id required: true schema: type: integer - description: EdgeStack Id in: path name: stackId required: true schema: type: integer responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/edge.StackPayload" "400": description: Bad Request "404": description: Not Found "500": description: Internal Server Error summary: Inspect an Edge Stack for an Environment tags: - edge_agent - edge_stacks "/endpoints/{id}/edge/status": get: description: >- Endpoint for edge agent to check status of environment **Access policy**: Edge agent only — requires X-PortainerAgent-EdgeID header operationId: EndpointEdgeStatusInspect parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: "*/*": schema: $ref: "#/components/schemas/endpointedge.endpointEdgeStatusInspectResponse" "400": description: Invalid request "403": description: Permission denied to access environment "404": description: Environment not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Get environment status tags: - edge_agent "/endpoints/{id}/forceupdateservice": put: description: |- force update a docker service **Access policy**: authenticated operationId: endpointForceUpdateService parameters: - description: endpoint identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/endpoints.forceUpdateServicePayload" description: details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/swarm.ServiceUpdateResponse" "400": description: Invalid request "403": description: Permission denied "404": description: endpoint not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: force update a docker service tags: - endpoints "/endpoints/{id}/kubernetes/helm": get: description: "**Access policy**: authenticated" operationId: HelmList parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer - description: specify an optional namespace in: query name: namespace schema: type: string - description: specify an optional filter in: query name: filter schema: type: string - description: specify an optional selector in: query name: selector schema: type: string responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/release.ReleaseElement" type: array "400": description: Invalid environment(endpoint) identifier "401": description: Unauthorized "404": description: Environment(Endpoint) or ServiceAccount not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List Helm Releases tags: - helm post: description: "**Access policy**: authenticated" operationId: HelmInstall parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer - description: Dry run in: query name: dryRun schema: type: boolean requestBody: content: application/json: schema: $ref: "#/components/schemas/helm.installChartPayload" description: Chart details required: true responses: "201": description: Created content: application/json: schema: $ref: "#/components/schemas/release.Release" "400": description: Invalid request payload "401": description: Unauthorized "404": description: Environment(Endpoint) or ServiceAccount not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Install Helm Chart tags: - helm "/endpoints/{id}/kubernetes/helm/{release}": delete: description: "**Access policy**: authenticated" operationId: HelmDelete parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer - description: The name of the release/application to uninstall in: path name: release required: true schema: type: string - description: An optional namespace in: query name: namespace schema: type: string responses: "204": description: Success "400": description: Invalid environment(endpoint) id or bad request "401": description: Unauthorized "404": description: Environment(Endpoint) or ServiceAccount not found "500": description: Server error or helm error security: - ApiKeyAuth: [] - jwt: [] summary: Delete Helm Release tags: - helm get: description: |- Get details of a helm release by release name **Access policy**: authenticated operationId: HelmGet parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer - description: Helm release name in: path name: release required: true schema: type: string - description: specify an optional namespace in: query name: namespace schema: type: string - description: show resources of the release in: query name: showResources schema: type: boolean - description: specify an optional revision in: query name: revision schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/release.Release" "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the release. security: - ApiKeyAuth: [] jwt: [] summary: Get a helm release tags: - helm "/endpoints/{id}/kubernetes/helm/{release}/history": get: description: |- Get a historical list of releases by release name **Access policy**: authenticated operationId: HelmGetHistory parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer - description: Helm release name in: path name: release required: true schema: type: string - description: specify an optional namespace in: query name: namespace schema: type: string responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/release.Release" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the historical list of releases. security: - ApiKeyAuth: [] jwt: [] summary: Get a historical list of releases tags: - helm "/endpoints/{id}/kubernetes/helm/{release}/rollback": post: description: |- Rollback a helm release to a previous revision **Access policy**: authenticated operationId: HelmRollback parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer - description: Helm release name in: path name: release required: true schema: type: string - description: specify an optional namespace in: query name: namespace schema: type: string - description: specify the revision to rollback to (defaults to previous revision if not specified) in: query name: revision schema: type: integer - description: "wait for resources to be ready (default: false)" in: query name: wait schema: type: boolean - description: "wait for jobs to complete before marking the release as successful (default: false)" in: query name: waitForJobs schema: type: boolean - description: "performs pods restart for the resource if applicable (default: true)" in: query name: recreate schema: type: boolean - description: "force resource update through delete/recreate if needed (default: false)" in: query name: force schema: type: boolean - description: "time to wait for any individual Kubernetes operation in seconds (default: 300)" in: query name: timeout schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/release.Release" "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or release name. "500": description: Server error occurred while attempting to rollback the release. security: - ApiKeyAuth: [] jwt: [] summary: Rollback a helm release tags: - helm "/endpoints/{id}/registries": get: description: >- List all registries based on the current user authorizations in current environment. **Access policy**: authenticated operationId: endpointRegistriesList parameters: - description: required if kubernetes environment, will show registries by namespace in: query name: namespace schema: type: string - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/portainer.Registry" type: array "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List Registries on environment tags: - endpoints "/endpoints/{id}/registries/{registryId}": put: description: "**Access policy**: authenticated" operationId: endpointRegistryAccess parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer - description: Registry identifier in: path name: registryId required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/endpoints.registryAccessPayload" description: details required: true responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: Endpoint not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: update registry access for environment tags: - endpoints "/endpoints/{id}/settings": put: description: |- Update settings for an environment(endpoint). **Access policy**: authenticated operationId: EndpointSettingsUpdate parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/endpoints.endpointSettingsUpdatePayload" description: Environment(Endpoint) details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.Endpoint" "400": description: Invalid request "404": description: Environment(Endpoint) not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update settings for an environment(endpoint) tags: - endpoints "/endpoints/{id}/snapshot": post: description: |- Snapshots an environment(endpoint) **Access policy**: administrator operationId: EndpointSnapshot parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer responses: "204": description: Success "400": description: Invalid request "404": description: Environment(Endpoint) not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Snapshots an environment(endpoint) tags: - endpoints /endpoints/delete: post: description: >- Remove multiple environments and optionally clean-up associated resources. **Access policy**: Administrator only. operationId: EndpointDeleteBatch requestBody: $ref: "#/components/requestBodies/endpoints.endpointDeleteBatchPayload" responses: "204": description: Environment(s) successfully deleted. "207": description: Partial success. Some environments were deleted successfully, while others failed. content: application/json: schema: $ref: "#/components/schemas/endpoints.endpointDeleteBatchPartialResponse" "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to delete the specified environments. security: - ApiKeyAuth: [] jwt: [] summary: Remove multiple environments tags: - endpoints /endpoints/global-key: post: operationId: EndpointCreateGlobalKey responses: "200": description: Success content: "*/*": schema: $ref: "#/components/schemas/endpoints.endpointCreateGlobalKeyResponse" "400": description: Invalid request "500": description: Server error summary: Create or retrieve the endpoint for an EdgeID tags: - endpoints /endpoints/relations: put: description: |- Update relations for a list of environments Edge groups, tags and environment group can be updated. **Access policy**: administrator operationId: EndpointUpdateRelations requestBody: content: application/json: schema: $ref: "#/components/schemas/endpoints.endpointUpdateRelationsPayload" description: Environment relations data required: true responses: "204": description: Success "400": description: Invalid request "401": description: Unauthorized "404": description: Not found "500": description: Server error security: - jwt: [] summary: Update relations for a list of environments tags: - endpoints /endpoints/snapshot: post: description: |- Snapshot all environments(endpoints) **Access policy**: administrator operationId: EndpointSnapshots responses: "204": description: Success "500": description: Server Error security: - ApiKeyAuth: [] - jwt: [] summary: Snapshot all environments(endpoints) tags: - endpoints /endpoints/summary: get: description: >- Returns counts of environments by status (up, down) and ungrouped environments (unassigned), plus breakdowns by group, type, and health. **Access policy**: restricted operationId: EndpointSummaryCounts responses: "200": description: Environment summary counts content: application/json: schema: $ref: "#/components/schemas/endpoints.EnvironmentSummaryCountsResponse" "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Get environment summary counts tags: - endpoints /gitops/repo/file/preview: post: description: |- Retrieve the compose file content based on git repository configuration **Access policy**: authenticated operationId: GitOperationRepoFilePreview requestBody: content: application/json: schema: $ref: "#/components/schemas/gitops.repositoryFilePreviewPayload" description: Template details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/gitops.fileResponse" "400": description: Invalid request "404": description: Source not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: preview the content of target file in the git repository tags: - gitops /gitops/sources: get: description: >- Returns a deduplicated list of git repositories used across all GitOps workflows. **Access policy**: authenticated operationId: GitOpsSourcesList parameters: - description: Search term (matches URL) in: query name: search schema: type: string - description: "Sort field: name | status | type" in: query name: sort schema: type: string - description: "Sort order: asc or desc" in: query name: order schema: type: string - description: Pagination start index in: query name: start schema: type: integer - description: Pagination limit (0 = unlimited) in: query name: limit schema: type: integer - description: "Filter by status: healthy | syncing | error | paused | unknown" in: query name: status schema: type: string - description: "Filter by source type: git | oci | helm" in: query name: type schema: type: string enum: - git - helm - oci responses: "200": description: OK content: application/json: schema: items: $ref: "#/components/schemas/sources.Source" type: array "400": description: Invalid status parameter "403": description: Access denied "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List all GitOps sources tags: - gitops "/gitops/sources/{id}": delete: description: >- Deletes an existing GitOps source. Returns 409 if the source is referenced by any workflow or custom template. **Access policy**: authenticated operationId: GitOpsSourcesDelete parameters: - description: Source identifier in: path name: id required: true schema: type: integer responses: "204": description: Source deleted "400": description: Invalid request "403": description: Access denied "404": description: Source not found "409": description: Source is in use by one or more workflows or custom templates "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Delete a source tags: - gitops get: description: >- Returns a single GitOps source with its connection settings and linked workflows. **Access policy**: authenticated operationId: GitOpsSourceGet parameters: - description: Source identifier in: path name: id required: true schema: type: integer responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/sources.SourceDetail" "400": description: Invalid request "403": description: Access denied "404": description: Source not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Get a GitOps source by ID tags: - gitops put: description: |- Updates an existing GitOps source backed by a Git repository. **Access policy**: authenticated operationId: GitOpsSourcesUpdateGit parameters: - description: Source identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/sources.GitSourceUpdatePayload" description: Git source details required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.Source" "400": description: Invalid request payload "403": description: Access denied "404": description: Source not found "409": description: A source with this URL and credentials already exists "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update a Git source tags: - gitops "/gitops/sources/{id}/access": put: description: |- Updates the access control settings for an existing GitOps source. **Access policy**: administrator operationId: GitOpsSourcesUpdateAccess parameters: - description: Source identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/sources.SourceAccessUpdatePayload" description: Source access control required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.Source" "400": description: Invalid request payload "403": description: Access denied "404": description: Source not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update a GitOps source's access control tags: - gitops "/gitops/sources/{id}/test": post: description: >- Tests connectivity for a GitOps source, applying optional overrides to the stored configuration. **Access policy**: authenticated operationId: GitOpsSourcesTestById parameters: - description: Source identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/sources.GitSourceUpdatePayload" description: Optional connection overrides; omitted fields fall back to stored values responses: "200": description: Connection test result content: application/json: schema: $ref: "#/components/schemas/sources.ConnectionTestResult" "400": description: Invalid request payload "403": description: Access denied "404": description: Source not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Test the connection of a stored source tags: - gitops /gitops/sources/git: post: description: |- Creates a new GitOps source backed by a Git repository. **Access policy**: authenticated operationId: GitOpsSourcesCreateGit requestBody: content: application/json: schema: $ref: "#/components/schemas/sources.GitSourceCreatePayload" description: Git source details required: true responses: "201": description: Created content: application/json: schema: $ref: "#/components/schemas/portainer.Source" "400": description: Invalid request payload "403": description: Access denied "409": description: A source with this URL and credentials already exists "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a Git source tags: - gitops /gitops/sources/summary: get: description: |- Returns a count of sources per status. **Access policy**: authenticated operationId: GitOpsSourcesSummary responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/workflows.StatusSummary" "403": description: Access denied "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Summarize GitOps source status counts tags: - gitops /gitops/sources/test: post: description: >- Tests connectivity for Git connection details that have not been persisted yet. **Access policy**: authenticated operationId: GitOpsSourcesTest requestBody: content: application/json: schema: $ref: "#/components/schemas/sources.GitSourceCreatePayload" description: Git connection details required: true responses: "200": description: Connection test result content: application/json: schema: $ref: "#/components/schemas/sources.ConnectionTestResult" "400": description: Invalid request payload "403": description: Access denied "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Test a Git source connection tags: - gitops /gitops/workflows: get: description: >- Returns a unified list of all stacks that have GitOps (GitConfig) configured. **Access policy**: authenticated operationId: GitOpsWorkflowsList parameters: - description: Search term (matches name or repository URL) in: query name: search schema: type: string - description: "Sort field: name | type | status | creationDate | lastSyncDate" in: query name: sort schema: type: string - description: "Sort order: asc or desc" in: query name: order schema: type: string - description: Pagination start index in: query name: start schema: type: integer - description: Pagination limit (0 = unlimited) in: query name: limit schema: type: integer - description: Filter by environment IDs (e.g. endpointIds[]=1&endpointIds[]=2) in: query name: endpointIds style: form explode: false schema: type: array items: type: integer - description: "Filter by status: healthy | syncing | error | paused | unknown" in: query name: status schema: type: string - description: "Filter by type: stack" in: query name: type schema: type: string - description: "Filter by platform: dockerStandalone | dockerSwarm | kubernetes" in: query name: platform schema: type: string responses: "200": description: OK content: application/json: schema: items: $ref: "#/components/schemas/workflows.Workflow" type: array "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List all GitOps workflows tags: - gitops "/gitops/workflows/{id}": get: description: >- Returns the detail view of a single GitOps workflow, with one entry per backing stack or edge stack artifact. **Access policy**: authenticated operationId: GitOpsWorkflowGet parameters: - description: Workflow identifier in: path name: id required: true schema: type: integer responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/workflows.WorkflowDetail" "400": description: Invalid request "404": description: Workflow not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Get a GitOps workflow by ID tags: - gitops /gitops/workflows/summary: get: description: |- Returns a count of workflows per status across all environments. **Access policy**: authenticated operationId: GitOpsWorkflowsSummary responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/workflows.StatusSummary" "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Summarize GitOps workflow status counts tags: - gitops "/kubernetes/{id}/applications": get: description: >- Get a list of applications across all namespaces in the cluster. If the nodeName is provided, it will return the applications running on that node. **Access policy**: authenticated operationId: GetAllKubernetesApplications parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer - description: Namespace name in: query name: namespace required: true schema: type: string - description: Node name in: query name: nodeName required: true schema: type: string responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sApplication" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the list of applications from the cluster. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of applications across all namespaces in the cluster. If the nodeName is provided, it will return the applications running on that node. tags: - kubernetes "/kubernetes/{id}/applications/count": get: description: >- Get the count of Applications across all namespaces in the cluster. If the nodeName is provided, it will return the count of applications running on that node. **Access policy**: Authenticated user. operationId: GetAllKubernetesApplicationsCount parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: type: integer "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the count of all applications from the cluster. security: - ApiKeyAuth: [] jwt: [] summary: Get Applications count tags: - kubernetes "/kubernetes/{id}/cluster_role_bindings/delete": post: description: |- Delete the provided list of cluster role bindings. **Access policy**: Authenticated user. operationId: DeleteClusterRoleBindings parameters: - description: Environment identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: items: type: string type: array description: A list of cluster role bindings to delete required: true responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific cluster role binding. "500": description: Server error occurred while attempting to delete cluster role bindings. security: - ApiKeyAuth: [] jwt: [] summary: Delete cluster role bindings tags: - kubernetes "/kubernetes/{id}/cluster_roles/delete": post: description: |- Delete the provided list of cluster roles. **Access policy**: Authenticated user. operationId: DeleteClusterRoles parameters: - description: Environment identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: items: type: string type: array description: A list of cluster roles to delete required: true responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific cluster role. "500": description: Server error occurred while attempting to delete cluster roles. security: - ApiKeyAuth: [] jwt: [] summary: Delete cluster roles tags: - kubernetes "/kubernetes/{id}/clusterrolebindings": get: description: >- Get a list of kubernetes cluster role bindings within the given environment at the cluster level. **Access policy**: Authenticated user. operationId: GetAllKubernetesClusterRoleBindings parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sClusterRoleBinding" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the list of cluster role bindings. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of kubernetes cluster role bindings tags: - kubernetes "/kubernetes/{id}/clusterroles": get: description: >- Get a list of kubernetes cluster roles within the given environment at the cluster level. **Access policy**: Authenticated user. operationId: GetAllKubernetesClusterRoles parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sClusterRole" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the list of cluster roles. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of kubernetes cluster roles tags: - kubernetes "/kubernetes/{id}/configmaps": get: description: >- Get a list of ConfigMaps across all namespaces in the cluster. For non-admin users, it will only return ConfigMaps based on the namespaces that they have access to. **Access policy**: Authenticated user. operationId: GetAllKubernetesConfigMaps parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Set to true to include information about applications that use the ConfigMaps in the response in: query name: isUsed required: true schema: type: boolean responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sConfigMap" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve all configmaps from the cluster. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of ConfigMaps tags: - kubernetes "/kubernetes/{id}/configmaps/count": get: description: >- Get the count of ConfigMaps across all namespaces in the cluster. For non-admin users, it will only return the count of ConfigMaps based on the namespaces that they have access to. **Access policy**: Authenticated user. operationId: GetAllKubernetesConfigMapsCount parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: type: integer "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the count of all configmaps from the cluster. security: - ApiKeyAuth: [] jwt: [] summary: Get ConfigMaps count tags: - kubernetes "/kubernetes/{id}/cron_jobs": get: description: |- Get a list of kubernetes Cron Jobs that the user has access to. **Access policy**: Authenticated user. operationId: GetKubernetesCronJobs parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sCronJob" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the list of Cron Jobs. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of kubernetes Cron Jobs tags: - kubernetes "/kubernetes/{id}/cron_jobs/delete": post: description: |- Delete the provided list of Cron Jobs. **Access policy**: Authenticated user. operationId: DeleteCronJobs parameters: - description: Environment identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sCronJobDeleteRequests" description: A map where the key is the namespace and the value is an array of Cron Jobs to delete required: true responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific service account. "500": description: Server error occurred while attempting to delete Cron Jobs. security: - ApiKeyAuth: [] jwt: [] summary: Delete Cron Jobs tags: - kubernetes "/kubernetes/{id}/dashboard": get: description: >- Get the dashboard summary data which is simply a count of a range of different commonly used kubernetes resources. **Access policy**: Authenticated user. operationId: GetKubernetesDashboard parameters: - description: Environment (Endpoint) identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sDashboard" type: array "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] jwt: [] summary: Get the dashboard summary data tags: - kubernetes "/kubernetes/{id}/describe": get: description: |- Get a description of a kubernetes resource. **Access policy**: Authenticated user. operationId: DescribeResource parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Resource name in: query name: name required: true schema: type: string - description: Resource kind in: query name: kind required: true schema: type: string - description: Namespace in: query name: namespace schema: type: string responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/kubernetes.describeResourceResponse" "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve resource description security: - ApiKeyAuth: [] jwt: [] summary: Get a description of a kubernetes resource tags: - kubernetes "/kubernetes/{id}/events": get: description: |- Get events by query param resourceId **Access policy**: Authenticated user. operationId: getAllKubernetesEvents parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: The resource id of the involved kubernetes object in: query name: resourceId schema: type: string responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sEvent" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "500": description: Server error occurred while attempting to retrieve the events. security: - ApiKeyAuth: [] jwt: [] summary: Gets kubernetes events tags: - kubernetes "/kubernetes/{id}/ingresscontrollers": get: description: >- Get a list of ingress controllers for the given environment. If the allowedOnly query parameter is set, only ingress controllers that are allowed by the environment's ingress configuration will be returned. **Access policy**: Authenticated user. operationId: GetAllKubernetesIngressControllers parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Only return allowed ingress controllers in: query name: allowedOnly schema: type: boolean responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sIngressController" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve ingress controllers security: - ApiKeyAuth: [] jwt: [] summary: Get a list of ingress controllers tags: - kubernetes put: description: |- Update (block/unblock) ingress controllers for the provided environment. **Access policy**: Authenticated user. operationId: UpdateKubernetesIngressControllers parameters: - description: Environment identifier in: path name: id required: true schema: type: integer requestBody: $ref: "#/components/requestBodies/kubernetes.K8sIngressControllerArray" responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find the ingress controllers to update. "500": description: Server error occurred while attempting to update ingress controllers. security: - ApiKeyAuth: [] jwt: [] summary: Update (block/unblock) ingress controllers tags: - kubernetes "/kubernetes/{id}/ingresses": get: description: >- Get kubernetes ingresses at the cluster level for the provided environment. **Access policy**: Authenticated user. operationId: GetAllKubernetesClusterIngresses parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Lookup services associated with each ingress in: query name: withServices schema: type: boolean responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sIngressInfo" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve ingresses. security: - ApiKeyAuth: [] jwt: [] summary: Get kubernetes ingresses at the cluster level tags: - kubernetes "/kubernetes/{id}/ingresses/count": get: description: |- Get the number of kubernetes ingresses within the given environment. **Access policy**: Authenticated user. operationId: GetAllKubernetesClusterIngressesCount parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: type: integer "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve ingresses count. security: - ApiKeyAuth: [] jwt: [] summary: Get Ingresses count tags: - kubernetes "/kubernetes/{id}/ingresses/delete": post: description: |- Delete one or more Ingresses in the provided environment. **Access policy**: Authenticated user. operationId: DeleteKubernetesIngresses parameters: - description: Environment identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sIngressDeleteRequests" description: Ingress details required: true responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific ingress. "500": description: Server error occurred while attempting to delete specified ingresses. security: - ApiKeyAuth: [] jwt: [] summary: Delete one or more Ingresses tags: - kubernetes "/kubernetes/{id}/jobs": get: description: |- Get a list of kubernetes Jobs that the user has access to. **Access policy**: Authenticated user. operationId: GetKubernetesJobs parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Whether to include Jobs that have a cronjob owner in: query name: includeCronJobChildren schema: type: boolean responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sJob" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the list of Jobs. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of kubernetes Jobs tags: - kubernetes "/kubernetes/{id}/jobs/delete": post: description: |- Delete the provided list of Jobs. **Access policy**: Authenticated user. operationId: DeleteJobs parameters: - description: Environment identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sJobDeleteRequests" description: A map where the key is the namespace and the value is an array of Jobs to delete required: true responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific service account. "500": description: Server error occurred while attempting to delete Jobs. security: - ApiKeyAuth: [] jwt: [] summary: Delete Jobs tags: - kubernetes "/kubernetes/{id}/max_resource_limits": get: description: >- Get max CPU and memory limits (unused resources) of all nodes within k8s cluster. **Access policy**: Authenticated user. operationId: GetKubernetesMaxResourceLimits parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.K8sNodesLimits" "400": description: Invalid request "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve nodes limits. security: - ApiKeyAuth: [] jwt: [] summary: Get max CPU and memory limits of all nodes within k8s cluster tags: - kubernetes "/kubernetes/{id}/metrics/applications_resources": get: description: >- Get the total CPU (cores) and memory (bytes) requests and limits of all applications across all namespaces. **Access policy**: Authenticated user. operationId: GetApplicationsResources parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer - description: Node name in: query name: node required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sApplicationResource" "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the total resource requests and limits for all applications from the cluster. security: - ApiKeyAuth: [] jwt: [] summary: Get the total resource requests and limits of all applications tags: - kubernetes "/kubernetes/{id}/metrics/nodes": get: description: |- Get a list of metrics associated with all nodes of a cluster. **Access policy**: Authenticated user. operationId: GetKubernetesMetricsForAllNodes parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/v1beta1.NodeMetricsList" "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "500": description: Server error occurred while attempting to retrieve the list of nodes with their live metrics. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of nodes with their live metrics tags: - kubernetes "/kubernetes/{id}/metrics/nodes/{name}": get: description: |- Get live metrics for the specified node. **Access policy**: Authenticated user. operationId: GetKubernetesMetricsForNode parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Node identifier in: path name: name required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/v1beta1.NodeMetrics" "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "500": description: Server error occurred while attempting to retrieve the live metrics for the specified node. security: - ApiKeyAuth: [] jwt: [] summary: Get live metrics for a node tags: - kubernetes "/kubernetes/{id}/metrics/pods/{namespace}": get: description: |- Get a list of pods with their live metrics for the specified namespace. **Access policy**: Authenticated user. operationId: GetKubernetesMetricsForAllPods parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace in: path name: namespace required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/v1beta1.PodMetricsList" "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "500": description: Server error occurred while attempting to retrieve the list of pods with their live metrics. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of pods with their live metrics tags: - kubernetes "/kubernetes/{id}/metrics/pods/{namespace}/{name}": get: description: |- Get live metrics for the specified pod. **Access policy**: Authenticated user. operationId: GetKubernetesMetricsForPod parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace in: path name: namespace required: true schema: type: string - description: Pod identifier in: path name: name required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/v1beta1.PodMetrics" "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "500": description: Server error occurred while attempting to retrieve the live metrics for the specified pod. security: - ApiKeyAuth: [] jwt: [] summary: Get live metrics for a pod tags: - kubernetes "/kubernetes/{id}/namespaces": delete: description: |- Delete a kubernetes namespace within the given environment. **Access policy**: Authenticated user. operationId: DeleteKubernetesNamespace parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: "*/*": schema: type: string "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to delete the namespace. security: - ApiKeyAuth: [] jwt: [] summary: Delete a kubernetes namespace tags: - kubernetes get: description: >- Get a list of all namespaces within the given environment based on the user role and permissions. If the user is an admin, they can access all namespaces. If the user is not an admin, they can only access namespaces that they have access to. **Access policy**: Authenticated user. operationId: GetKubernetesNamespaces parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: When set to true, include the resource quota information as part of the Namespace information. Default is false in: query name: withResourceQuota required: true schema: type: boolean - description: When set to true, include the unhealthy events information as part of the Namespace information. Default is false in: query name: withUnhealthyEvents required: true schema: type: boolean responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/portainer.K8sNamespaceInfo" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the list of namespaces. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of namespaces tags: - kubernetes post: description: |- Create a namespace within the given environment. **Access policy**: Authenticated user. operationId: CreateKubernetesNamespace parameters: - description: Environment identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sNamespaceDetails" description: Namespace configuration details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.K8sNamespaceInfo" "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "409": description: Conflict - the namespace already exists. "500": description: Server error occurred while attempting to create the namespace. security: - ApiKeyAuth: [] jwt: [] summary: Create a namespace tags: - kubernetes put: description: |- Update a namespace within the given environment. **Access policy**: Authenticated user. operationId: UpdateKubernetesNamespaceDeprecated parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace in: path name: namespace required: true schema: type: string requestBody: $ref: "#/components/requestBodies/kubernetes.K8sNamespaceDetails" responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.K8sNamespaceInfo" "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific namespace. "500": description: Server error occurred while attempting to update the namespace. security: - ApiKeyAuth: [] jwt: [] summary: Update a namespace tags: - kubernetes "/kubernetes/{id}/namespaces/{namespace}": get: description: >- Get namespace details for the provided namespace within the given environment. **Access policy**: Authenticated user. operationId: GetKubernetesNamespace parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: The namespace name to get details for in: path name: namespace required: true schema: type: string - description: When set to true, include the resource quota information as part of the Namespace information. Default is false in: query name: withResourceQuota required: true schema: type: boolean responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.K8sNamespaceInfo" "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific namespace. "500": description: Server error occurred while attempting to retrieve specified namespace information. security: - ApiKeyAuth: [] jwt: [] summary: Get namespace details tags: - kubernetes put: description: |- Update a namespace within the given environment. **Access policy**: Authenticated user. operationId: UpdateKubernetesNamespace parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace in: path name: namespace required: true schema: type: string requestBody: $ref: "#/components/requestBodies/kubernetes.K8sNamespaceDetails" responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.K8sNamespaceInfo" "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific namespace. "500": description: Server error occurred while attempting to update the namespace. security: - ApiKeyAuth: [] jwt: [] summary: Update a namespace tags: - kubernetes "/kubernetes/{id}/namespaces/{namespace}/configmaps/{configmap}": get: description: |- Get a ConfigMap by name for a given namespace. **Access policy**: Authenticated user. operationId: GetKubernetesConfigMap parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: The namespace name where the configmap is located in: path name: namespace required: true schema: type: string - description: The configmap name to get details for in: path name: configmap required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sConfigMap" "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or a configmap with the specified name in the given namespace. "500": description: Server error occurred while attempting to retrieve a configmap by name within the specified namespace. security: - ApiKeyAuth: [] jwt: [] summary: Get a ConfigMap tags: - kubernetes "/kubernetes/{id}/namespaces/{namespace}/events": get: description: |- Get events by optional query param resourceId for a given namespace. **Access policy**: Authenticated user. operationId: getKubernetesEventsForNamespace parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: The namespace name the events are associated to in: path name: namespace required: true schema: type: string - description: The resource id of the involved kubernetes object in: query name: resourceId schema: type: string responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sEvent" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "500": description: Server error occurred while attempting to retrieve the events within the specified namespace. security: - ApiKeyAuth: [] jwt: [] summary: Gets kubernetes events for namespace tags: - kubernetes "/kubernetes/{id}/namespaces/{namespace}/ingresscontrollers": get: description: >- Get a list of ingress controllers for the given environment in the provided namespace. **Access policy**: Authenticated user. operationId: GetKubernetesIngressControllersByNamespace parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace in: path name: namespace required: true schema: type: string responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sIngressController" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or a namespace with the specified name. "500": description: Server error occurred while attempting to retrieve ingress controllers by a namespace security: - ApiKeyAuth: [] jwt: [] summary: Get a list ingress controllers by namespace tags: - kubernetes put: description: >- Update (block/unblock) ingress controllers by namespace for the provided environment. **Access policy**: Authenticated user. operationId: UpdateKubernetesIngressControllersByNamespace parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace name in: path name: namespace required: true schema: type: string requestBody: $ref: "#/components/requestBodies/kubernetes.K8sIngressControllerArray" responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to update ingress controllers by namespace. security: - ApiKeyAuth: [] jwt: [] summary: Update (block/unblock) ingress controllers by namespace tags: - kubernetes "/kubernetes/{id}/namespaces/{namespace}/ingresses": get: description: >- Get a list of Ingresses. If namespace is provided, it will return the list of Ingresses in that namespace. **Access policy**: Authenticated user. operationId: GetAllKubernetesIngresses parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace name in: path name: namespace required: true schema: type: string responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sIngressInfo" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve ingresses security: - ApiKeyAuth: [] jwt: [] summary: Get a list of Ingresses tags: - kubernetes post: description: |- Create an Ingress for the provided environment. **Access policy**: Authenticated user. operationId: CreateKubernetesIngress parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace name in: path name: namespace required: true schema: type: string requestBody: $ref: "#/components/requestBodies/kubernetes.K8sIngressInfo" responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "409": description: Conflict - an ingress with the same name already exists in the specified namespace. "500": description: Server error occurred while attempting to create an ingress. security: - ApiKeyAuth: [] jwt: [] summary: Create an Ingress tags: - kubernetes put: description: |- Update an Ingress for the provided environment. **Access policy**: Authenticated user. operationId: UpdateKubernetesIngress parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace name in: path name: namespace required: true schema: type: string requestBody: $ref: "#/components/requestBodies/kubernetes.K8sIngressInfo" responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find the specified ingress. "500": description: Server error occurred while attempting to update the specified ingress. security: - ApiKeyAuth: [] jwt: [] summary: Update an Ingress tags: - kubernetes "/kubernetes/{id}/namespaces/{namespace}/ingresses/{ingress}": get: description: |- Get an Ingress by name for the provided environment. **Access policy**: Authenticated user. operationId: GetKubernetesIngress parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace name in: path name: namespace required: true schema: type: string - description: Ingress name in: path name: ingress required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sIngressInfo" "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find an ingress with the specified name. "500": description: Server error occurred while attempting to retrieve an ingress. security: - ApiKeyAuth: [] jwt: [] summary: Get an Ingress by name tags: - kubernetes "/kubernetes/{id}/namespaces/{namespace}/persistent_volume_claims": get: description: |- Get a list of PersistentVolumeClaims in the specified namespace. **Access policy**: Authenticated user. operationId: GetKubernetesPersistentVolumeClaimsInNamespace parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace name in: path name: namespace required: true schema: type: string responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sPersistentVolumeClaim" type: array "400": description: Invalid request payload. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to retrieve persistent volume claims. security: - ApiKeyAuth: [] jwt: [] summary: Get PersistentVolumeClaims in a namespace tags: - kubernetes "/kubernetes/{id}/namespaces/{namespace}/persistent_volume_claims/{name}": get: description: |- Get a PersistentVolumeClaim by name within a namespace. **Access policy**: Authenticated user. operationId: GetKubernetesPersistentVolumeClaim parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace name in: path name: namespace required: true schema: type: string - description: PVC name in: path name: name required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sPersistentVolumeClaim" "400": description: Invalid request payload. "403": description: Unauthorized access or operation not allowed. "404": description: PVC not found. "500": description: Server error occurred while attempting to retrieve the persistent volume claim. security: - ApiKeyAuth: [] jwt: [] summary: Get a specific PersistentVolumeClaim tags: - kubernetes "/kubernetes/{id}/namespaces/{namespace}/pods/{name}": delete: description: |- Delete a single Kubernetes pod in the given namespace. The owning controller (Deployment, StatefulSet, DaemonSet, ...) is responsible for recreating the pod. For naked pods the pod is removed permanently. **Access policy**: Authenticated user. operationId: DeleteKubernetesPod parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer - description: Namespace in: path name: namespace required: true schema: type: string - description: Pod name in: path name: name required: true schema: type: string responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find the specified pod. "500": description: Server error occurred while attempting to delete the pod. security: - ApiKeyAuth: [] jwt: [] summary: Delete a kubernetes pod tags: - kubernetes "/kubernetes/{id}/namespaces/{namespace}/pods/{name}/restart": post: description: |- Restart all containers in a single Kubernetes pod in place using the Kubernetes 1.35 alpha pod-restart subresource. The pod itself is preserved. Requires the cluster to expose the corresponding subresource (and the matching feature gate to be enabled). **Access policy**: Authenticated user. operationId: RestartKubernetesPod parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer - description: Namespace in: path name: namespace required: true schema: type: string - description: Pod name in: path name: name required: true schema: type: string responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment, the specified pod, or the cluster does not expose the pod-restart subresource (Kubernetes <1.35 or feature gate disabled). "405": description: The cluster does not support the pod-restart subresource (Kubernetes <1.35 or feature gate disabled). "500": description: Server error occurred while attempting to restart the pod. security: - ApiKeyAuth: [] jwt: [] summary: Restart all containers in a Kubernetes pod tags: - kubernetes "/kubernetes/{id}/namespaces/{namespace}/secrets/{secret}": get: description: |- Get a Secret by name for a given namespace. **Access policy**: Authenticated user. operationId: GetKubernetesSecret parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: The namespace name where the secret is located in: path name: namespace required: true schema: type: string - description: The secret name to get details for in: path name: secret required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sSecret" "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve a secret by name belong in a namespace. security: - ApiKeyAuth: [] jwt: [] summary: Get a Secret tags: - kubernetes "/kubernetes/{id}/namespaces/{namespace}/service_accounts/{name}": get: description: |- Get a kubernetes service account in the given namespace. **Access policy**: Authenticated user. operationId: GetKubernetesServiceAccount parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace in: path name: namespace required: true schema: type: string - description: Service account name in: path name: name required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sServiceAccount" "400": description: Invalid request "401": description: Unauthorized "403": description: Permission denied "404": description: Service account not found "500": description: Server error security: - ApiKeyAuth: [] jwt: [] summary: Get a kubernetes service account tags: - kubernetes "/kubernetes/{id}/namespaces/{namespace}/service_accounts/{name}/image_pull_secrets": put: description: >- Replace the imagePullSecrets list on a service account with the provided list. **Access policy**: Authenticated user. operationId: UpdateKubernetesServiceAccountImagePullSecrets parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace in: path name: namespace required: true schema: type: string - description: Service account name in: path name: name required: true schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sServiceAccountImagePullSecretsUpdateP\ ayload" description: New imagePullSecrets list required: true responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier, namespace, or service account. "500": description: Server error occurred while attempting to update image pull secrets for the service account. security: - ApiKeyAuth: [] jwt: [] summary: Update image pull secrets for a service account tags: - kubernetes "/kubernetes/{id}/namespaces/{namespace}/services": get: description: |- Get a list of services for a given namespace. **Access policy**: Authenticated user. operationId: GetKubernetesServicesByNamespace parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace name in: path name: namespace required: true schema: type: string responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sServiceInfo" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve all services for a namespace. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of services for a given namespace tags: - kubernetes post: description: |- Create a service within a given namespace **Access policy**: Authenticated user. operationId: CreateKubernetesService parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace name in: path name: namespace required: true schema: type: string requestBody: $ref: "#/components/requestBodies/kubernetes.K8sServiceInfo" responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to create a service. security: - ApiKeyAuth: [] jwt: [] summary: Create a service tags: - kubernetes put: description: |- Update a service within a given namespace. **Access policy**: Authenticated user. operationId: UpdateKubernetesService parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace name in: path name: namespace required: true schema: type: string requestBody: $ref: "#/components/requestBodies/kubernetes.K8sServiceInfo" responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find the service to update. "500": description: Server error occurred while attempting to update a service. security: - ApiKeyAuth: [] jwt: [] summary: Update a service tags: - kubernetes "/kubernetes/{id}/namespaces/{namespace}/system": put: description: |- Toggle the system state for a namespace **Access policy**: Administrator or environment administrator. operationId: KubernetesNamespacesToggleSystem parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace name in: path name: namespace required: true schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/kubernetes.namespacesToggleSystemPayload" description: Update details required: true responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find the namespace to update. "500": description: Server error occurred while attempting to update the system state of the namespace. security: - ApiKeyAuth: [] jwt: [] summary: Toggle the system state for a namespace tags: - kubernetes "/kubernetes/{id}/namespaces/{namespace}/volumes": get: description: >- Get a list of kubernetes volumes within the specified namespace in the given environment (Endpoint). The Endpoint ID must be a valid Portainer environment identifier. **Access policy**: Authenticated user. operationId: GetKubernetesVolumesInNamespace parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace identifier in: path name: namespace required: true schema: type: string - description: When set to True, include the applications that are using the volumes. It is set to false by default in: query name: withApplications schema: type: boolean responses: "200": description: Success content: application/json: schema: additionalProperties: $ref: "#/components/schemas/kubernetes.K8sVolumeInfo" type: object "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to retrieve kubernetes volumes in the namespace. security: - ApiKeyAuth: [] jwt: [] summary: Get Kubernetes volumes within a namespace in the given Portainer environment tags: - kubernetes "/kubernetes/{id}/namespaces/count": get: description: >- Get the total number of kubernetes namespaces within the given environment, including the system namespaces. The total count depends on the user's role and permissions. **Access policy**: Authenticated user. operationId: GetKubernetesNamespacesCount parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: type: integer "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to compute the namespace count. security: - ApiKeyAuth: [] jwt: [] summary: Get the total number of kubernetes namespaces within the given Portainer environment. tags: - kubernetes "/kubernetes/{id}/nodes": get: description: |- Returns the list of Kubernetes nodes for the selected environment. **Access policy**: Authenticated user. operationId: GetKubernetesNodes parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.KubernetesNodeResponse" type: array "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource. "500": description: Server error occurred while attempting to retrieve the list of nodes. security: - ApiKeyAuth: [] jwt: [] summary: Get Kubernetes cluster nodes tags: - kubernetes "/kubernetes/{id}/nodes/{name}/drain": post: description: >- Drain a Kubernetes node by safely evicting all pods from the node, preparing it for maintenance or removal **Access policy**: authenticated operationId: drainNode parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer - description: Name of the node to drain in: path name: name required: true schema: type: string responses: "204": description: Success "400": description: Invalid request, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find the specified node. "500": description: Server error occurred while attempting to drain node. security: - ApiKeyAuth: [] jwt: [] summary: Drain a Kubernetes node tags: - kubernetes "/kubernetes/{id}/nodes_limits": get: description: |- Get CPU and memory limits of all nodes within k8s cluster. **Access policy**: Authenticated user. operationId: GetKubernetesNodesLimits parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.K8sNodesLimits" "400": description: Invalid request "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve nodes limits. security: - ApiKeyAuth: [] jwt: [] summary: Get CPU and memory limits of all nodes within k8s cluster tags: - kubernetes "/kubernetes/{id}/persistent_volume_claims": get: description: >- Get a list of all PersistentVolumeClaims within the given environment. Scoped by namespace for non-admin users. **Access policy**: Authenticated user. operationId: GetAllKubernetesPersistentVolumeClaims parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sPersistentVolumeClaim" type: array "400": description: Invalid request payload. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to retrieve persistent volume claims. security: - ApiKeyAuth: [] jwt: [] summary: Get all PersistentVolumeClaims tags: - kubernetes "/kubernetes/{id}/persistent_volume_claims/delete": post: description: |- Delete the provided list of PersistentVolumeClaims. **Access policy**: Authenticated user. operationId: DeleteKubernetesPersistentVolumeClaims parameters: - description: Environment identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sVolumeDeleteRequest" type: array description: List of PVCs to delete (namespace + name) required: true responses: "204": description: Success "400": description: Invalid request payload. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to delete persistent volume claims. security: - ApiKeyAuth: [] jwt: [] summary: Delete PersistentVolumeClaims tags: - kubernetes "/kubernetes/{id}/persistent_volume_claims/resize": put: description: >- Resize a PVC to a new size. The StorageClass must support volume expansion. **Access policy**: Authenticated user. operationId: ResizeKubernetesPersistentVolumeClaim parameters: - description: Environment identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sPVCResizeRequest" description: PVC resize request required: true responses: "204": description: Success "400": description: Invalid request payload. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to resize the persistent volume claim. security: - ApiKeyAuth: [] jwt: [] summary: Resize a PersistentVolumeClaim tags: - kubernetes "/kubernetes/{id}/persistent_volumes": get: description: |- Get a list of all PersistentVolumes in the given environment. **Access policy**: Authenticated user. operationId: GetAllKubernetesPersistentVolumes parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sPersistentVolume" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to retrieve persistent volumes. security: - ApiKeyAuth: [] jwt: [] summary: Get all PersistentVolumes in the cluster tags: - kubernetes "/kubernetes/{id}/persistent_volumes/{name}": get: description: |- Get a PersistentVolume by name in the given environment. **Access policy**: Authenticated user. operationId: GetKubernetesPersistentVolume parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: PersistentVolume name in: path name: name required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sPersistentVolume" "400": description: Invalid request payload. "403": description: Unauthorized access or operation not allowed. "404": description: PersistentVolume not found. "500": description: Server error occurred while attempting to retrieve the persistent volume. security: - ApiKeyAuth: [] jwt: [] summary: Get a specific PersistentVolume tags: - kubernetes "/kubernetes/{id}/persistent_volumes/delete": post: description: |- Delete the provided list of PersistentVolumes. **Access policy**: Authenticated user. operationId: DeleteKubernetesPersistentVolumes parameters: - description: Environment identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: items: type: string type: array description: List of PV names to delete required: true responses: "204": description: Success "400": description: Invalid request payload. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to delete persistent volumes. security: - ApiKeyAuth: [] jwt: [] summary: Delete PersistentVolumes tags: - kubernetes "/kubernetes/{id}/persistent_volumes/reclaim_policy": put: description: |- Update the reclaim policy of a PersistentVolume. **Access policy**: Authenticated user. operationId: UpdateKubernetesPersistentVolumeReclaimPolicy parameters: - description: Environment identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sPVReclaimPolicyRequest" description: Reclaim policy update request required: true responses: "204": description: Success "400": description: Invalid request payload. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to update reclaim policy. security: - ApiKeyAuth: [] jwt: [] summary: Update reclaim policy of a PersistentVolume tags: - kubernetes "/kubernetes/{id}/rbac_enabled": get: description: |- Check if RBAC is enabled in the specified Kubernetes cluster. **Access policy**: Authenticated user. operationId: GetKubernetesRBACStatus parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer responses: "200": description: RBAC status content: application/json: schema: type: boolean "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the RBAC status. security: - ApiKeyAuth: [] jwt: [] summary: Check if RBAC is enabled tags: - kubernetes "/kubernetes/{id}/role_bindings/delete": post: description: |- Delete the provided list of role bindings. **Access policy**: Authenticated user. operationId: DeleteRoleBindings parameters: - description: Environment identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sRoleBindingDeleteRequests" description: A map where the key is the namespace and the value is an array of role bindings to delete required: true responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific role binding. "500": description: Server error occurred while attempting to delete role bindings. security: - ApiKeyAuth: [] jwt: [] summary: Delete role bindings tags: - kubernetes "/kubernetes/{id}/rolebindings": get: description: |- Get a list of kubernetes role bindings that the user has access to. **Access policy**: Authenticated user. operationId: GetKubernetesRoleBindings parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sRoleBinding" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the list of role bindings. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of kubernetes role bindings tags: - kubernetes "/kubernetes/{id}/roles": get: description: |- Get a list of kubernetes roles that the user has access to. **Access policy**: Authenticated user. operationId: GetKubernetesRoles parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sRole" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the list of roles. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of kubernetes roles tags: - kubernetes "/kubernetes/{id}/roles/delete": post: description: |- Delete the provided list of roles. **Access policy**: Authenticated user. operationId: DeleteRoles parameters: - description: Environment identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sRoleDeleteRequests" description: A map where the key is the namespace and the value is an array of roles to delete required: true responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific role. "500": description: Server error occurred while attempting to delete roles. security: - ApiKeyAuth: [] jwt: [] summary: Delete roles tags: - kubernetes "/kubernetes/{id}/secrets": get: description: >- Get a list of Secrets for a given namespace. If isUsed is set to true, information about the applications that use the secrets is also returned. **Access policy**: Authenticated user. operationId: GetKubernetesSecrets parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: When set to true, associate the Secrets with the applications that use them in: query name: isUsed required: true schema: type: boolean responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sSecret" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve all secrets from the cluster. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of Secrets tags: - kubernetes "/kubernetes/{id}/secrets/count": get: description: >- Get the count of Secrets across all namespaces that the user has access to. **Access policy**: Authenticated user. operationId: GetKubernetesSecretsCount parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: type: integer "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the count of all secrets from the cluster. security: - ApiKeyAuth: [] jwt: [] summary: Get Secrets count tags: - kubernetes "/kubernetes/{id}/service_accounts/delete": post: description: |- Delete the provided list of service accounts. **Access policy**: Authenticated user. operationId: DeleteServiceAccounts parameters: - description: Environment identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sServiceAccountDeleteRequests" description: A map where the key is the namespace and the value is an array of service accounts to delete required: true responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific service account. "500": description: Server error occurred while attempting to delete service accounts. security: - ApiKeyAuth: [] jwt: [] summary: Delete service accounts tags: - kubernetes "/kubernetes/{id}/serviceaccounts": get: description: |- Get a list of kubernetes service accounts that the user has access to. **Access policy**: Authenticated user. operationId: GetKubernetesServiceAccounts parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sServiceAccount" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the list of service accounts. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of kubernetes service accounts tags: - kubernetes "/kubernetes/{id}/services": get: description: |- Get a list of services that the user has access to. **Access policy**: Authenticated user. operationId: GetKubernetesServices parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Lookup applications associated with each service in: query name: withApplications schema: type: boolean responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sServiceInfo" type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve all services. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of services tags: - kubernetes "/kubernetes/{id}/services/count": get: description: |- Get the count of services that the user has access to. **Access policy**: Authenticated user. operationId: GetAllKubernetesServicesCount parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: type: integer "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the total count of all services. security: - ApiKeyAuth: [] jwt: [] summary: Get services count tags: - kubernetes "/kubernetes/{id}/services/delete": post: description: |- Delete the provided list of services. **Access policy**: Authenticated user. operationId: DeleteKubernetesServices parameters: - description: Environment identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sServiceDeleteRequests" description: A map where the key is the namespace and the value is an array of services to delete required: true responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific service. "500": description: Server error occurred while attempting to delete services. security: - ApiKeyAuth: [] jwt: [] summary: Delete services tags: - kubernetes "/kubernetes/{id}/storage_classes": get: description: |- Get a list of all StorageClasses in the given environment. **Access policy**: Authenticated user. operationId: GetAllKubernetesStorageClasses parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sStorageClass" type: array "400": description: Invalid request payload. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to retrieve storage classes. security: - ApiKeyAuth: [] jwt: [] summary: Get all StorageClasses tags: - kubernetes "/kubernetes/{id}/storage_classes/{name}": get: description: |- Get a StorageClass by name in the given environment. **Access policy**: Authenticated user. operationId: GetKubernetesStorageClass parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: StorageClass name in: path name: name required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sStorageClass" "400": description: Invalid request payload. "403": description: Unauthorized access or operation not allowed. "404": description: StorageClass not found. "500": description: Server error occurred while attempting to retrieve the storage class. security: - ApiKeyAuth: [] jwt: [] summary: Get a specific StorageClass tags: - kubernetes "/kubernetes/{id}/storage_classes/{name}/default": put: description: >- Set the specified StorageClass as the cluster default, removing default from any other. **Access policy**: Authenticated user. operationId: SetDefaultKubernetesStorageClass parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: StorageClass name in: path name: name required: true schema: type: string responses: "204": description: Success "400": description: Invalid request payload. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to set default storage class. security: - ApiKeyAuth: [] jwt: [] summary: Set a StorageClass as default tags: - kubernetes "/kubernetes/{id}/storage_classes/delete": post: description: |- Delete the provided list of StorageClasses. **Access policy**: Authenticated user. operationId: DeleteKubernetesStorageClasses parameters: - description: Environment identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: items: type: string type: array description: List of StorageClass names to delete required: true responses: "204": description: Success "400": description: Invalid request payload. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to delete storage classes. security: - ApiKeyAuth: [] jwt: [] summary: Delete StorageClasses tags: - kubernetes "/kubernetes/{id}/version": get: description: |- Get the Kubernetes cluster version (major, minor, gitVersion, ...) as reported by the cluster's discovery API, augmented with capability flags Portainer uses to gate UI features (e.g. supportsPodRestart). **Access policy**: Authenticated user. operationId: GetKubernetesVersion parameters: - description: Environment(Endpoint) identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/kubernetes.kubernetesVersionResponse" "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the cluster version. security: - ApiKeyAuth: [] jwt: [] summary: Get the Kubernetes cluster version and Portainer-relevant capabilities tags: - kubernetes "/kubernetes/{id}/volumes": get: description: >- Get a list of all kubernetes volumes within the given environment (Endpoint). The Endpoint ID must be a valid Portainer environment identifier. **Access policy**: Authenticated user. operationId: GetAllKubernetesVolumes parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: When set to True, include the applications that are using the volumes. It is set to false by default in: query name: withApplications schema: type: boolean responses: "200": description: Success content: application/json: schema: additionalProperties: $ref: "#/components/schemas/kubernetes.K8sVolumeInfo" type: object "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to retrieve kubernetes volumes. security: - ApiKeyAuth: [] jwt: [] summary: Get Kubernetes volumes within the given Portainer environment tags: - kubernetes "/kubernetes/{id}/volumes/{namespace}/{volume}": get: description: >- Get a Kubernetes volume within the given environment (Endpoint). The Endpoint ID must be a valid Portainer environment identifier. **Access policy**: Authenticated user. operationId: GetKubernetesVolume parameters: - description: Environment identifier in: path name: id required: true schema: type: integer - description: Namespace identifier in: path name: namespace required: true schema: type: string - description: Volume name in: path name: volume required: true schema: type: string responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sVolumeInfo" "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] jwt: [] summary: Get a Kubernetes volume within the given Portainer environment tags: - kubernetes "/kubernetes/{id}/volumes/count": get: description: >- Get the total number of kubernetes volumes within the given environment (Endpoint). The total count depends on the user's role and permissions. The Endpoint ID must be a valid Portainer environment identifier. **Access policy**: Authenticated user. operationId: getAllKubernetesVolumesCount parameters: - description: Environment identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: type: integer "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to retrieve kubernetes volumes count. security: - ApiKeyAuth: [] jwt: [] summary: Get the total number of kubernetes volumes within the given Portainer environment. tags: - kubernetes /kubernetes/config: get: description: >- Generate a kubeconfig file that allows a client to communicate with the Kubernetes API server **Access policy**: Authenticated user. operationId: GetKubernetesConfig parameters: - description: will include only these environments(endpoints) in: query name: ids style: form explode: false schema: type: array items: type: integer - description: will exclude these environments(endpoints) in: query name: excludeIds style: form explode: false schema: type: array items: type: integer responses: "200": description: Success content: application/json: schema: {} " application/yaml": schema: {} "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to generate the kubeconfig file. security: - ApiKeyAuth: [] jwt: [] summary: Generate a kubeconfig file tags: - kubernetes /ldap/check: post: description: |- Test LDAP connectivity using LDAP details **Access policy**: administrator operationId: LDAPCheck requestBody: content: application/json: schema: $ref: "#/components/schemas/ldap.checkPayload" description: details required: true responses: "204": description: Success "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Test LDAP connectivity tags: - ldap /motd: get: description: "**Access policy**: restricted" operationId: MOTD responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/motd.Motd" security: - ApiKeyAuth: [] - jwt: [] summary: fetches the message of the day tags: - motd /registries: get: description: >- List all registries based on the current user authorizations. Will return all registries if using an administrator account otherwise it will only return authorized registries. **Access policy**: restricted operationId: RegistryList responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/portainer.Registry" type: array "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List Registries tags: - registries post: description: |- Create a new registry. **Access policy**: restricted operationId: RegistryCreate requestBody: content: application/json: schema: $ref: "#/components/schemas/registries.registryCreatePayload" description: Registry details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.Registry" "400": description: Invalid request "409": description: Another registry with the same name or same URL & credentials already exists "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a new registry tags: - registries "/registries/{id}": delete: description: |- Remove a registry **Access policy**: restricted operationId: RegistryDelete parameters: - description: Registry identifier in: path name: id required: true schema: type: integer responses: "204": description: Success "400": description: Invalid request "404": description: Registry not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove a registry tags: - registries get: description: |- Retrieve details about a registry. **Access policy**: restricted operationId: RegistryInspect parameters: - description: Registry identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.Registry" "400": description: Invalid request "403": description: Permission denied to access registry "404": description: Registry not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect a registry tags: - registries put: description: |- Update a registry **Access policy**: restricted operationId: RegistryUpdate parameters: - description: Registry identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/registries.registryUpdatePayload" description: Registry details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.Registry" "400": description: Invalid request "404": description: Registry not found "409": description: Another registry with the same name or same URL & credentials already exists "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update a registry tags: - registries "/registries/{id}/configure": post: description: |- Configures a registry. **Access policy**: restricted operationId: RegistryConfigure parameters: - description: Registry identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/registries.registryConfigurePayload" description: Registry configuration required: true responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: Registry not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Configures a registry tags: - registries /registries/ping: post: description: |- Test connection to a registry with provided credentials **Access policy**: authenticated operationId: RegistryPing requestBody: content: application/json: schema: $ref: "#/components/schemas/registries.registryPingPayload" description: Registry credentials to test required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/registries.registryPingResponse" "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Test registry connection tags: - registries /resource_controls: post: description: |- Create a new resource control to restrict access to a Docker resource. **Access policy**: administrator operationId: ResourceControlCreate requestBody: content: application/json: schema: $ref: "#/components/schemas/resourcecontrols.resourceControlCreatePayload" description: Resource control details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.ResourceControl" "400": description: Invalid request "409": description: A resource control is already associated to this resource "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a new resource control tags: - resource_controls "/resource_controls/{id}": delete: description: |- Remove a resource control. **Access policy**: administrator operationId: ResourceControlDelete parameters: - description: Resource control identifier in: path name: id required: true schema: type: integer responses: "204": description: Success "400": description: Invalid request "404": description: Resource control not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove a resource control tags: - resource_controls put: description: |- Update a resource control **Access policy**: authenticated operationId: ResourceControlUpdate parameters: - description: Resource control identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/resourcecontrols.resourceControlUpdatePayload" description: Resource control details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.ResourceControl" "400": description: Invalid request "403": description: Unauthorized "404": description: Resource control not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update a resource control tags: - resource_controls /restore: post: description: >- Triggers a system restore using provided backup file **Access policy**: public (requires the X-Setup-Token header on an uninitialized instance unless --no-setup-token is set) operationId: Restore parameters: - description: Setup token (required when instance is uninitialized and --no-setup-token is not set) in: header name: X-Setup-Token schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/backup.restorePayload" description: Restore request payload required: true responses: "200": description: Success "400": description: Invalid request "403": description: Access denied - invalid or missing setup token "500": description: Server error summary: Triggers a system restore using provided backup file tags: - backup /roles: get: description: |- List all roles available for use **Access policy**: administrator operationId: RoleList responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/portainer.Role" type: array "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List roles tags: - roles /settings: get: description: |- Retrieve Portainer settings. **Access policy**: administrator operationId: SettingsInspect responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.Settings" "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Retrieve Portainer settings tags: - settings put: description: |- Update Portainer settings. **Access policy**: administrator operationId: SettingsUpdate requestBody: content: application/json: schema: $ref: "#/components/schemas/settings.settingsUpdatePayload" description: New settings required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.Settings" "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update Portainer settings tags: - settings /settings/public: get: description: >- Retrieve public settings. Returns a small set of settings that are not reserved to administrators only. **Access policy**: public operationId: SettingsPublic responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/settings.publicSettingsResponse" "500": description: Server error summary: Retrieve Portainer public settings tags: - settings /ssl: get: description: |- Retrieve the ssl settings. **Access policy**: administrator operationId: SSLInspect responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.SSLSettings" "400": description: Invalid request "403": description: Permission denied to access settings "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect the ssl settings tags: - ssl put: description: |- Update the ssl settings. **Access policy**: administrator operationId: SSLUpdate requestBody: content: application/json: schema: $ref: "#/components/schemas/ssl.sslUpdatePayload" description: SSL Settings required: true responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied to access settings "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update the ssl settings tags: - ssl /stacks: get: description: |- List all stacks based on the current user authorizations. Will return all stacks if using an administrator account otherwise it will only return the list of stacks the user have access to. Limited stacks will not be returned by this endpoint. **Access policy**: authenticated operationId: StackList parameters: - description: "Filters to process on the stack list. Encoded as JSON (a map[string]string). For example, {'SwarmID': 'jpofkc0i9uo9wtx1zesuk649w'} will only return stacks that are part of the specified Swarm cluster. Available filters: EndpointID, SwarmID." in: query name: filters schema: type: string responses: "200": description: Success content: "*/*": schema: items: $ref: "#/components/schemas/portainer.Stack" type: array "204": description: Success "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List stacks tags: - stacks "/stacks/{id}": delete: description: |- Remove a stack. **Access policy**: restricted operationId: StackDelete parameters: - description: Stack identifier in: path name: id required: true schema: type: integer - description: Set to true to delete an external stack. Only external Swarm stacks are supported in: query name: external schema: type: boolean - description: Environment identifier in: query name: endpointId required: true schema: type: integer responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: Not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove a stack tags: - stacks get: description: |- Retrieve details about a stack. **Access policy**: restricted operationId: StackInspect parameters: - description: Stack identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/stacks.stackResponse" "400": description: Invalid request "403": description: Permission denied "404": description: Stack not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect a stack tags: - stacks put: description: |- Update a stack, only for file based stacks. **Access policy**: authenticated operationId: StackUpdate parameters: - description: Stack identifier in: path name: id required: true schema: type: integer - description: Environment identifier in: query name: endpointId required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/stacks.updateSwarmStackPayload" description: Stack details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.Stack" "400": description: Invalid request "403": description: Permission denied "404": description: Not found "409": description: Conflict "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update a stack tags: - stacks "/stacks/{id}/associate": put: description: "**Access policy**: administrator" operationId: StackAssociate parameters: - description: Stack identifier in: path name: id required: true schema: type: integer - description: Environment identifier in: query name: endpointId required: true schema: type: integer - description: Swarm identifier in: query name: swarmId required: true schema: type: integer - description: Indicates whether the stack is orphaned in: query name: orphanedRunning required: true schema: type: boolean responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.Stack" "400": description: Invalid request "403": description: Permission denied "404": description: Stack not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Associate an orphaned stack to a new environment(endpoint) tags: - stacks "/stacks/{id}/file": get: description: |- Get Stack file content. **Access policy**: restricted operationId: StackFileInspect parameters: - description: Stack identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/stacks.stackFileResponse" "400": description: Invalid request "403": description: Permission denied "404": description: Stack not found "409": description: Git settings changed, redeploy required "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Retrieve the content of the Stack file for the specified stack tags: - stacks "/stacks/{id}/git": post: description: >- Update the Git settings in a stack, e.g., RepositoryReferenceName and AutoUpdate. When SourceID is set, URL/auth/TLS are taken from the referenced Source. **Access policy**: authenticated operationId: StackUpdateGit parameters: - description: Stack identifier in: path name: id required: true schema: type: integer - description: Stacks created before version 1.18.0 might not have an associated environment(endpoint) identifier. Use this optional parameter to set the environment(endpoint) identifier used by the stack. in: query name: endpointId schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/stacks.stackGitUpdatePayload" description: Git configs for pull and redeploy a stack required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/stacks.stackResponse" "400": description: Invalid request "403": description: Permission denied "404": description: Not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update a stack's Git configs tags: - stacks "/stacks/{id}/git/redeploy": put: description: |- Pull and redeploy a stack via Git **Access policy**: authenticated operationId: StackGitRedeploy parameters: - description: Stack identifier in: path name: id required: true schema: type: integer - description: Stacks created before version 1.18.0 might not have an associated environment(endpoint) identifier. Use this optional parameter to set the environment(endpoint) identifier used by the stack. in: query name: endpointId schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/stacks.stackGitRedeployPayload" description: Git configs for pull and redeploy of a stack. **StackName** may only be populated for Kuberenetes stacks, and if specified with a blank string, it will be set to blank required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.Stack" "400": description: Invalid request "403": description: Permission denied "404": description: Not found "409": description: Conflict "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Redeploy a stack tags: - stacks "/stacks/{id}/migrate": post: description: >- Migrate a stack from an environment(endpoint) to another environment(endpoint). It will re-create the stack inside the target environment(endpoint) before removing the original stack. **Access policy**: authenticated operationId: StackMigrate parameters: - description: Stack identifier in: path name: id required: true schema: type: integer - description: Stacks created before version 1.18.0 might not have an associated environment(endpoint) identifier. Use this optional parameter to set the environment(endpoint) identifier used by the stack. in: query name: endpointId schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/stacks.stackMigratePayload" description: Stack migration details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.Stack" "400": description: Invalid request "403": description: Permission denied "404": description: Stack not found "409": description: A stack with the same name is already running on the target environment(endpoint) "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Migrate a stack to another environment(endpoint) tags: - stacks "/stacks/{id}/start": post: description: |- Starts a stopped Stack. **Access policy**: authenticated operationId: StackStart parameters: - description: Stack identifier in: path name: id required: true schema: type: integer - description: Environment identifier in: query name: endpointId required: true schema: type: integer responses: "200": description: Success content: "*/*": schema: $ref: "#/components/schemas/portainer.Stack" "400": description: Invalid request "403": description: Permission denied "404": description: Not found "409": description: Stack is already active, deploying, or in error state "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Starts a stopped Stack tags: - stacks "/stacks/{id}/stop": post: description: |- Stop a running Stack. **Access policy**: authenticated operationId: StackStop parameters: - description: Stack identifier in: path name: id required: true schema: type: integer - description: Environment identifier in: query name: endpointId required: true schema: type: integer responses: "200": description: Success content: "*/*": schema: $ref: "#/components/schemas/portainer.Stack" "400": description: Invalid request "403": description: Permission denied "404": description: Not found "409": description: Conflict "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Stop a running Stack tags: - stacks /stacks/create/kubernetes/repository: post: description: >- Deploy a new stack into a Docker environment specified via the environment identifier. **Access policy**: authenticated operationId: StackCreateKubernetesGit parameters: - description: Identifier of the environment that will be used to deploy the stack in: query name: endpointId required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/stacks.kubernetesGitDeploymentPayload" description: stack config required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.Stack" "400": description: Invalid request "409": description: Stack name or webhook ID already exists "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Deploy a new kubernetes stack from a git repository tags: - stacks /stacks/create/kubernetes/string: post: description: >- Deploy a new stack into a Docker environment specified via the environment identifier. **Access policy**: authenticated operationId: StackCreateKubernetesFile parameters: - description: Identifier of the environment that will be used to deploy the stack in: query name: endpointId required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/stacks.kubernetesStringDeploymentPayload" description: stack config required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.Stack" "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Deploy a new kubernetes stack from a file tags: - stacks /stacks/create/kubernetes/url: post: description: >- Deploy a new stack into a Docker environment specified via the environment identifier. **Access policy**: authenticated operationId: StackCreateKubernetesUrl parameters: - description: Identifier of the environment that will be used to deploy the stack in: query name: endpointId required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/stacks.kubernetesManifestURLDeploymentPayload" description: stack config required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.Stack" "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Deploy a new kubernetes stack from a url tags: - stacks /stacks/create/standalone/file: post: description: >- Deploy a new stack into a Docker environment specified via the environment identifier. **Access policy**: authenticated operationId: StackCreateDockerStandaloneFile parameters: - description: Identifier of the environment that will be used to deploy the stack in: query name: endpointId required: true schema: type: integer requestBody: content: multipart/form-data: schema: type: object properties: Name: description: Name of the stack type: string Env: description: "Environment variables passed during deployment, represented as a JSON array [{'name': 'name', 'value': 'value'}]." type: string file: description: Stack file type: string format: binary required: - Name required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.Stack" "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Deploy a new compose stack from a file tags: - stacks /stacks/create/standalone/repository: post: description: >- Deploy a new stack into a Docker environment specified via the environment identifier. **Access policy**: authenticated operationId: StackCreateDockerStandaloneRepository parameters: - description: Identifier of the environment that will be used to deploy the stack in: query name: endpointId required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/stacks.composeStackFromGitRepositoryPayload" description: stack config required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.Stack" "400": description: Invalid request "409": description: Stack name or webhook ID already exists "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Deploy a new compose stack from repository tags: - stacks /stacks/create/standalone/string: post: description: >- Deploy a new stack into a Docker environment specified via the environment identifier. **Access policy**: authenticated operationId: StackCreateDockerStandaloneString parameters: - description: Identifier of the environment that will be used to deploy the stack in: query name: endpointId required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/stacks.composeStackFromFileContentPayload" description: stack config required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.Stack" "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Deploy a new compose stack from a text tags: - stacks /stacks/create/swarm/file: post: description: >- Deploy a new stack into a Docker environment specified via the environment identifier. **Access policy**: authenticated operationId: StackCreateDockerSwarmFile parameters: - description: Identifier of the environment that will be used to deploy the stack in: query name: endpointId required: true schema: type: integer requestBody: content: multipart/form-data: schema: type: object properties: Name: description: Name of the stack type: string SwarmID: description: Swarm cluster identifier. type: string Env: description: "Environment variables passed during deployment, represented as a JSON array [{'name': 'name', 'value': 'value'}]. Optional" type: string file: description: Stack file type: string format: binary responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.Stack" "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Deploy a new swarm stack from a file tags: - stacks /stacks/create/swarm/repository: post: description: >- Deploy a new stack into a Docker environment specified via the environment identifier. **Access policy**: authenticated operationId: StackCreateDockerSwarmRepository parameters: - description: Identifier of the environment that will be used to deploy the stack in: query name: endpointId required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/stacks.swarmStackFromGitRepositoryPayload" description: stack config required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.Stack" "400": description: Invalid request "409": description: Stack name or webhook ID already exists "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Deploy a new swarm stack from a git repository tags: - stacks /stacks/create/swarm/string: post: description: >- Deploy a new stack into a Docker environment specified via the environment identifier. **Access policy**: authenticated operationId: StackCreateDockerSwarmString parameters: - description: Identifier of the environment that will be used to deploy the stack in: query name: endpointId required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/stacks.swarmStackFromFileContentPayload" description: stack config required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.Stack" "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Deploy a new swarm stack from a text tags: - stacks "/stacks/name/{name}": delete: description: |- Remove a stack. **Access policy**: restricted operationId: StackDeleteKubernetesByName parameters: - description: Stack name in: path name: name required: true schema: type: string - description: Set to true to delete an external stack. Only external Swarm stacks are supported in: query name: external schema: type: boolean - description: Environment identifier in: query name: endpointId required: true schema: type: integer responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: Not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove Kubernetes stacks by name tags: - stacks "/stacks/webhooks/{webhookID}": post: description: "**Access policy**: public" operationId: WebhookInvoke parameters: - description: Stack identifier in: path name: webhookID required: true schema: type: string responses: "200": description: Success "400": description: Invalid request "409": description: Autoupdate for the stack isn't available" or "Stack deployment is already in progress "500": description: Server error summary: Webhook for triggering stack updates from git tags: - stacks /status: get: deprecated: true description: |- Deprecated: use the `/system/status` endpoint instead. Retrieve Portainer status **Access policy**: public operationId: StatusInspect responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/system.status" summary: Check Portainer status tags: - status /system/info: get: description: "**Access policy**: authenticated" operationId: systemInfo responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/system.systemInfoResponse" "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Retrieve system info tags: - system /system/nodes: get: description: "**Access policy**: authenticated" operationId: systemNodesCount responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/system.nodesCountResponse" "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Retrieve the count of nodes tags: - system /system/status: get: description: |- Retrieve Portainer status **Access policy**: public operationId: systemStatus responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/system.status" summary: Check Portainer status tags: - system /system/upgrade: post: description: |- Upgrade Portainer to BE **Access policy**: administrator operationId: systemUpgrade responses: "204": description: Success content: application/json: schema: $ref: "#/components/schemas/system.status" summary: Upgrade Portainer to BE tags: - system /system/version: get: description: |- Check if portainer has an update available **Access policy**: authenticated operationId: systemVersion responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/system.versionResponse" security: - ApiKeyAuth: [] - jwt: [] summary: Check for portainer updates tags: - system /tags: get: description: |- List tags. **Access policy**: authenticated operationId: TagList responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/portainer.Tag" type: array "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List tags tags: - tags post: description: |- Create a new tag. **Access policy**: administrator operationId: TagCreate requestBody: content: application/json: schema: $ref: "#/components/schemas/tags.tagCreatePayload" description: Tag details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.Tag" "409": description: This name is already associated to a tag "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a new tag tags: - tags "/tags/{id}": delete: description: |- Remove a tag. **Access policy**: administrator operationId: TagDelete parameters: - description: Tag identifier in: path name: id required: true schema: type: integer responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: Tag not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove a tag tags: - tags /team_memberships: get: description: >- List team memberships. Access is only available to administrators and team leaders. **Access policy**: administrator operationId: TeamMembershipList responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/portainer.TeamMembership" type: array "400": description: Invalid request "403": description: Permission denied "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List team memberships tags: - team_memberships post: description: >- Create a new team memberships. Access is only available to administrators leaders of the associated team. **Access policy**: administrator operationId: TeamMembershipCreate requestBody: content: application/json: schema: $ref: "#/components/schemas/teammemberships.teamMembershipCreatePayload" description: Team membership details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.TeamMembership" "400": description: Invalid request "403": description: Permission denied to manage memberships "409": description: Team membership already registered "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a new team membership tags: - team_memberships "/team_memberships/{id}": delete: description: >- Remove a team membership. Access is only available to administrators leaders of the associated team. **Access policy**: administrator operationId: TeamMembershipDelete parameters: - description: TeamMembership identifier in: path name: id required: true schema: type: integer responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: TeamMembership not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove a team membership tags: - team_memberships put: description: >- Update a team membership. Access is only available to administrators or leaders of the associated team. **Access policy**: administrator or leaders of the associated team operationId: TeamMembershipUpdate parameters: - description: Team membership identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/teammemberships.teamMembershipUpdatePayload" description: Team membership details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.TeamMembership" "400": description: Invalid request "403": description: Permission denied "404": description: TeamMembership not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update a team membership tags: - team_memberships /teams: get: description: >- List teams. For non-administrator users, will only list the teams they are member of. **Access policy**: restricted operationId: TeamList parameters: - description: Only list teams that the user is leader of in: query name: onlyLedTeams schema: type: boolean - description: Identifier of the environment(endpoint) that will be used to filter the authorized teams in: query name: environmentId schema: type: integer responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/portainer.Team" type: array "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List teams tags: - teams post: description: |- Create a new team. **Access policy**: administrator operationId: TeamCreate requestBody: content: application/json: schema: $ref: "#/components/schemas/teams.teamCreatePayload" description: details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.Team" "400": description: Invalid request "409": description: A team with the same name already exists "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a new team tags: - teams "/teams/{id}": delete: description: |- Remove a team. **Access policy**: administrator operationId: TeamDelete parameters: - description: Team Id in: path name: id required: true schema: type: integer responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: Team not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove a team tags: - teams get: description: >- Retrieve details about a team. Access is only available for administrator and leaders of that team. **Access policy**: administrator operationId: TeamInspect parameters: - description: Team identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.Team" "400": description: Invalid request "403": description: Permission denied "404": description: Team not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect a team tags: - teams put: description: |- Update a team. **Access policy**: administrator operationId: TeamUpdate parameters: - description: Team identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/teams.teamUpdatePayload" description: Team details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.Team" "400": description: Invalid request "403": description: Permission denied "404": description: Team not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update a team tags: - teams "/teams/{id}/memberships": get: description: >- List team memberships. Access is only available to administrators and team leaders. **Access policy**: restricted operationId: TeamMemberships parameters: - description: Team Id in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/portainer.TeamMembership" type: array "400": description: Invalid request "403": description: Permission denied "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List team memberships tags: - team_memberships /templates: get: description: |- List available templates. **Access policy**: authenticated operationId: TemplateList responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/templates.listResponse" "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List available templates tags: - templates "/templates/{id}/file": post: description: |- Get a template's file **Access policy**: authenticated operationId: TemplateFile parameters: - description: Template identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/templates.fileResponse" "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Get a template's file tags: - templates /templates/helm: get: description: "**Access policy**: authenticated" operationId: HelmRepoSearch parameters: - description: Helm repository URL in: query name: repo required: true schema: type: string - description: Helm chart name in: query name: chart schema: type: string - description: If true will use cache to search in: query name: useCache schema: type: string responses: "200": description: Success content: application/json: schema: type: string "400": description: Bad request "401": description: Unauthorized "404": description: Not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Search Helm Charts tags: - helm "/templates/helm/{command}": get: description: "**Access policy**: authenticated" operationId: HelmShow parameters: - description: Helm repository URL in: query name: repo required: true schema: type: string - description: Chart name in: query name: chart required: true schema: type: string - description: Chart version in: query name: version schema: type: string - description: chart/values/readme in: path name: command required: true schema: type: string responses: "200": description: Success content: text/plain: schema: type: string "401": description: Unauthorized "404": description: Environment(Endpoint) or ServiceAccount not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Show Helm Chart Information tags: - helm "/upload/tls/{certificate}": post: description: |- Use this environment(endpoint) to upload TLS files. **Access policy**: administrator operationId: UploadTLS parameters: - description: TLS file type. Valid values are 'ca', 'cert' or 'key'. in: path name: certificate required: true schema: type: string enum: - ca - cert - key requestBody: content: multipart/form-data: schema: type: object properties: folder: description: Folder where the TLS file will be stored. Will be created if not existing type: string file: description: The file to upload type: string format: binary required: - folder - file required: true responses: "204": description: Success "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Upload TLS files tags: - upload /users: get: description: >- List Portainer users. Non-administrator users will only be able to list other non-administrator user accounts. User passwords are filtered out, and should never be accessible. **Access policy**: restricted operationId: UserList parameters: - description: Identifier of the environment(endpoint) that will be used to filter the authorized users in: query name: environmentId schema: type: integer responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/portainer.User" type: array "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List users tags: - users post: description: |- Create a new Portainer user. Only administrators can create users. **Access policy**: restricted operationId: UserCreate requestBody: content: application/json: schema: $ref: "#/components/schemas/users.userCreatePayload" description: User details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.User" "400": description: Invalid request "403": description: Permission denied "409": description: User already exists "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a new user tags: - users "/users/{id}": delete: description: |- Remove a user. **Access policy**: administrator operationId: UserDelete parameters: - description: User identifier in: path name: id required: true schema: type: integer responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: User not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove a user tags: - users get: description: |- Retrieve details about a user. User passwords are filtered out, and should never be accessible. **Access policy**: authenticated operationId: UserInspect parameters: - description: User identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.User" "400": description: Invalid request "403": description: Permission denied "404": description: User not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect a user tags: - users put: description: |- Update user details. A regular user account can only update his details. A regular user account cannot change their username or role. **Access policy**: authenticated operationId: UserUpdate parameters: - description: User identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/users.userUpdatePayload" description: User details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.User" "400": description: Invalid request "403": description: Permission denied "404": description: User not found "409": description: Username already exist "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update a user tags: - users "/users/{id}/effective-access": get: description: |- Returns the resolved role for each environment the user can access, following the policy precedence used by the access viewer (user-endpoint, user-group, team-endpoint, team-group). Environments where the user has no role are omitted. **Access policy**: restricted operationId: UserEffectiveAccessInspect parameters: - description: User identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/users.EffectiveAccessEntry" type: array "400": description: Invalid request "403": description: Permission denied "404": description: User not found "500": description: Server error security: - ApiKeyAuth: [] jwt: [] summary: Inspect a user's effective access on every environment tags: - users "/users/{id}/helm/repositories": get: description: |- Inspect a user helm repositories. **Access policy**: authenticated operationId: HelmUserRepositoriesList parameters: - description: User identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/users.helmUserRepositoryResponse" "400": description: Invalid request "403": description: Permission denied "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List a users helm repositories tags: - helm post: description: |- Create a user helm repository. **Access policy**: authenticated operationId: HelmUserRepositoryCreate parameters: - description: User identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/users.addHelmRepoUrlPayload" description: Helm Repository required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.HelmUserRepository" "400": description: Invalid request "403": description: Permission denied "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a user helm repository tags: - helm "/users/{id}/helm/repositories/{repositoryID}": delete: description: "**Access policy**: authenticated" operationId: HelmUserRepositoryDelete parameters: - description: User identifier in: path name: id required: true schema: type: integer - description: Repository identifier in: path name: repositoryID required: true schema: type: integer responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Delete a users helm repositoryies tags: - helm "/users/{id}/memberships": get: description: |- Inspect a user memberships. **Access policy**: restricted operationId: UserMembershipsInspect parameters: - description: User identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.TeamMembership" "400": description: Invalid request "403": description: Permission denied "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect a user memberships tags: - users "/users/{id}/passwd": put: description: |- Update password for the specified user. **Access policy**: authenticated operationId: UserUpdatePassword parameters: - description: identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/users.userUpdatePasswordPayload" description: details required: true responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: User not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update password for a user tags: - users "/users/{id}/tokens": get: description: |- Gets all API keys for a user. Only the calling user or admin can retrieve api-keys. **Access policy**: authenticated operationId: UserGetAPIKeys parameters: - description: User identifier in: path name: id required: true schema: type: integer responses: "200": description: Success content: application/json: schema: items: $ref: "#/components/schemas/portainer.APIKey" type: array "400": description: Invalid request "403": description: Permission denied "404": description: User not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Get all API keys for a user tags: - users post: description: |- Generates an API key for a user. Only the calling user can generate a token for themselves. Password is required only for internal authentication. **Access policy**: restricted operationId: UserGenerateAPIKey parameters: - description: User identifier in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/users.userAccessTokenCreatePayload" description: details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/users.accessTokenResponse" "400": description: Invalid request "401": description: Unauthorized "403": description: Permission denied "404": description: User not found "500": description: Server error security: - jwt: [] summary: Generate an API key for a user tags: - users "/users/{id}/tokens/{keyID}": delete: description: |- Remove an api-key associated to a user.. Only the calling user or admin can remove api-key. **Access policy**: authenticated operationId: UserRemoveAPIKey parameters: - description: User identifier in: path name: id required: true schema: type: integer - description: Api Key identifier in: path name: keyID required: true schema: type: integer responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: Not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove an api-key associated to a user tags: - users /users/admin/check: get: description: |- Check if an administrator account exists in the database. **Access policy**: public operationId: UserAdminCheck responses: "204": description: Success "404": description: User not found summary: Check administrator account existence tags: - users /users/admin/init: post: description: >- Initialize the 'admin' user account. **Access policy**: public (requires the X-Setup-Token header on an uninitialized instance unless --no-setup-token is set) operationId: UserAdminInit parameters: - description: Setup token (required when instance is uninitialized and --no-setup-token is not set) in: header name: X-Setup-Token schema: type: string requestBody: content: application/json: schema: $ref: "#/components/schemas/users.adminInitPayload" description: User details required: true responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.User" "400": description: Invalid request "403": description: Access denied - invalid or missing setup token "409": description: Admin user already initialized "500": description: Server error summary: Initialize administrator account tags: - users /users/me: get: description: |- Retrieve details about the current user. User passwords are filtered out, and should never be accessible. **Access policy**: authenticated operationId: CurrentUserInspect responses: "200": description: Success content: application/json: schema: $ref: "#/components/schemas/portainer.User" "400": description: Invalid request "403": description: Permission denied "404": description: User not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect the current user user tags: - users /webhooks: get: description: "**Access policy**: authenticated" parameters: - description: Filters (json-string) example: '{"EndpointID":1,"ResourceID":"abc12345-abcd-2345-ab12-58005b4a0260"}' in: query name: filters schema: type: string responses: "200": description: OK content: application/json: schema: items: $ref: "#/components/schemas/portainer.Webhook" type: array "400": description: Bad Request "500": description: Internal Server Error security: - ApiKeyAuth: [] - jwt: [] summary: List webhooks tags: - webhooks post: description: "**Access policy**: authenticated" requestBody: content: application/json: schema: $ref: "#/components/schemas/webhooks.webhookCreatePayload" description: Webhook data required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.Webhook" "400": description: Invalid request "409": description: A webhook for this resource already exists "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a webhook tags: - webhooks "/webhooks/{id}": delete: description: "**Access policy**: authenticated" parameters: - description: Webhook id in: path name: id required: true schema: type: integer responses: "202": description: Webhook deleted "400": description: Bad Request "500": description: Internal Server Error security: - ApiKeyAuth: [] - jwt: [] summary: Delete a webhook tags: - webhooks post: description: |- Acts on a passed in token UUID to restart the docker service **Access policy**: public parameters: - description: Webhook token in: path name: id required: true schema: type: string responses: "202": description: Webhook executed "400": description: Bad Request "500": description: Internal Server Error summary: Execute a webhook tags: - webhooks put: description: "**Access policy**: authenticated" parameters: - description: Webhook id in: path name: id required: true schema: type: integer requestBody: content: application/json: schema: $ref: "#/components/schemas/webhooks.webhookUpdatePayload" description: Webhook data required: true responses: "200": description: OK content: application/json: schema: $ref: "#/components/schemas/portainer.Webhook" "400": description: Bad Request "409": description: Conflict "500": description: Internal Server Error security: - ApiKeyAuth: [] - jwt: [] summary: Update a webhook tags: - webhooks /websocket/attach: get: description: >- If the nodeName query parameter is present, the request will be proxied to the underlying agent environment(endpoint). If the nodeName query parameter is not specified, the request will be upgraded to the websocket protocol and an AttachStart operation HTTP request will be created and hijacked. **Access policy**: authenticated parameters: - description: environment(endpoint) ID of the environment(endpoint) where the resource is located in: query name: endpointId required: true schema: type: integer - description: node name in: query name: nodeName schema: type: string responses: "200": description: OK "400": description: Bad Request "403": description: Forbidden "404": description: Not Found "500": description: Internal Server Error security: - ApiKeyAuth: [] - jwt: [] summary: Attach a websocket tags: - websocket /websocket/exec: get: description: >- If the nodeName query parameter is present, the request will be proxied to the underlying agent environment(endpoint). If the nodeName query parameter is not specified, the request will be upgraded to the websocket protocol and an ExecStart operation HTTP request will be created and hijacked. parameters: - description: environment(endpoint) ID of the environment(endpoint) where the resource is located in: query name: endpointId required: true schema: type: integer - description: node name in: query name: nodeName schema: type: string responses: "200": description: OK "400": description: Bad Request "409": description: Conflict "500": description: Internal Server Error security: - ApiKeyAuth: [] - jwt: [] summary: Execute a websocket tags: - websocket /websocket/kubernetes-shell: get: description: >- The request will be upgraded to the websocket protocol. The request will proxy input from the client to the pod via long-lived websocket connection. **Access policy**: authenticated parameters: - description: environment(endpoint) ID of the environment(endpoint) where the resource is located in: query name: endpointId required: true schema: type: integer responses: "200": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: Environment not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Execute a websocket on kubectl shell pod tags: - websocket /websocket/pod: get: description: |- The request will be upgraded to the websocket protocol. **Access policy**: authenticated parameters: - description: environment(endpoint) ID of the environment(endpoint) where the resource is located in: query name: endpointId required: true schema: type: integer - description: namespace where the container is located in: query name: namespace required: true schema: type: string - description: name of the pod containing the container in: query name: podName required: true schema: type: string - description: name of the container in: query name: containerName required: true schema: type: string - description: command to execute in the container in: query name: command required: true schema: type: string responses: "200": description: OK "400": description: Bad Request "403": description: Forbidden "404": description: Not Found "500": description: Internal Server Error security: - ApiKeyAuth: [] - jwt: [] summary: Execute a websocket on pod tags: - websocket tags: - description: Authenticate against Portainer HTTP API name: auth x-displayName: Authentication - description: Manage backups name: backup x-displayName: Backup - description: Manage Custom Templates name: custom_templates x-displayName: Custom templates - description: Manage Docker resources name: docker x-displayName: Docker resources - description: Manage Edge related settings name: edge x-displayName: Edge settings - description: Manage an Edge agent name: edge_agent x-displayName: Edge agent - description: Manage Edge Groups name: edge_groups x-displayName: Edge groups - description: Manage Edge Jobs name: edge_jobs x-displayName: Edge jobs - description: Manage Edge Stacks name: edge_stacks x-displayName: Edge stacks - description: Manage Edge Templates name: edge_templates x-displayName: Edge templates - description: Manage environment groups name: endpoint_groups x-displayName: Environment groups - description: Manage environments name: endpoints x-displayName: Environments - description: Operate git repository name: gitops x-displayName: GitOps - description: Manage Helm charts name: helm x-displayName: Helm charts - description: Manage Kubernetes cluster name: kubernetes x-displayName: Kubernetes - description: Manage LDAP settings name: ldap x-displayName: LDAP - description: Fetch the message of the day name: motd x-displayName: Message of the day - description: Manage Docker registries name: registries x-displayName: Registries - description: Manage access control on Docker resources name: resource_controls x-displayName: Resource controls - description: Manage roles name: roles x-displayName: Roles - description: Manage Portainer settings name: settings x-displayName: Portainer settings - description: Manage ssl settings name: ssl x-displayName: SSL - description: Manage stacks name: stacks x-displayName: Stacks - description: Information about the Portainer instance name: status x-displayName: Portainer status - description: Manage Portainer system name: system x-displayName: Portainer system - description: Manage tags name: tags x-displayName: Tags - description: Manage team memberships name: team_memberships x-displayName: Team memberships - description: Manage teams name: teams x-displayName: Teams - description: Manage App Templates name: templates x-displayName: App templates - description: Upload files name: upload x-displayName: Upload files - description: Manage users name: users x-displayName: Users - description: Manage webhooks name: webhooks x-displayName: Webhooks - description: Create exec sessions using websockets name: websocket x-displayName: Websocket x-tagGroups: - name: Access Control tags: - auth - roles - team_memberships - teams - users - name: Administration tags: - backup - ldap - motd - settings - status - system - ssl - upload - name: Docker tags: - templates - custom_templates - docker - registries - resource_controls - stacks - webhooks - websocket - name: Edge Compute tags: - edge_agent - edge_groups - edge_jobs - edge - edge_stacks - name: Environment Management tags: - endpoint_groups - endpoints - tags - name: GitOps tags: - gitops - name: Kubernetes tags: - helm - kubernetes servers: - url: /api components: requestBodies: kubernetes.K8sIngressControllerArray: content: application/json: schema: items: $ref: "#/components/schemas/kubernetes.K8sIngressController" type: array description: Ingress controllers required: true endpoints.endpointDeleteBatchPayload: content: application/json: schema: $ref: "#/components/schemas/endpoints.endpointDeleteBatchPayload" description: List of environments to delete, with optional deleteCluster flag to clean-up associated resources (cloud environments only) required: true kubernetes.K8sNamespaceDetails: content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sNamespaceDetails" description: Namespace details required: true kubernetes.K8sIngressInfo: content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sIngressInfo" description: Ingress details required: true kubernetes.K8sServiceInfo: content: application/json: schema: $ref: "#/components/schemas/kubernetes.K8sServiceInfo" description: Service definition required: true securitySchemes: ApiKeyAuth: in: header name: X-API-KEY type: apiKey jwt: in: header name: Authorization type: apiKey schemas: auth.authenticatePayload: properties: Password: description: Password example: mypassword type: string Username: description: Username example: admin type: string required: - Password - Username type: object auth.authenticateResponse: properties: jwt: description: JWT token used to authenticate against the API example: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzAB type: string type: object auth.oauthPayload: properties: Code: description: OAuth code returned from OAuth Provided type: string type: object backup.backupPayload: properties: Password: type: string type: object backup.restorePayload: properties: FileContent: items: format: int32 type: integer type: array FileName: type: string Password: type: string type: object build.BuildInfo: properties: BuildNumber: type: string GitCommit: type: string GoVersion: type: string ImageTag: type: string NodejsVersion: type: string PnpmVersion: type: string WebpackVersion: type: string type: object build.DependenciesInfo: properties: ComposeVersion: type: string DockerVersion: type: string HelmVersion: type: string KubectlVersion: type: string type: object build.RuntimeInfo: properties: Env: items: type: string type: array type: object containers.containerGpusResponse: properties: gpus: type: string type: object customtemplates.customTemplateFromFileContentPayload: properties: Description: description: Description of the template example: High performance web server type: string EdgeTemplate: description: EdgeTemplate indicates if this template purpose for Edge Stack example: false type: boolean FileContent: description: Content of stack file type: string Logo: description: URL of the template's logo example: https://portainer.io/img/logo.svg type: string Note: description: A note that will be displayed in the UI. Supports HTML content example: This is my custom template type: string Platform: allOf: - $ref: "#/components/schemas/portainer.CustomTemplatePlatform" description: |- Platform associated to the template. Valid values are: 1 - 'linux', 2 - 'windows' Required for Docker stacks enum: - 1 - 2 example: 1 Title: description: Title of the template example: Nginx type: string Type: allOf: - $ref: "#/components/schemas/portainer.StackType" description: |- Type of created stack: * 1 - swarm * 2 - compose * 3 - kubernetes enum: - 1 - 2 - 3 example: 1 Variables: description: Definitions of variables in the stack file items: $ref: "#/components/schemas/portainer.CustomTemplateVariableDefinition" type: array required: - Description - FileContent - Title - Type type: object customtemplates.customTemplateFromGitRepositoryPayload: properties: ComposeFilePathInRepository: default: docker-compose.yml description: Path to the Stack file inside the Git repository example: docker-compose.yml type: string Description: description: Description of the template example: High performance web server type: string EdgeTemplate: description: EdgeTemplate indicates if this template purpose for Edge Stack example: false type: boolean IsComposeFormat: description: IsComposeFormat indicates if the Kubernetes template is created from a Docker Compose file example: false type: boolean Logo: description: URL of the template's logo example: https://portainer.io/img/logo.svg type: string Note: description: A note that will be displayed in the UI. Supports HTML content example: This is my custom template type: string Platform: allOf: - $ref: "#/components/schemas/portainer.CustomTemplatePlatform" description: |- Platform associated to the template. Valid values are: 1 - 'linux', 2 - 'windows' Required for Docker stacks enum: - 1 - 2 example: 1 RepositoryAuthentication: description: "Deprecated: use SourceID instead. Use basic authentication to clone the Git repository." example: true type: boolean RepositoryPassword: description: "Deprecated: use SourceID instead. Password used in basic authentication. Required when RepositoryAuthentication is true." example: myGitPassword type: string RepositoryReferenceName: description: Reference name of a Git repository hosting the Stack file example: refs/heads/master type: string RepositoryURL: description: "Deprecated: use SourceID instead. URL of a Git repository hosting the Stack file." example: https://github.com/openfaas/faas type: string RepositoryUsername: description: "Deprecated: use SourceID instead. Username used in basic authentication. Required when RepositoryAuthentication is true." example: myGitUsername type: string SourceID: description: |- SourceID references an existing Source for git credentials/URL. When set, the inline URL and authentication fields are ignored. example: 1 type: integer TLSSkipVerify: description: "Deprecated: use SourceID instead. TLSSkipVerify skips SSL verification when cloning the Git repository." example: false type: boolean Title: description: Title of the template example: Nginx type: string Type: allOf: - $ref: "#/components/schemas/portainer.StackType" description: |- Type of created stack: * 1 - swarm * 2 - compose * 3 - kubernetes enum: - 1 - 2 example: 1 Variables: description: Definitions of variables in the stack file items: $ref: "#/components/schemas/portainer.CustomTemplateVariableDefinition" type: array required: - Description - SourceID - Title - Type type: object customtemplates.customTemplateUpdatePayload: properties: ComposeFilePathInRepository: default: docker-compose.yml description: Path to the Stack file inside the Git repository example: docker-compose.yml type: string Description: description: Description of the template example: High performance web server type: string EdgeTemplate: description: EdgeTemplate indicates if this template purpose for Edge Stack example: false type: boolean FileContent: description: Content of stack file type: string IsComposeFormat: description: IsComposeFormat indicates if the Kubernetes template is created from a Docker Compose file example: false type: boolean Logo: description: URL of the template's logo example: https://portainer.io/img/logo.svg type: string Note: description: A note that will be displayed in the UI. Supports HTML content example: This is my custom template type: string Platform: allOf: - $ref: "#/components/schemas/portainer.CustomTemplatePlatform" description: |- Platform associated to the template. Valid values are: 1 - 'linux', 2 - 'windows' Required for Docker stacks enum: - 1 - 2 example: 1 RepositoryAuthentication: description: "Deprecated: use SourceID instead. Use authentication to clone the Git repository." example: true type: boolean RepositoryPassword: description: "Deprecated: use SourceID instead. Password used in basic authentication or token used in token authentication. Required when RepositoryAuthentication is true." example: myGitPassword type: string RepositoryReferenceName: description: Reference name of a Git repository hosting the Stack file example: refs/heads/master type: string RepositoryURL: description: "Deprecated: use SourceID instead. URL of a Git repository hosting the Stack file." example: https://github.com/openfaas/faas type: string RepositoryUsername: description: "Deprecated: use SourceID instead. Username used in basic authentication. Required when RepositoryAuthentication is true." example: myGitUsername type: string SourceID: description: |- SourceID references an existing Source for git credentials/URL. When set, the inline URL and authentication fields are ignored. example: 1 type: integer TLSSkipVerify: description: "Deprecated: use SourceID instead. TLSSkipVerify skips SSL verification when cloning the Git repository." example: false type: boolean Title: description: Title of the template example: Nginx type: string Type: allOf: - $ref: "#/components/schemas/portainer.StackType" description: Type of created stack (1 - swarm, 2 - compose, 3 - kubernetes) enum: - 1 - 2 - 3 example: 1 Variables: description: Definitions of variables in the stack file items: $ref: "#/components/schemas/portainer.CustomTemplateVariableDefinition" type: array required: - Description - FileContent - Title - Type type: object customtemplates.fileResponse: properties: FileContent: type: string type: object docker.dashboardResponse: properties: containers: $ref: "#/components/schemas/stats.ContainerStats" images: $ref: "#/components/schemas/docker.imagesCounters" networks: type: integer services: type: integer stacks: type: integer volumes: type: integer type: object docker.imagesCounters: properties: size: type: integer total: type: integer type: object edge.DeployerOptionsPayload: properties: ForceRecreate: description: >- ForceRecreate is a flag indicating if the agent must force the redeployment of the stack. This field is only used when the Force Redeployment is triggered. Once the stack is redeployed, this field will be reset to false. For standard edge agent, this field is used in agent side For async edge agent, this field is used in both agent side and server side. This flag drives `docker compose up --force-recreate` option type: boolean Prune: description: >- Prune is a flag indicating if the agent must prune the containers or not when creating/updating an edge stack This flag drives `docker compose up --remove-orphans` and `docker stack up --prune` options Used only for EE type: boolean RemoveVolumes: description: >- RemoveVolumes is a flag indicating if the agent must remove the named volumes declared in the compose file and anonymouse volumes attached to containers This flag drives `docker compose down --volumes` option Used only for EE type: boolean type: object edge.RegistryCredentials: properties: Secret: type: string ServerURL: type: string Username: type: string type: object edge.StackPayload: properties: AlwaysCloneGitRepoForRelativePath: description: >- AlwaysCloneGitRepoForRelativePath is a flag indicating if the agent must always clone the git repository for relative path. This field is only valid when SupportRelativePath is true. Used only for EE type: boolean CreatedBy: description: |- CreatedBy is the username that created this stack Used for adding labels to Kubernetes manifests type: string CreatedByUserId: description: |- CreatedByUserId is the user ID that created this stack Used for adding labels to Kubernetes manifests type: string DeployerOptionsPayload: $ref: "#/components/schemas/edge.DeployerOptionsPayload" DirEntries: description: Content of stack folder items: $ref: "#/components/schemas/filesystem.DirEntry" type: array EdgeUpdateID: description: |- EdgeUpdateID is the ID of the edge update related to this stack. Used only for EE type: integer EntryFileName: description: Name of the stack entry file type: string EnvVars: description: |- Used only for EE EnvVars is a list of environment variables to inject into the stack items: $ref: "#/components/schemas/portainer.Pair" type: array FilesystemPath: description: Mount point for relative path type: string ForceUpdate: description: >- ForceUpdate is a flag indicating if the agent must force the update of the stack. Used only for EE type: boolean HelmConfig: allOf: - $ref: "#/components/schemas/portainer.HelmConfig" description: HelmConfig represents the Helm configuration for an edge stack ID: description: ID of the stack type: integer Name: description: Name of the stack type: string Namespace: description: Namespace to use for kubernetes stack. Keep empty to use the manifest namespace. type: string PrePullImage: description: >- PrePullImage is a flag indicating if the agent must pull the image before deploying the stack. Used only for EE type: boolean RePullImage: description: >- RePullImage is a flag indicating if the agent must pull the image if it is already present on the node. Used only for EE type: boolean ReadyRePullImage: description: >- Used only for EE async edge agent ReadyRePullImage is a flag to indicate whether the auto update is trigger to re-pull image Deprecated(2.36): use DeployerOptionsPayload.ForceRecreate instead type: boolean RegistryCredentials: description: |- RegistryCredentials holds the credentials for a Docker registry. Used only for EE items: $ref: "#/components/schemas/edge.RegistryCredentials" type: array RetryDeploy: description: >- RetryDeploy is a flag indicating if the agent must retry to deploy the stack if it fails. Used only for EE type: boolean RetryPeriod: description: >- RetryPeriod specifies the duration, in seconds, for which the agent should continue attempting to deploy the stack after a failure Used only for EE type: integer RollbackTo: description: RollbackTo specifies the stack file version to rollback to (only support to rollback to the last version currently) type: integer StackFileContent: description: Content of the stack file (for compatibility to agent version less than 2.19.0) type: string SupportPerDeviceConfigs: description: Whether the edge stack supports per device configs type: boolean SupportRelativePath: description: Is relative path supported type: boolean Version: description: Version of the stack file type: integer type: object edgegroups.decoratedEdgeGroup: properties: Dynamic: type: boolean EndpointIds: description: Shadow to avoid exposing in the API type: integer EndpointTypes: items: $ref: "#/components/schemas/portainer.EndpointType" type: array Endpoints: description: "Deprecated: only used for API responses" items: type: integer type: array HasEdgeJob: type: boolean HasEdgeStack: type: boolean Id: description: EdgeGroup Identifier example: 1 type: integer Name: type: string PartialMatch: type: boolean TagIds: items: type: integer type: array TrustedEndpoints: items: type: integer type: array type: object edgegroups.edgeGroupCreatePayload: properties: Dynamic: type: boolean Endpoints: items: type: integer type: array Name: type: string PartialMatch: type: boolean TagIDs: items: type: integer type: array type: object edgegroups.edgeGroupUpdatePayload: properties: Dynamic: type: boolean Endpoints: items: type: integer type: array Name: type: string PartialMatch: type: boolean TagIDs: items: type: integer type: array type: object edgejobs.edgeJobCreateFromFileContentPayload: properties: CronExpression: type: string EdgeGroups: items: type: integer type: array Endpoints: items: type: integer type: array FileContent: type: string Name: type: string Recurring: type: boolean type: object edgejobs.edgeJobFileResponse: properties: FileContent: type: string type: object edgejobs.edgeJobUpdatePayload: properties: CronExpression: type: string EdgeGroups: items: type: integer type: array Endpoints: items: type: integer type: array FileContent: type: string Name: type: string Recurring: type: boolean type: object edgejobs.fileResponse: properties: FileContent: type: string type: object edgejobs.taskContainer: properties: EndpointId: type: integer EndpointName: type: string Id: type: string LogsStatus: $ref: "#/components/schemas/portainer.EdgeJobLogsStatus" type: object edgestacks.edgeStackFromGitRepositoryPayload: properties: DeploymentType: allOf: - $ref: "#/components/schemas/portainer.EdgeStackDeploymentType" description: |- Deployment type to deploy this stack Valid values are: 0 - 'compose', 1 - 'kubernetes' compose is enabled only for docker environments kubernetes is enabled only for kubernetes environments enum: - 0 - 1 - 2 example: 0 EdgeGroups: description: List of identifiers of EdgeGroups example: - 1 items: type: integer type: array FilePathInRepository: default: docker-compose.yml description: Path to the Stack file inside the Git repository example: docker-compose.yml type: string Name: description: >- Name of the stack Max length: 255 Name must only contains lowercase characters, numbers, hyphens, or underscores Name must start with a lowercase character or number Example: stack-name or stack_123 or stackName example: stack-name type: string Registries: description: List of Registries to use for this stack items: type: integer type: array RepositoryAuthentication: description: "Deprecated: Use SourceID instead. Use basic authentication to clone the Git repository." example: true type: boolean RepositoryPassword: description: "Deprecated: Use SourceID instead. Password used in basic authentication." example: myGitPassword type: string RepositoryReferenceName: description: Reference name of a Git repository hosting the Stack file example: refs/heads/master type: string RepositoryURL: description: "Deprecated: Use SourceID instead. URL of a Git repository hosting the Stack file." example: https://github.com/openfaas/faas type: string RepositoryUsername: description: "Deprecated: Use SourceID instead. Username used in basic authentication." example: myGitUsername type: string SourceID: description: |- SourceID references an existing Source for git credentials/URL. When set, the inline URL and authentication fields are ignored. example: 1 type: integer TLSSkipVerify: description: "Deprecated: Use SourceID instead. TLSSkipVerify skips SSL verification when cloning the Git repository." example: false type: boolean UseManifestNamespaces: description: Uses the manifest's namespaces instead of the default one type: boolean required: - EdgeGroups - Name type: object edgestacks.edgeStackFromStringPayload: properties: DeploymentType: allOf: - $ref: "#/components/schemas/portainer.EdgeStackDeploymentType" description: |- Deployment type to deploy this stack Valid values are: 0 - 'compose', 1 - 'kubernetes' compose is enabled only for docker environments kubernetes is enabled only for kubernetes environments enum: - 0 - 1 - 2 example: 0 EdgeGroups: description: List of identifiers of EdgeGroups example: - 1 items: type: integer type: array Name: description: >- Name of the stack Max length: 255 Name must only contains lowercase characters, numbers, hyphens, or underscores Name must start with a lowercase character or number Example: stack-name or stack_123 or stackName example: stack-name type: string Registries: description: List of Registries to use for this stack items: type: integer type: array StackFileContent: description: Content of the Stack file example: |- version: 3 services: web: image:nginx type: string UseManifestNamespaces: description: Uses the manifest's namespaces instead of the default one type: boolean required: - Name - StackFileContent type: object edgestacks.stackFileResponse: properties: StackFileContent: type: string type: object edgestacks.updateEdgeStackPayload: properties: DeploymentType: $ref: "#/components/schemas/portainer.EdgeStackDeploymentType" EdgeGroups: items: type: integer type: array StackFileContent: type: string UpdateVersion: type: boolean UseManifestNamespaces: description: Uses the manifest's namespaces instead of the default one type: boolean type: object edgestacks.updateStatusPayload: properties: EndpointID: type: integer Error: type: string Status: $ref: "#/components/schemas/portainer.EdgeStackStatusType" Time: format: int64 type: integer Version: type: integer type: object endpointedge.edgeJobResponse: properties: CollectLogs: description: Whether to collect logs example: true type: boolean CronExpression: description: A cron expression to schedule this job example: "* * * * *" type: string Id: description: EdgeJob Identifier example: 2 type: integer Script: description: Script to run example: echo hello type: string Version: description: Version of this EdgeJob example: 2 type: integer type: object endpointedge.endpointEdgeStatusInspectResponse: properties: checkin: description: The current value of CheckinInterval example: 5 type: integer credentials: type: string port: description: The tunnel port example: 8732 type: integer schedules: description: List of requests for jobs to run on the environment(endpoint) items: $ref: "#/components/schemas/endpointedge.edgeJobResponse" type: array stacks: description: List of stacks to be deployed on the environments(endpoints) items: $ref: "#/components/schemas/endpointedge.stackStatusResponse" type: array status: description: Status represents the environment(endpoint) status example: REQUIRED type: string type: object endpointedge.stackStatusResponse: properties: ID: description: EdgeStack Identifier example: 1 type: integer Version: description: Version of this stack example: 3 type: integer type: object endpointgroups.EndpointGroupResponse: properties: Description: description: Description associated to the environment(endpoint) group example: Environment(Endpoint) group description type: string Id: description: Environment(Endpoint) group Identifier example: 1 type: integer Name: description: Environment(Endpoint) group name example: my-environment-group type: string TagIds: description: List of tags associated to this environment(endpoint) group items: type: integer type: array TeamAccessPolicies: $ref: "#/components/schemas/portainer.TeamAccessPolicies" Total: type: integer TypeInfo: $ref: "#/components/schemas/endpointgroups.EndpointGroupTypeInfo" UserAccessPolicies: $ref: "#/components/schemas/portainer.UserAccessPolicies" required: - Description - Id - Name type: object endpointgroups.EndpointGroupTypeInfo: properties: Docker: type: integer Kubernetes: type: integer Mixed: type: boolean Podman: type: integer required: - Docker - Kubernetes - Mixed - Podman type: object endpointgroups.endpointGroupCreatePayload: properties: AssociatedEndpoints: description: List of environment(endpoint) identifiers that will be part of this group example: - 1 - 3 items: type: integer type: array Description: description: Environment(Endpoint) group description example: description type: string Name: description: Environment(Endpoint) group name example: my-environment-group type: string TagIDs: description: List of tag identifiers to which this environment(endpoint) group is associated example: - 1 - 2 items: type: integer type: array required: - Name type: object endpointgroups.endpointGroupUpdatePayload: properties: AssociatedEndpoints: description: List of environment(endpoint) identifiers that will be part of this group example: - 1 - 3 items: type: integer type: array Description: description: Environment(Endpoint) group description example: description type: string Name: description: Environment(Endpoint) group name example: my-environment-group type: string TagIDs: description: List of tag identifiers associated to the environment(endpoint) group example: - 3 - 4 items: type: integer type: array TeamAccessPolicies: $ref: "#/components/schemas/portainer.TeamAccessPolicies" UserAccessPolicies: $ref: "#/components/schemas/portainer.UserAccessPolicies" type: object endpoints.EnvironmentSummaryCountsResponse: properties: byGroup: items: $ref: "#/components/schemas/endpoints.groupCount" type: array byHealth: $ref: "#/components/schemas/endpoints.healthCounts" byPlatformType: $ref: "#/components/schemas/endpoints.platformCounts" down: type: integer outdated: type: integer total: type: integer unassigned: type: integer up: type: integer type: object endpoints.dockerhubStatusResponse: properties: limit: description: Daily limit type: integer remaining: description: Remaiming images to pull type: integer type: object endpoints.endpointCreateGlobalKeyResponse: properties: endpointID: type: integer type: object endpoints.endpointDeleteBatchPartialResponse: properties: deleted: items: type: integer type: array errors: items: type: integer type: array type: object endpoints.endpointDeleteBatchPayload: properties: endpoints: items: $ref: "#/components/schemas/endpoints.endpointDeleteRequest" type: array type: object endpoints.endpointDeleteRequest: properties: deleteCluster: type: boolean id: type: integer type: object endpoints.endpointSettingsUpdatePayload: properties: allowBindMountsForRegularUsers: description: Whether non-administrator should be able to use bind mounts when creating containers example: false type: boolean allowContainerCapabilitiesForRegularUsers: description: Whether non-administrator should be able to use container capabilities example: true type: boolean allowDeviceMappingForRegularUsers: description: Whether non-administrator should be able to use device mapping example: true type: boolean allowHostNamespaceForRegularUsers: description: Whether non-administrator should be able to use the host pid example: true type: boolean allowPrivilegedModeForRegularUsers: description: Whether non-administrator should be able to use privileged mode when creating containers example: false type: boolean allowSecurityOptForRegularUsers: description: Whether non-administrator should be able to use security-opt settings example: true type: boolean allowStackManagementForRegularUsers: description: Whether non-administrator should be able to manage stacks example: true type: boolean allowSysctlSettingForRegularUsers: description: Whether non-administrator should be able to use sysctl settings example: true type: boolean allowVolumeBrowserForRegularUsers: description: Whether non-administrator should be able to browse volumes example: true type: boolean enableGPUManagement: example: false type: boolean enableHostManagementFeatures: description: Whether host management features are enabled example: true type: boolean gpus: items: $ref: "#/components/schemas/portainer.Pair" type: array type: object endpoints.endpointUpdatePayload: properties: AzureApplicationID: description: Azure application ID example: eag7cdo9-o09l-9i83-9dO9-f0b23oe78db4 type: string AzureAuthenticationKey: description: Azure authentication key example: cOrXoK/1D35w8YQ8nH1/8ZGwzz45JIYD5jxHKXEQknk= type: string AzureTenantID: description: Azure tenant ID example: 34ddc78d-4fel-2358-8cc1-df84c8o839f5 type: string EdgeCheckinInterval: description: The check in interval for edge agent (in seconds) example: 5 type: integer Gpus: description: GPUs information items: $ref: "#/components/schemas/portainer.Pair" type: array GroupID: description: Group identifier example: 1 type: integer Kubernetes: allOf: - $ref: "#/components/schemas/portainer.KubernetesData" description: Associated Kubernetes data Name: description: Name that will be used to identify this environment(endpoint) example: my-environment type: string PublicURL: description: |- URL or IP address where exposed containers will be reachable.\ Defaults to URL if not specified example: docker.mydomain.tld:2375 type: string Status: description: The status of the environment(endpoint) (1 - up, 2 - down) example: 1 type: integer TLS: description: Require TLS to connect against this environment(endpoint) example: true type: boolean TLSSkipClientVerify: description: Skip client verification when using TLS example: false type: boolean TLSSkipVerify: description: Skip server verification when using TLS example: false type: boolean TagIDs: description: List of tag identifiers to which this environment(endpoint) is associated example: - 1 - 2 items: type: integer type: array TeamAccessPolicies: $ref: "#/components/schemas/portainer.TeamAccessPolicies" URL: description: URL or IP address of a Docker host example: docker.mydomain.tld:2375 type: string UserAccessPolicies: $ref: "#/components/schemas/portainer.UserAccessPolicies" type: object endpoints.endpointUpdateRelationsPayload: properties: Relations: additionalProperties: properties: EdgeGroups: items: type: integer type: array Group: type: integer Tags: items: type: integer type: array type: object type: object type: object endpoints.forceUpdateServicePayload: properties: PullImage: description: PullImage if true will pull the image type: boolean ServiceID: description: ServiceId to update type: string type: object endpoints.groupCount: properties: count: type: integer groupID: type: integer groupName: type: string type: object endpoints.healthCounts: properties: down: type: integer heartbeat: type: integer outdated: type: integer up: type: integer type: object endpoints.platformCounts: properties: azure: type: integer docker: type: integer kubernetes: type: integer podman: type: integer type: object endpoints.registryAccessPayload: properties: Namespaces: items: type: string type: array TeamAccessPolicies: $ref: "#/components/schemas/portainer.TeamAccessPolicies" UserAccessPolicies: $ref: "#/components/schemas/portainer.UserAccessPolicies" type: object filesystem.DirEntry: properties: Content: type: string IsFile: type: boolean Name: type: string Permissions: type: integer type: object github_com_portainer_portainer_pkg_libhelm_release.Hook: properties: delete_policies: description: DeletePolicies are the policies that indicate when to delete the hook items: type: string type: array events: description: Events are the events that this hook fires on. items: type: string type: array kind: description: Kind is the Kubernetes kind. type: string last_run: allOf: - $ref: "#/components/schemas/release.HookExecution" description: LastRun indicates the date/time this was last run. manifest: description: Manifest is the manifest contents. type: string name: type: string path: description: Path is the chart-relative path to the template. type: string weight: description: Weight indicates the sort order for execution among similar Hook type type: integer type: object gitops.fileResponse: properties: FileContent: type: string type: object gitops.repositoryFilePreviewPayload: properties: password: description: |- Password for git authentication. Deprecated: use SourceID instead example: myGitPassword type: string reference: example: refs/heads/master type: string repository: description: |- URL of a Git repository to preview. Deprecated: use SourceID instead example: https://github.com/openfaas/faas type: string sourceID: description: >- SourceID resolves URL and auth from the stored Source record. When set, the inline Repository/Username/Password/TLSSkipVerify fields are ignored. example: 1 type: integer targetFile: description: Path to file whose content will be read example: docker-compose.yml type: string tlsSkipVerify: description: >- TLSSkipVerify skips SSL verification when cloning the Git repository. Deprecated: use SourceID instead example: false type: boolean username: description: |- Username for git authentication. Deprecated: use SourceID instead example: myGitUsername type: string type: object gittypes.GitAuthentication: properties: AuthorizationType: type: integer Password: type: string Provider: type: integer Username: type: string type: object gittypes.GitSource: properties: Authentication: $ref: "#/components/schemas/gittypes.GitAuthentication" TLSSkipVerify: example: false type: boolean URL: example: https://github.com/portainer/portainer.git type: string type: object gittypes.RepoConfig: properties: Authentication: allOf: - $ref: "#/components/schemas/gittypes.GitAuthentication" description: Git credentials ConfigFilePath: description: >- ConfigFilePath is the path to the config file within the repository. NOTE: For stacks, this mirrors Stack.EntryPoint and the two are kept in sync by stackUpdateGit. example: docker-compose.yml type: string ConfigHash: description: Repository hash example: bc4c183d756879ea4d173315338110b31004b8e0 type: string ReferenceName: description: The reference name example: refs/heads/branch_name type: string TLSSkipVerify: description: TLSSkipVerify skips SSL verification when cloning the Git repository example: false type: boolean URL: description: The repo url example: https://github.com/portainer/portainer.git type: string type: object helm.installChartPayload: properties: atomic: type: boolean chart: type: string name: type: string namespace: type: string repo: type: string values: type: string version: type: string type: object images.ImageResponse: properties: created: type: integer id: type: string nodeName: type: string size: type: integer tags: items: type: string type: array used: description: |- Used is true if the image is used by at least one container supplied only when withUsage is true type: boolean type: object intstr.IntOrString: properties: IntVal: type: integer StrVal: type: string Type: $ref: "#/components/schemas/intstr.Type" type: object intstr.Type: enum: - 0 - 1 format: int64 type: integer x-enum-comments: Int: The IntOrString holds an int. String: The IntOrString holds a string. x-enum-descriptions: - The IntOrString holds an int. - The IntOrString holds a string. x-enum-varnames: - Int - String k8s_io_api_core_v1.ConditionStatus: enum: - "True" - "False" - Unknown type: string x-enum-varnames: - ConditionTrue - ConditionFalse - ConditionUnknown k8s_io_api_core_v1.HTTPHeader: properties: name: description: >- The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value type: string type: object k8s_io_api_core_v1.LocalObjectReference: properties: name: description: >- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +optional +default="" +kubebuilder:default="" TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object k8s_io_api_core_v1.ObjectReference: properties: apiVersion: description: |- API version of the referent. +optional type: string fieldPath: description: >- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. +optional type: string kind: description: >- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds +optional type: string name: description: >- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +optional type: string namespace: description: >- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ +optional type: string resourceVersion: description: >- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency +optional type: string uid: description: >- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids +optional type: string type: object k8s_io_api_core_v1.ResourceClaim: properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. +optional type: string type: object k8s_io_api_rbac_v1.Subject: properties: apiGroup: description: |- APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. +optional type: string kind: description: >- Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. type: string name: description: |- Name of the object being referenced. +required +k8s:required type: string namespace: description: >- Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. +optional type: string type: object kubernetes.Configuration: properties: ConfigurationOwner: type: string Data: additionalProperties: {} type: object Kind: type: string type: object kubernetes.CustomResourceMetadata: properties: apiVersion: type: string kind: type: string name: type: string plural: type: string scope: type: string type: object kubernetes.IngressRule: properties: Host: type: string IP: type: string Path: type: string TLS: items: $ref: "#/components/schemas/kubernetes.TLSInfo" type: array type: object kubernetes.K8sApplication: properties: Annotations: additionalProperties: type: string type: object ApplicationOwner: type: string ApplicationType: type: string Configurations: items: $ref: "#/components/schemas/kubernetes.Configuration" type: array Containers: items: {} type: array CreationDate: type: string CustomResourceMetadata: $ref: "#/components/schemas/kubernetes.CustomResourceMetadata" DeploymentType: type: string Id: type: string Image: type: string Kind: type: string Labels: additionalProperties: type: string type: object LoadBalancerIPAddress: type: string MatchLabels: additionalProperties: type: string type: object Metadata: $ref: "#/components/schemas/kubernetes.Metadata" Name: type: string Namespace: type: string Pods: items: $ref: "#/components/schemas/kubernetes.Pod" type: array PublishedPorts: items: $ref: "#/components/schemas/kubernetes.PublishedPort" type: array Resource: $ref: "#/components/schemas/kubernetes.K8sApplicationResource" ResourcePool: type: string RunningPodsCount: type: integer ServiceId: type: string ServiceName: type: string ServiceType: type: string StackId: type: string StackKind: type: string StackName: type: string Status: type: string TotalPodsCount: type: integer Uid: type: string type: object kubernetes.K8sApplicationResource: properties: CpuLimit: type: number CpuRequest: type: number MemoryLimit: type: integer MemoryRequest: type: integer type: object kubernetes.K8sClusterRole: properties: creationDate: type: string isSystem: type: boolean name: type: string uid: type: string type: object kubernetes.K8sClusterRoleBinding: properties: creationDate: type: string isSystem: type: boolean name: type: string namespace: type: string roleRef: $ref: "#/components/schemas/v1.RoleRef" subjects: items: $ref: "#/components/schemas/k8s_io_api_rbac_v1.Subject" type: array uid: type: string type: object kubernetes.K8sConfigMap: properties: Annotations: additionalProperties: type: string type: object ConfigurationOwner: type: string ConfigurationOwnerId: type: string ConfigurationOwners: items: $ref: "#/components/schemas/kubernetes.K8sConfigurationOwnerResource" type: array CreationDate: type: string Data: additionalProperties: type: string type: object IsUsed: type: boolean Labels: additionalProperties: type: string type: object Name: type: string Namespace: type: string UID: type: string type: object kubernetes.K8sConfigurationOwnerResource: properties: Id: type: string Name: type: string ResourceKind: type: string type: object kubernetes.K8sCronJob: properties: Command: type: string Id: type: string IsSystem: type: boolean Jobs: items: $ref: "#/components/schemas/kubernetes.K8sJob" type: array Name: type: string Namespace: type: string Schedule: type: string Suspend: type: boolean Timezone: type: string type: object kubernetes.K8sCronJobDeleteRequests: additionalProperties: items: type: string type: array type: object kubernetes.K8sDashboard: properties: applicationsCount: type: integer configMapsCount: type: integer ingressesCount: type: integer namespacesCount: type: integer secretsCount: type: integer servicesCount: type: integer volumesCount: type: integer type: object kubernetes.K8sEvent: properties: count: type: integer eventTime: type: string firstTimestamp: type: string involvedObject: $ref: "#/components/schemas/kubernetes.K8sEventInvolvedObject" kind: type: string lastTimestamp: type: string message: type: string name: type: string namespace: type: string reason: type: string type: type: string uid: type: string type: object kubernetes.K8sEventInvolvedObject: properties: kind: type: string name: type: string namespace: type: string uid: type: string type: object kubernetes.K8sIngressController: properties: Availability: type: boolean ClassName: type: string Name: type: string New: type: boolean Type: type: string Used: type: boolean type: object kubernetes.K8sIngressDeleteRequests: additionalProperties: items: type: string type: array type: object kubernetes.K8sIngressInfo: properties: Annotations: additionalProperties: type: string type: object ClassName: type: string CreationDate: type: string Hosts: items: type: string type: array Labels: additionalProperties: type: string type: object Name: type: string Namespace: type: string Paths: items: $ref: "#/components/schemas/kubernetes.K8sIngressPath" type: array TLS: items: $ref: "#/components/schemas/kubernetes.K8sIngressTLS" type: array Type: type: string UID: type: string type: object kubernetes.K8sIngressPath: properties: HasService: type: boolean Host: type: string IngressName: type: string Path: type: string PathType: type: string Port: type: integer ServiceName: type: string type: object kubernetes.K8sIngressTLS: properties: Hosts: items: type: string type: array SecretName: type: string type: object kubernetes.K8sJob: properties: BackoffLimit: type: integer Command: type: string Completions: type: integer Container: $ref: "#/components/schemas/v1.Container" Duration: type: string FailedReason: type: string FinishTime: type: string Id: type: string IsSystem: type: boolean Name: type: string Namespace: type: string PodName: type: string StartTime: type: string Status: type: string type: object kubernetes.K8sJobDeleteRequests: additionalProperties: items: type: string type: array type: object kubernetes.K8sNamespaceDetails: properties: Annotations: additionalProperties: type: string type: object Name: type: string Owner: type: string ResourceQuota: $ref: "#/components/schemas/kubernetes.K8sResourceQuota" type: object kubernetes.K8sPVCResizeRequest: properties: name: type: string namespace: type: string newSize: type: string type: object kubernetes.K8sPVReclaimPolicyRequest: properties: name: type: string reclaimPolicy: $ref: "#/components/schemas/v1.PersistentVolumeReclaimPolicy" type: object kubernetes.K8sPersistentVolume: properties: accessModes: items: type: string type: array annotations: additionalProperties: type: string type: object capacity: $ref: "#/components/schemas/v1.ResourceList" claimRef: $ref: "#/components/schemas/k8s_io_api_core_v1.ObjectReference" creationDate: type: string csi: $ref: "#/components/schemas/v1.CSIPersistentVolumeSource" humanReadableAccessModes: items: $ref: "#/components/schemas/v1.PersistentVolumeAccessMode" type: array labels: additionalProperties: type: string type: object name: type: string persistentVolumeReclaimPolicy: $ref: "#/components/schemas/v1.PersistentVolumeReclaimPolicy" status: $ref: "#/components/schemas/v1.PersistentVolumePhase" storageClassName: type: string volumeMode: $ref: "#/components/schemas/v1.PersistentVolumeMode" type: object kubernetes.K8sPersistentVolumeClaim: properties: accessModes: items: type: string type: array allowVolumeExpansion: type: boolean creationDate: type: string humanReadableAccessModes: items: $ref: "#/components/schemas/v1.PersistentVolumeAccessMode" type: array id: type: string labels: additionalProperties: type: string type: object name: type: string namespace: type: string owningApplications: items: $ref: "#/components/schemas/kubernetes.K8sApplication" type: array phase: $ref: "#/components/schemas/v1.PersistentVolumeClaimPhase" resourcesRequests: $ref: "#/components/schemas/v1.ResourceList" storage: type: integer storageClass: type: string storageRequest: type: string volumeMode: $ref: "#/components/schemas/v1.PersistentVolumeMode" volumeName: type: string type: object kubernetes.K8sResourceQuota: properties: cpu: type: string enabled: type: boolean memory: type: string type: object kubernetes.K8sRole: properties: creationDate: type: string isSystem: description: >- isSystem is true if prefixed with "system:" or exists in the kube-system namespace or is one of the portainer roles type: boolean name: type: string namespace: type: string uid: type: string type: object kubernetes.K8sRoleBinding: properties: creationDate: type: string isSystem: type: boolean name: type: string namespace: type: string roleRef: $ref: "#/components/schemas/v1.RoleRef" subjects: items: $ref: "#/components/schemas/k8s_io_api_rbac_v1.Subject" type: array uid: type: string type: object kubernetes.K8sRoleBindingDeleteRequests: additionalProperties: items: type: string type: array type: object kubernetes.K8sRoleDeleteRequests: additionalProperties: items: type: string type: array type: object kubernetes.K8sSecret: properties: Annotations: additionalProperties: type: string type: object ConfigurationOwner: type: string ConfigurationOwnerId: type: string ConfigurationOwners: items: $ref: "#/components/schemas/kubernetes.K8sConfigurationOwnerResource" type: array CreationDate: type: string Data: additionalProperties: type: string type: object IsUsed: type: boolean Labels: additionalProperties: type: string type: object Name: type: string Namespace: type: string SecretType: type: string UID: type: string type: object kubernetes.K8sServiceAccount: properties: annotations: additionalProperties: type: string type: object automountServiceAccountToken: type: boolean creationDate: type: string imagePullSecrets: items: $ref: "#/components/schemas/k8s_io_api_core_v1.LocalObjectReference" type: array isSystem: type: boolean labels: additionalProperties: type: string type: object name: type: string namespace: type: string uid: type: string type: object kubernetes.K8sServiceAccountDeleteRequests: additionalProperties: items: type: string type: array type: object kubernetes.K8sServiceAccountImagePullSecretsUpdatePayload: properties: secretNames: items: type: string type: array type: object kubernetes.K8sServiceDeleteRequests: additionalProperties: items: type: string type: array type: object kubernetes.K8sServiceInfo: properties: AllocateLoadBalancerNodePorts: type: boolean Annotations: additionalProperties: type: string type: object Applications: description: serviceList screen items: $ref: "#/components/schemas/kubernetes.K8sApplication" type: array ClusterIPs: items: type: string type: array CreationDate: type: string ExternalIPs: items: type: string type: array ExternalName: type: string IngressStatus: items: $ref: "#/components/schemas/kubernetes.K8sServiceIngress" type: array Labels: additionalProperties: type: string type: object Name: type: string Namespace: type: string Ports: items: $ref: "#/components/schemas/kubernetes.K8sServicePort" type: array Selector: additionalProperties: type: string type: object Type: type: string UID: type: string type: object kubernetes.K8sServiceIngress: properties: Hostname: type: string IP: type: string type: object kubernetes.K8sServicePort: properties: Name: type: string NodePort: type: integer Port: type: integer Protocol: type: string TargetPort: type: string type: object kubernetes.K8sStorageClass: properties: allowVolumeExpansion: type: boolean annotations: additionalProperties: type: string type: object creationDate: type: string isDefault: type: boolean labels: additionalProperties: type: string type: object mountOptions: items: type: string type: array name: type: string parameters: additionalProperties: type: string type: object provisioner: type: string reclaimPolicy: $ref: "#/components/schemas/v1.PersistentVolumeReclaimPolicy" type: object kubernetes.K8sVolumeDeleteRequest: properties: name: type: string namespace: type: string type: object kubernetes.K8sVolumeInfo: properties: persistentVolume: $ref: "#/components/schemas/kubernetes.K8sPersistentVolume" persistentVolumeClaim: $ref: "#/components/schemas/kubernetes.K8sPersistentVolumeClaim" storageClass: $ref: "#/components/schemas/kubernetes.K8sStorageClass" type: object kubernetes.KubernetesNodeResponse: properties: apiVersion: description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources +optional type: string kind: description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds +optional type: string metadata: allOf: - $ref: "#/components/schemas/v1.ObjectMeta" description: >- Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +optional spec: allOf: - $ref: "#/components/schemas/v1.NodeSpec" description: >- Spec defines the behavior of a node. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +optional status: allOf: - $ref: "#/components/schemas/v1.NodeStatus" description: >- Most recently observed status of the node. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +optional type: object kubernetes.Metadata: properties: annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object type: object kubernetes.Pod: properties: ContainerName: type: string CreationDate: type: string Image: type: string ImagePullPolicy: type: string Name: type: string NodeName: type: string PodIP: type: string Resource: $ref: "#/components/schemas/kubernetes.K8sApplicationResource" Status: type: string Uid: type: string type: object kubernetes.PublishedPort: properties: IngressRules: items: $ref: "#/components/schemas/kubernetes.IngressRule" type: array Port: type: integer type: object kubernetes.TLSInfo: properties: hosts: items: type: string type: array type: object kubernetes.describeResourceResponse: properties: describe: type: string type: object kubernetes.kubernetesVersionResponse: properties: buildDate: type: string compiler: type: string emulationMajor: description: EmulationMajor is the major version of the emulation version type: string emulationMinor: description: EmulationMinor is the minor version of the emulation version type: string gitCommit: type: string gitTreeState: type: string gitVersion: type: string goVersion: type: string major: description: Major is the major version of the binary version type: string minCompatibilityMajor: description: MinCompatibilityMajor is the major version of the minimum compatibility version type: string minCompatibilityMinor: description: MinCompatibilityMinor is the minor version of the minimum compatibility version type: string minor: description: Minor is the minor version of the binary version type: string platform: type: string supportsPodRestart: description: >- SupportsPodRestart is true when the cluster exposes the `pods/restart` subresource via API discovery — i.e. the feature gate is enabled and the cluster version is recent enough. This is the authoritative signal for whether Portainer can call the pod-restart endpoint, and is preferred over a raw Kubernetes-version comparison. type: boolean type: object kubernetes.namespacesToggleSystemPayload: properties: System: description: Toggle the system state of this namespace to true or false example: true type: boolean type: object ldap.checkPayload: properties: LDAPSettings: $ref: "#/components/schemas/portainer.LDAPSettings" type: object motd.Motd: properties: ContentLayout: additionalProperties: type: string type: object Hash: items: type: integer type: array Message: type: string Style: type: string Title: type: string type: object oauth2.AuthStyle: enum: - 0 - 1 - 2 type: integer x-enum-varnames: - AuthStyleAutoDetect - AuthStyleInParams - AuthStyleInHeader platform.ContainerPlatform: enum: - Docker - Docker Standalone - Docker Swarm - Kubernetes - Podman type: string x-enum-varnames: - PlatformDocker - PlatformDockerStandalone - PlatformDockerSwarm - PlatformKubernetes - PlatformPodman portainer.APIKey: properties: dateCreated: description: Unix timestamp (UTC) when the API key was created type: integer description: example: portainer-api-key type: string digest: description: Digest represents SHA256 hash of the raw API key type: string id: example: 1 type: integer lastUsed: description: Unix timestamp (UTC) when the API key was last used type: integer prefix: description: API key identifier (7 char prefix) type: string userId: example: 1 type: integer type: object portainer.AccessPolicy: properties: Namespaces: description: Namespaces is a list of namespaces that this access policy applies to. Only used for namespaced level roles items: type: string type: array RoleId: description: Role identifier. Reference the role that will be associated to this access policy example: 1 type: integer required: - RoleId type: object portainer.Artifact: properties: edgeGroups: items: type: integer type: array edgeStackId: type: integer envGroups: items: type: integer type: array envIds: items: type: integer type: array files: items: $ref: "#/components/schemas/portainer.ArtifactFile" type: array stackId: type: integer type: object portainer.ArtifactFile: properties: hash: example: abc123 type: string path: example: portainer.yaml type: string pathError: type: string pathStatus: $ref: "#/components/schemas/portainer.SourceStatus" ref: example: refs/heads/main type: string refError: type: string refStatus: $ref: "#/components/schemas/portainer.SourceStatus" sourceId: type: integer type: object portainer.AuthenticationMethod: enum: - 0 - 1 - 2 - 3 type: integer x-enum-varnames: - _ - AuthenticationInternal - AuthenticationLDAP - AuthenticationOAuth portainer.Authorizations: additionalProperties: type: boolean type: object portainer.AutoUpdateSettings: properties: ForcePullImage: description: Pull latest image example: false type: boolean ForceUpdate: description: Force update ignores repo changes example: false type: boolean Interval: description: Auto update interval example: 1m30s type: string JobID: description: Autoupdate job id example: "15" type: string Webhook: description: A UUID generated from client example: 05de31a2-79fa-4644-9c12-faa67e5c49f0 type: string type: object portainer.AzureCredentials: properties: ApplicationID: description: Azure application ID example: eag7cdo9-o09l-9i83-9dO9-f0b23oe78db4 type: string AuthenticationKey: description: Azure authentication key example: cOrXoK/1D35w8YQ8nH1/8ZGwzz45JIYD5jxHKXEQknk= type: string TenantID: description: Azure tenant ID example: 34ddc78d-4fel-2358-8cc1-df84c8o839f5 type: string required: - ApplicationID - AuthenticationKey - TenantID type: object portainer.CustomTemplate: properties: CreatedByUserId: description: User identifier who created this template example: 3 type: integer Description: description: Description of the template example: High performance web server type: string EdgeTemplate: description: EdgeTemplate indicates if this template purpose for Edge Stack example: false type: boolean EntryPoint: description: Path to the Stack file example: docker-compose.yml type: string GitConfig: $ref: "#/components/schemas/gittypes.RepoConfig" Id: description: CustomTemplate Identifier example: 1 type: integer IsComposeFormat: description: IsComposeFormat indicates if the Kubernetes template is created from a Docker Compose file example: false type: boolean Logo: description: URL of the template's logo example: https://portainer.io/img/logo.svg type: string Note: description: A note that will be displayed in the UI. Supports HTML content example: This is my custom template type: string Platform: allOf: - $ref: "#/components/schemas/portainer.CustomTemplatePlatform" description: |- Platform associated to the template. Valid values are: 1 - 'linux', 2 - 'windows' enum: - 1 - 2 example: 1 ProjectPath: description: Path on disk to the repository hosting the Stack file example: /data/custom_template/3 type: string ResourceControl: $ref: "#/components/schemas/portainer.ResourceControl" Title: description: Title of the template example: Nginx type: string Type: allOf: - $ref: "#/components/schemas/portainer.StackType" description: |- Type of created stack: * 1 - swarm * 2 - compose * 3 - kubernetes enum: - 1 - 2 - 3 example: 1 Variables: items: $ref: "#/components/schemas/portainer.CustomTemplateVariableDefinition" type: array artifact: $ref: "#/components/schemas/portainer.Artifact" type: object portainer.CustomTemplatePlatform: enum: - 0 - 1 - 2 type: integer x-enum-varnames: - _ - CustomTemplatePlatformLinux - CustomTemplatePlatformWindows portainer.CustomTemplateVariableDefinition: properties: defaultValue: example: default value type: string description: example: Description type: string label: example: My Variable type: string name: example: MY_VAR type: string type: object portainer.DiagnosticsData: properties: DNS: additionalProperties: type: string type: object Log: type: string Proxy: additionalProperties: type: string type: object Telnet: additionalProperties: type: string type: object type: object portainer.DockerSnapshot: properties: ContainerCount: type: integer DiagnosticsData: $ref: "#/components/schemas/portainer.DiagnosticsData" DockerSnapshotRaw: $ref: "#/components/schemas/portainer.DockerSnapshotRaw" DockerVersion: type: string GpuUseAll: type: boolean GpuUseList: items: type: string type: array HealthyContainerCount: type: integer ImageCount: type: integer IsPodman: type: boolean NodeCount: type: integer PerformanceMetrics: $ref: "#/components/schemas/portainer.PerformanceMetrics" RunningContainerCount: type: integer ServiceCount: type: integer StackCount: type: integer StoppedContainerCount: type: integer Swarm: type: boolean Time: type: integer TotalCPU: type: integer TotalMemory: type: integer UnhealthyContainerCount: type: integer VolumeCount: type: integer required: - ContainerCount - DockerVersion - GpuUseAll - HealthyContainerCount - ImageCount - IsPodman - NodeCount - RunningContainerCount - ServiceCount - StackCount - StoppedContainerCount - Swarm - Time - TotalCPU - TotalMemory - UnhealthyContainerCount - VolumeCount type: object portainer.DockerSnapshotRaw: type: object portainer.EcrData: properties: Region: example: ap-southeast-2 type: string type: object portainer.Edge: properties: AsyncMode: description: Deprecated 2.18 example: false type: boolean CommandInterval: description: The command list interval for edge agent - used in edge async mode (in seconds) example: 5 type: integer PingInterval: description: The ping interval for edge agent - used in edge async mode (in seconds) example: 5 type: integer SnapshotInterval: description: The snapshot interval for edge agent - used in edge async mode (in seconds) example: 5 type: integer type: object portainer.EdgeGroup: properties: Dynamic: type: boolean EndpointIds: $ref: "#/components/schemas/roar.Roar-portainer_EndpointID" Endpoints: description: "Deprecated: only used for API responses" items: type: integer type: array Id: description: EdgeGroup Identifier example: 1 type: integer Name: type: string PartialMatch: type: boolean TagIds: items: type: integer type: array type: object portainer.EdgeJob: properties: Created: type: integer CronExpression: type: string EdgeGroups: items: type: integer type: array Endpoints: additionalProperties: $ref: "#/components/schemas/portainer.EdgeJobEndpointMeta" type: object GroupLogsCollection: additionalProperties: $ref: "#/components/schemas/portainer.EdgeJobEndpointMeta" description: Field used for log collection of Endpoints belonging to EdgeGroups type: object Id: description: EdgeJob Identifier example: 1 type: integer Name: type: string Recurring: type: boolean ScriptPath: type: string Version: type: integer type: object portainer.EdgeJobEndpointMeta: properties: CollectLogs: type: boolean LogsStatus: $ref: "#/components/schemas/portainer.EdgeJobLogsStatus" type: object portainer.EdgeJobLogsStatus: enum: - 0 - 1 - 2 - 3 type: integer x-enum-varnames: - _ - EdgeJobLogsStatusIdle - EdgeJobLogsStatusPending - EdgeJobLogsStatusCollected portainer.EdgeStack: properties: CreatedBy: description: The username which created this stack example: admin type: string CreatedByUserId: description: The username id which created this stack example: "1" type: string CreationDate: description: StatusArray map[EndpointID][]EdgeStackStatus `json:"StatusArray"` type: integer DeploymentType: $ref: "#/components/schemas/portainer.EdgeStackDeploymentType" EdgeGroups: items: type: integer type: array EntryPoint: type: string Id: description: EdgeStack Identifier example: 1 type: integer ManifestPath: type: string Name: type: string NumDeployments: type: integer ProjectPath: type: string Status: additionalProperties: $ref: "#/components/schemas/portainer.EdgeStackStatus" type: object UseManifestNamespaces: description: Uses the manifest's namespaces instead of the default one type: boolean Version: type: integer type: object portainer.EdgeStackDeploymentStatus: properties: Error: type: string RollbackTo: description: EE only feature type: integer Time: format: int64 type: integer Type: $ref: "#/components/schemas/portainer.EdgeStackStatusType" Version: type: integer type: object portainer.EdgeStackDeploymentType: enum: - 0 - 1 type: integer x-enum-varnames: - EdgeStackDeploymentCompose - EdgeStackDeploymentKubernetes portainer.EdgeStackStatus: properties: DeploymentInfo: allOf: - $ref: "#/components/schemas/portainer.StackDeploymentInfo" description: EE only feature Details: allOf: - $ref: "#/components/schemas/portainer.EdgeStackStatusDetails" description: Deprecated EndpointID: type: integer Error: description: Deprecated type: string ReadyRePullImage: description: ReadyRePullImage is a flag to indicate whether the auto update is trigger to re-pull image type: boolean Status: items: $ref: "#/components/schemas/portainer.EdgeStackDeploymentStatus" type: array Type: allOf: - $ref: "#/components/schemas/portainer.EdgeStackStatusType" description: Deprecated type: object portainer.EdgeStackStatusDetails: properties: Acknowledged: type: boolean Error: type: boolean ImagesPulled: type: boolean Ok: type: boolean Pending: type: boolean RemoteUpdateSuccess: type: boolean Remove: type: boolean type: object portainer.EdgeStackStatusType: enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 - 12 - 13 type: integer x-enum-varnames: - EdgeStackStatusPending - EdgeStackStatusDeploymentReceived - EdgeStackStatusError - EdgeStackStatusAcknowledged - EdgeStackStatusRemoved - EdgeStackStatusRemoteUpdateSuccess - EdgeStackStatusImagesPulled - EdgeStackStatusRunning - EdgeStackStatusDeploying - EdgeStackStatusRemoving - EdgeStackStatusPausedDeploying - EdgeStackStatusRollingBack - EdgeStackStatusRolledBack - EdgeStackStatusCompleted portainer.Endpoint: properties: Agent: $ref: "#/components/schemas/portainer.EnvironmentAgentData" AzureCredentials: $ref: "#/components/schemas/portainer.AzureCredentials" ComposeSyntaxMaxVersion: description: Maximum version of docker-compose example: "3.8" type: string ContainerEngine: description: ContainerEngine represents the container engine type. This can be 'docker' or 'podman' when interacting directly with these environments, otherwise '' for kubernetes environments. example: docker type: string Edge: $ref: "#/components/schemas/portainer.EnvironmentEdgeSettings" EdgeCheckinInterval: description: The check in interval for edge agent (in seconds) example: 5 type: integer EdgeID: description: The identifier of the edge agent associated with this environment(endpoint) type: string EdgeKey: description: The key which is used to map the agent to Portainer type: string EnableGPUManagement: type: boolean Gpus: items: $ref: "#/components/schemas/portainer.Pair" type: array GroupId: description: Environment(Endpoint) group identifier example: 1 type: integer Heartbeat: description: Heartbeat indicates the heartbeat status of an edge environment example: true type: boolean Id: description: Environment(Endpoint) Identifier example: 1 type: integer Kubernetes: allOf: - $ref: "#/components/schemas/portainer.KubernetesData" description: Associated Kubernetes data LastCheckInDate: description: LastCheckInDate mark last check-in date on checkin type: integer Name: description: Environment(Endpoint) name example: my-environment type: string PublicURL: description: URL or IP address where exposed containers will be reachable example: docker.mydomain.tld:2375 type: string SecuritySettings: allOf: - $ref: "#/components/schemas/portainer.EndpointSecuritySettings" description: Environment(Endpoint) specific security settings Snapshots: description: List of snapshots items: $ref: "#/components/schemas/portainer.DockerSnapshot" type: array Status: allOf: - $ref: "#/components/schemas/portainer.EndpointStatus" description: The status of the environment(endpoint) (1 - up, 2 - down, 3 - provisioning, 4 - error) enum: - 1 - 2 - 3 - 4 example: 1 TLSConfig: $ref: "#/components/schemas/portainer.TLSConfiguration" TagIds: description: List of tag identifiers to which this environment(endpoint) is associated items: type: integer type: array TeamAccessPolicies: allOf: - $ref: "#/components/schemas/portainer.TeamAccessPolicies" description: List of team identifiers authorized to connect to this environment(endpoint) Type: allOf: - $ref: "#/components/schemas/portainer.EndpointType" description: Environment(Endpoint) environment(endpoint) type. 1 for a Docker environment(endpoint), 2 for an agent on Docker environment(endpoint) or 3 for an Azure environment(endpoint). example: 1 URL: description: URL or IP address of the Docker host associated to this environment(endpoint) example: docker.mydomain.tld:2375 type: string UserAccessPolicies: allOf: - $ref: "#/components/schemas/portainer.UserAccessPolicies" description: List of user identifiers authorized to connect to this environment(endpoint) UserTrusted: description: Whether the device has been trusted or not by the user type: boolean required: - Agent - ComposeSyntaxMaxVersion - ContainerEngine - Edge - EdgeCheckinInterval - EdgeKey - GroupId - Id - Kubernetes - LastCheckInDate - Name - PublicURL - SecuritySettings - TLSConfig - Type - URL type: object portainer.EndpointGroup: properties: Description: description: Description associated to the environment(endpoint) group example: Environment(Endpoint) group description type: string Id: description: Environment(Endpoint) group Identifier example: 1 type: integer Name: description: Environment(Endpoint) group name example: my-environment-group type: string TagIds: description: List of tags associated to this environment(endpoint) group items: type: integer type: array TeamAccessPolicies: $ref: "#/components/schemas/portainer.TeamAccessPolicies" UserAccessPolicies: $ref: "#/components/schemas/portainer.UserAccessPolicies" required: - Description - Id - Name type: object portainer.EndpointSecuritySettings: properties: allowBindMountsForRegularUsers: description: Whether non-administrator should be able to use bind mounts when creating containers example: false type: boolean allowContainerCapabilitiesForRegularUsers: description: Whether non-administrator should be able to use container capabilities example: true type: boolean allowDeviceMappingForRegularUsers: description: Whether non-administrator should be able to use device mapping example: true type: boolean allowHostNamespaceForRegularUsers: description: Whether non-administrator should be able to use the host pid example: true type: boolean allowPrivilegedModeForRegularUsers: description: Whether non-administrator should be able to use privileged mode when creating containers example: false type: boolean allowSecurityOptForRegularUsers: description: Whether non-administrator should be able to use security-opt settings example: true type: boolean allowStackManagementForRegularUsers: description: Whether non-administrator should be able to manage stacks example: true type: boolean allowSysctlSettingForRegularUsers: description: Whether non-administrator should be able to use sysctl settings example: true type: boolean allowVolumeBrowserForRegularUsers: description: Whether non-administrator should be able to browse volumes example: true type: boolean enableHostManagementFeatures: description: Whether host management features are enabled example: true type: boolean required: - allowBindMountsForRegularUsers - allowContainerCapabilitiesForRegularUsers - allowDeviceMappingForRegularUsers - allowHostNamespaceForRegularUsers - allowPrivilegedModeForRegularUsers - allowSecurityOptForRegularUsers - allowStackManagementForRegularUsers - allowSysctlSettingForRegularUsers - allowVolumeBrowserForRegularUsers - enableHostManagementFeatures type: object portainer.EndpointStatus: enum: - 0 - 1 - 2 type: integer x-enum-varnames: - _ - EndpointStatusUp - EndpointStatusDown portainer.EndpointType: enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 type: integer x-enum-varnames: - _ - DockerEnvironment - AgentOnDockerEnvironment - AzureEnvironment - EdgeAgentOnDockerEnvironment - KubernetesLocalEnvironment - AgentOnKubernetesEnvironment - EdgeAgentOnKubernetesEnvironment portainer.EnvironmentAgentData: properties: Version: example: 1.0.0 type: string type: object portainer.EnvironmentEdgeSettings: properties: AsyncMode: description: Whether the device has been started in edge async mode type: boolean CommandInterval: description: The command list interval for edge agent - used in edge async mode [seconds] example: 60 type: integer PingInterval: description: The ping interval for edge agent - used in edge async mode [seconds] example: 60 type: integer SnapshotInterval: description: The snapshot interval for edge agent - used in edge async mode [seconds] example: 60 type: integer required: - AsyncMode - CommandInterval - PingInterval - SnapshotInterval type: object portainer.GithubRegistryData: properties: OrganisationName: type: string UseOrganisation: type: boolean type: object portainer.GitlabRegistryData: properties: InstanceURL: type: string ProjectId: type: integer ProjectPath: type: string type: object portainer.GlobalDeploymentOptions: properties: hideStacksFunctionality: example: false type: boolean type: object portainer.HelmConfig: properties: Atomic: description: >- Atomic enables automatic rollback on deployment failure (equivalent to helm --atomic). Used by both git repo and Helm repository deployments. example: true type: boolean ChartName: description: |- ChartName is the name of the Helm chart within the repository. Required for Helm repository deployments. example: nginx type: string ChartPath: description: >- ChartPath is the path to a Helm chart folder within the cloned git repository. Used exclusively for git repo helm deployments. Mutually exclusive with ChartURL. example: charts/my-app type: string ChartURL: description: >- ChartURL is the URL of a Helm chart repository. Used exclusively for Helm repository deployments. Mutually exclusive with ChartPath. example: https://charts.bitnami.com/bitnami type: string ChartVersion: description: >- ChartVersion is the version of the Helm chart to deploy. Empty means latest. Used exclusively for Helm repository deployments. example: 15.0.0 type: string Namespace: description: |- Namespace is the Kubernetes namespace to deploy the Helm chart into. Used by both git repo and Helm repository deployments. example: default type: string Timeout: description: >- Timeout sets the deadline for Helm operations (equivalent to helm --timeout, e.g. "5m0s"). Used by both git repo and Helm repository deployments. example: 5m0s type: string ValuesFiles: description: >- ValuesFiles is a list of relative paths to Helm values YAML files within the cloned git repository. Used exclusively for git repo helm deployments. example: - "['values/prod.yaml'" - " 'values/secrets.yaml']" items: type: string type: array ValuesInline: description: |- ValuesInline is the inline YAML string of Helm values. Used exclusively for Helm repository deployments. example: "replicaCount: 2" type: string type: object portainer.HelmUserRepository: properties: Id: description: Membership Identifier example: 1 type: integer URL: description: Helm repository URL example: https://charts.bitnami.com/bitnami type: string UserId: description: User identifier example: 1 type: integer type: object portainer.InternalAuthSettings: properties: RequiredPasswordLength: type: integer type: object portainer.K8sNamespaceInfo: properties: Annotations: additionalProperties: type: string type: object CreationDate: type: string Id: type: string IsDefault: type: boolean IsSystem: type: boolean Name: type: string NamespaceOwner: type: string ResourceQuota: $ref: "#/components/schemas/v1.ResourceQuota" Status: $ref: "#/components/schemas/v1.NamespaceStatus" UnhealthyEventCount: type: integer type: object portainer.K8sNodeLimits: properties: CPU: type: integer Memory: type: integer type: object portainer.K8sNodesLimits: additionalProperties: $ref: "#/components/schemas/portainer.K8sNodeLimits" type: object portainer.KubernetesConfiguration: properties: AllowNoneIngressClass: type: boolean EnableResourceOverCommit: type: boolean IngressAvailabilityPerNamespace: type: boolean IngressClasses: items: $ref: "#/components/schemas/portainer.KubernetesIngressClassConfig" type: array ResourceOverCommitPercentage: type: integer RestrictDefaultNamespace: type: boolean StorageClasses: items: $ref: "#/components/schemas/portainer.KubernetesStorageClassConfig" type: array UseLoadBalancer: type: boolean UseServerMetrics: type: boolean required: - AllowNoneIngressClass - IngressAvailabilityPerNamespace type: object portainer.KubernetesData: properties: Configuration: $ref: "#/components/schemas/portainer.KubernetesConfiguration" Flags: $ref: "#/components/schemas/portainer.KubernetesFlags" Snapshots: items: $ref: "#/components/schemas/portainer.KubernetesSnapshot" type: array required: - Configuration - Flags type: object portainer.KubernetesFlags: properties: GPUOperator: type: boolean IsServerIngressClassDetected: type: boolean IsServerMetricsDetected: type: boolean IsServerStorageDetected: type: boolean required: - IsServerIngressClassDetected - IsServerMetricsDetected - IsServerStorageDetected type: object portainer.KubernetesIngressClassConfig: properties: Blocked: type: boolean BlockedNamespaces: items: type: string type: array Name: type: string Type: type: string required: - Name - Type type: object portainer.KubernetesSnapshot: properties: ClusterType: type: string DiagnosticsData: $ref: "#/components/schemas/portainer.DiagnosticsData" GPUNodeCount: type: integer KubernetesVersion: type: string NodeCount: type: integer PerformanceMetrics: $ref: "#/components/schemas/portainer.PerformanceMetrics" Time: type: integer TotalCPU: type: integer TotalGPU: additionalProperties: format: int64 type: integer type: object TotalMemory: type: integer required: - KubernetesVersion - NodeCount - Time - TotalCPU - TotalMemory type: object portainer.KubernetesStorageClassConfig: properties: AccessModes: items: type: string type: array AllowVolumeExpansion: type: boolean Name: type: string Provisioner: type: string required: - AllowVolumeExpansion - Name - Provisioner type: object portainer.LDAPGroupSearchSettings: properties: GroupAttribute: description: LDAP attribute which denotes the group membership example: member type: string GroupBaseDN: description: The distinguished name of the element from which the LDAP server will search for groups example: dc=ldap,dc=domain,dc=tld type: string GroupFilter: description: The LDAP search filter used to select group elements, optional example: (objectClass=account type: string type: object portainer.LDAPSearchSettings: properties: BaseDN: description: The distinguished name of the element from which the LDAP server will search for users example: dc=ldap,dc=domain,dc=tld type: string Filter: description: Optional LDAP search filter used to select user elements example: (objectClass=account) type: string UserNameAttribute: description: LDAP attribute which denotes the username example: uid type: string type: object portainer.LDAPSettings: properties: AnonymousMode: description: Enable this option if the server is configured for Anonymous access. When enabled, ReaderDN and Password will not be used example: true type: boolean AutoCreateUsers: description: Automatically provision users and assign them to matching LDAP group names example: true type: boolean GroupSearchSettings: items: $ref: "#/components/schemas/portainer.LDAPGroupSearchSettings" type: array Password: description: Password of the account that will be used to search users example: readonly-password type: string ReaderDN: description: Account that will be used to search for users example: cn=readonly-account,dc=ldap,dc=domain,dc=tld type: string SearchSettings: items: $ref: "#/components/schemas/portainer.LDAPSearchSettings" type: array StartTLS: description: Whether LDAP connection should use StartTLS example: true type: boolean TLSConfig: $ref: "#/components/schemas/portainer.TLSConfiguration" URL: description: URL or IP address of the LDAP server example: myldap.domain.tld:389 type: string type: object portainer.MembershipRole: enum: - 0 - 1 - 2 type: integer x-enum-varnames: - _ - TeamLeader - TeamMember portainer.OAuthSettings: properties: AccessTokenURI: type: string AuthStyle: $ref: "#/components/schemas/oauth2.AuthStyle" AuthorizationURI: type: string ClientID: type: string ClientSecret: type: string DefaultTeamID: type: integer KubeSecretKey: items: type: integer type: array LogoutURI: type: string OAuthAutoCreateUsers: type: boolean RedirectURI: type: string ResourceURI: type: string SSO: type: boolean Scopes: type: string UserIdentifier: type: string type: object portainer.Pair: properties: name: example: name type: string value: example: value type: string required: - name - value type: object portainer.PerformanceMetrics: properties: CPUUsage: type: number DiskUsage: type: number MemoryUsage: type: number NetworkUsage: type: number type: object portainer.QuayRegistryData: properties: OrganisationName: type: string UseOrganisation: type: boolean type: object portainer.Registry: properties: AccessToken: description: Stores temporary access token type: string AccessTokenExpiry: type: integer Authentication: description: Is authentication against this registry enabled example: true type: boolean AuthorizedTeams: description: Deprecated in DBVersion == 18 items: type: integer type: array AuthorizedUsers: description: Deprecated in DBVersion == 18 items: type: integer type: array BaseURL: description: Base URL, introduced for ProGet registry example: registry.mydomain.tld:2375 type: string Ecr: $ref: "#/components/schemas/portainer.EcrData" Github: $ref: "#/components/schemas/portainer.GithubRegistryData" Gitlab: $ref: "#/components/schemas/portainer.GitlabRegistryData" Id: description: Registry Identifier example: 1 type: integer ManagementConfiguration: $ref: "#/components/schemas/portainer.RegistryManagementConfiguration" Name: description: Registry Name example: my-registry type: string Password: description: Password or SecretAccessKey used to authenticate against this registry example: registry_password type: string Quay: $ref: "#/components/schemas/portainer.QuayRegistryData" RegistryAccesses: $ref: "#/components/schemas/portainer.RegistryAccesses" TeamAccessPolicies: allOf: - $ref: "#/components/schemas/portainer.TeamAccessPolicies" description: Deprecated in DBVersion == 31 Type: allOf: - $ref: "#/components/schemas/portainer.RegistryType" description: Registry Type (1 - Quay, 2 - Azure, 3 - Custom, 4 - Gitlab, 5 - ProGet, 6 - DockerHub, 7 - ECR) enum: - 1 - 2 - 3 - 4 - 5 - 6 - 7 URL: description: URL or IP address of the Docker registry example: registry.mydomain.tld:2375 type: string UserAccessPolicies: allOf: - $ref: "#/components/schemas/portainer.UserAccessPolicies" description: |- Deprecated fields Deprecated in DBVersion == 31 Username: description: Username or AccessKeyID used to authenticate against this registry example: registry user type: string type: object portainer.RegistryAccessPolicies: properties: Namespaces: description: Kubernetes specific fields (with kubernetes, namespaces have access to a registry, if users/teams have access to the same namespace, they have access to the registry) items: type: string type: array TeamAccessPolicies: $ref: "#/components/schemas/portainer.TeamAccessPolicies" UserAccessPolicies: allOf: - $ref: "#/components/schemas/portainer.UserAccessPolicies" description: Docker specific fields (with docker, users/teams have access to a registry) type: object portainer.RegistryAccesses: additionalProperties: $ref: "#/components/schemas/portainer.RegistryAccessPolicies" type: object portainer.RegistryManagementConfiguration: properties: AccessToken: type: string AccessTokenExpiry: type: integer Authentication: type: boolean Ecr: $ref: "#/components/schemas/portainer.EcrData" Password: type: string TLSConfig: $ref: "#/components/schemas/portainer.TLSConfiguration" Type: $ref: "#/components/schemas/portainer.RegistryType" Username: type: string type: object portainer.RegistryType: enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 type: integer x-enum-varnames: - _ - QuayRegistry - AzureRegistry - CustomRegistry - GitlabRegistry - ProGetRegistry - DockerHubRegistry - EcrRegistry - GithubRegistry portainer.ResourceAccessLevel: enum: - 0 - 1 type: integer x-enum-varnames: - _ - ReadWriteAccessLevel portainer.ResourceControl: properties: AccessLevel: $ref: "#/components/schemas/portainer.ResourceAccessLevel" AdministratorsOnly: description: Permit access to resource only to admins example: true type: boolean Id: description: ResourceControl Identifier example: 1 type: integer OwnerId: description: |- Deprecated fields Deprecated in DBVersion == 2 type: integer Public: description: Permit access to the associated resource to any user example: true type: boolean ResourceId: description: >- Docker resource identifier on which access control will be applied.\ In the case of a resource control applied to a stack, use the stack name as identifier example: 617c5f22bb9b023d6daab7cba43a57576f83492867bc767d1c59416b065e5f08 type: string SubResourceIds: description: List of Docker resources that will inherit this access control example: - 617c5f22bb9b023d6daab7cba43a57576f83492867bc767d1c59416b065e5f08 items: type: string type: array System: type: boolean TeamAccesses: items: $ref: "#/components/schemas/portainer.TeamResourceAccess" type: array Type: allOf: - $ref: "#/components/schemas/portainer.ResourceControlType" description: |- Type of Docker resource. Valid values are: 1- container, 2 -service 3 - volume, 4 - secret, 5 - stack, 6 - config or 7 - custom template example: 1 UserAccesses: items: $ref: "#/components/schemas/portainer.UserResourceAccess" type: array type: object portainer.ResourceControlType: enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 type: integer x-enum-varnames: - _ - ContainerResourceControl - ServiceResourceControl - VolumeResourceControl - NetworkResourceControl - SecretResourceControl - StackResourceControl - ConfigResourceControl - CustomTemplateResourceControl - ContainerGroupResourceControl portainer.Role: properties: Authorizations: allOf: - $ref: "#/components/schemas/portainer.Authorizations" description: Authorizations associated to a role Description: description: Role description example: Read-only access of all resources in an environment(endpoint) type: string Id: description: Role Identifier example: 1 type: integer Name: description: Role name example: HelpDesk type: string Priority: type: integer type: object portainer.SSLSettings: properties: certPath: type: string httpEnabled: type: boolean keyPath: type: string selfSigned: type: boolean type: object portainer.Settings: properties: AgentSecret: description: Container environment parameter AGENT_SECRET type: string AllowBindMountsForRegularUsers: type: boolean AllowContainerCapabilitiesForRegularUsers: type: boolean AllowDeviceMappingForRegularUsers: type: boolean AllowHostNamespaceForRegularUsers: type: boolean AllowPrivilegedModeForRegularUsers: type: boolean AllowStackManagementForRegularUsers: type: boolean AllowVolumeBrowserForRegularUsers: type: boolean AuthenticationMethod: allOf: - $ref: "#/components/schemas/portainer.AuthenticationMethod" description: "Active authentication method for the Portainer instance. Valid values are: 1 for internal, 2 for LDAP, or 3 for oauth" example: 1 BlackListedLabels: description: A list of label name & value that will be used to hide containers when querying containers items: $ref: "#/components/schemas/portainer.Pair" type: array DisplayDonationHeader: description: Deprecated fields type: boolean DisplayExternalContributors: type: boolean Edge: $ref: "#/components/schemas/portainer.Edge" EdgeAgentCheckinInterval: description: The default check in interval for edge agent (in seconds) example: 5 type: integer EdgePortainerUrl: description: EdgePortainerURL is the URL that is exposed to edge agents type: string EnableEdgeComputeFeatures: description: Whether edge compute features are enabled type: boolean EnableHostManagementFeatures: description: Deprecated fields v26 type: boolean EnforceEdgeID: description: EnforceEdgeID makes Portainer store the Edge ID instead of accepting anyone example: false type: boolean FeatureFlagSettings: additionalProperties: type: boolean type: object ForceSecureCookies: description: >- ForceSecureCookies forces the Secure attribute on auth cookies regardless of detected scheme. Enable when Portainer runs behind a TLS-terminating proxy. example: false type: boolean GlobalDeploymentOptions: allOf: - $ref: "#/components/schemas/portainer.GlobalDeploymentOptions" description: Deployment options for encouraging git ops workflows HelmRepositoryURL: description: Helm repository URL, defaults to "https://charts.bitnami.com/bitnami" example: https://charts.bitnami.com/bitnami type: string InternalAuthSettings: $ref: "#/components/schemas/portainer.InternalAuthSettings" IsDockerDesktopExtension: type: boolean KubeconfigExpiry: description: The expiry of a Kubeconfig example: 24h type: string KubectlShellImage: description: KubectlImage, defaults to portainer/kubectl-shell example: portainer/kubectl-shell type: string LDAPSettings: $ref: "#/components/schemas/portainer.LDAPSettings" LogoURL: description: URL to a logo that will be displayed on the login page as well as on top of the sidebar. Will use default Portainer logo when value is empty string example: https://mycompany.mydomain.tld/logo.png type: string OAuthSettings: $ref: "#/components/schemas/portainer.OAuthSettings" SnapshotInterval: description: The interval in which environment(endpoint) snapshots are created example: 5m type: string TemplatesURL: description: URL to the templates that will be displayed in the UI when navigating to App Templates example: https://raw.githubusercontent.com/portainer/templates/master/templates.json type: string TrustOnFirstConnect: description: TrustOnFirstConnect makes Portainer accepting edge agent connection by default example: false type: boolean UserSessionTimeout: description: The duration of a user session example: 5m type: string type: object portainer.Source: properties: administratorsOnly: type: boolean git: $ref: "#/components/schemas/gittypes.GitSource" helm: $ref: "#/components/schemas/portainer.HelmConfig" id: example: 1 type: integer lastSync: example: 1587399600 type: integer name: example: my-source type: string ownerID: type: integer public: type: boolean registry: $ref: "#/components/schemas/portainer.Registry" status: $ref: "#/components/schemas/portainer.SourceStatus" statusError: type: string teamAccesses: items: type: integer type: array type: allOf: - $ref: "#/components/schemas/portainer.SourceType" example: 1 userAccesses: items: type: integer type: array type: object portainer.SourceStatus: enum: - 0 - 1 - 2 type: integer x-enum-varnames: - SourceStatusUnknown - SourceStatusHealthy - SourceStatusError portainer.SourceType: enum: - 0 - 1 - 2 - 3 type: integer x-enum-varnames: - _ - SourceTypeGit - SourceTypeRegistry - SourceTypeHelm portainer.Stack: properties: AdditionalFiles: description: Only applies when deploying stack with multiple files items: type: string type: array AutoUpdate: allOf: - $ref: "#/components/schemas/portainer.AutoUpdateSettings" description: The GitOps update settings of a git stack CreatedBy: description: The username which created this stack example: admin type: string CreationDate: description: The date in unix time when stack was created example: 1587399600 type: integer CurrentDeploymentInfo: allOf: - $ref: "#/components/schemas/portainer.StackDeploymentInfo" description: CurrentDeploymentInfo records the git repository state at the time of the last actual deployment. DeploymentStartStatus: allOf: - $ref: "#/components/schemas/portainer.StackStatus" description: >- DeploymentStartStatus is the stack status captured when the current deployment starts. It is used by deployment logic during the current deployment attempt and is cleared/replaced when a new deployment begins. example: 1 DeploymentStatus: description: >- DeploymentStatus records the status progression of the current deployment. Cleared when a new deployment starts. items: $ref: "#/components/schemas/portainer.StackDeploymentStatus" type: array EndpointId: description: Environment(Endpoint) identifier. Reference the environment(endpoint) that will be used for deployment example: 1 type: integer EntryPoint: description: >- EntryPoint is the path to the config file relative to the project root. NOTE: For git stacks this mirrors GitConfig.ConfigFilePath and the two are kept in sync by stackUpdateGit. The deploy command builder (compose_unpacker_cmd_builder) uses this field directly; Kubernetes deploy and git clone operations use GitConfig.ConfigFilePath. example: docker-compose.yml type: string Env: description: A list of environment(endpoint) variables used during stack deployment items: $ref: "#/components/schemas/portainer.Pair" type: array FromAppTemplate: description: Whether the stack is from a app template example: false type: boolean GitConfig: allOf: - $ref: "#/components/schemas/gittypes.RepoConfig" description: >- GitConfig is the git repository configuration for git-backed stacks. Deprecated: loaded from Source via WorkflowID; kept for DB backwards-compatibility only. Non-migration code must not read or write this field; use Source records instead. Id: description: Stack Identifier example: 1 type: integer Name: description: Stack name example: myStack type: string Namespace: description: Kubernetes namespace if stack is a kube application example: default type: string Option: allOf: - $ref: "#/components/schemas/portainer.StackOption" description: The stack deployment option ProjectPath: description: Path on disk to the repository hosting the Stack file example: /data/compose/myStack_jpofkc0i9uo9wtx1zesuk649w type: string ResourceControl: $ref: "#/components/schemas/portainer.ResourceControl" Status: allOf: - $ref: "#/components/schemas/portainer.StackStatus" description: Stack status (1 - active, 2 - inactive, 3 - deploying, 4 - error) example: 1 SwarmId: description: Cluster identifier of the Swarm cluster where the stack is deployed example: jpofkc0i9uo9wtx1zesuk649w type: string Type: allOf: - $ref: "#/components/schemas/portainer.StackType" description: Stack type. 1 for a Swarm stack, 2 for a Compose stack example: 2 UpdateDate: description: The date in unix time when stack was last updated example: 1587399600 type: integer UpdatedBy: description: The username which last updated this stack example: bob type: string WorkflowID: description: WorkflowID is the ID of the Workflow that owns the Source for this stack. type: integer type: object portainer.StackDeploymentInfo: properties: AdditionalFiles: description: AdditionalFiles are the additional files used for deploying the stack items: type: string type: array ConfigFilePath: description: ConfigFilePath is the path to the config file in the git repository used for deploying the stack type: string ConfigHash: description: ConfigHash is the commit hash of the git repository used for deploying the stack type: string FileVersion: description: FileVersion is the version of the stack file, used to detect changes type: integer ReferenceName: description: ReferenceName is the git reference (branch/tag) used for deploying the stack type: string RepositoryURL: description: RepositoryURL is the git repository URL used for deploying the stack type: string SourceID: description: SourceID is the Source used for deploying the stack type: integer Version: description: Version is the version of the stack and also is the deployed version in edge agent type: integer type: object portainer.StackDeploymentStatus: properties: Message: description: populated on Error entries type: string Status: $ref: "#/components/schemas/portainer.StackStatus" Time: type: integer type: object portainer.StackOption: properties: HelmAtomic: description: Enable atomic rollback on failure (Helm --atomic flag for Kubernetes Helm stacks) example: false type: boolean Prune: description: Prune services that are no longer referenced example: false type: boolean type: object portainer.StackStatus: enum: - 0 - 1 - 2 - 3 - 4 type: integer x-enum-comments: StackStatusActive: 1 - deployed and running StackStatusDeploying: 3 - deployment in progress StackStatusError: 4 - deployment failed StackStatusInactive: 2 - intentionally stopped x-enum-descriptions: - "" - 1 - deployed and running - 2 - intentionally stopped - 3 - deployment in progress - 4 - deployment failed x-enum-varnames: - _ - StackStatusActive - StackStatusInactive - StackStatusDeploying - StackStatusError portainer.StackType: enum: - 0 - 1 - 2 - 3 type: integer x-enum-varnames: - _ - DockerSwarmStack - DockerComposeStack - KubernetesStack portainer.TLSConfiguration: properties: TLS: description: Use TLS example: true type: boolean TLSCACert: description: Path to the TLS CA certificate file example: /data/tls/ca.pem type: string TLSCert: description: Path to the TLS client certificate file example: /data/tls/cert.pem type: string TLSKey: description: Path to the TLS client key file example: /data/tls/key.pem type: string TLSSkipVerify: description: Skip the verification of the server TLS certificate example: false type: boolean required: - TLS - TLSSkipVerify type: object portainer.Tag: properties: EndpointGroups: additionalProperties: type: boolean description: A set of environment(endpoint) group ids that have this tag type: object Endpoints: additionalProperties: type: boolean description: A set of environment(endpoint) ids that have this tag type: object ID: description: Tag identifier example: 1 type: integer Name: description: Tag name example: org/acme type: string type: object portainer.Team: properties: Id: description: Team Identifier example: 1 type: integer Name: description: Team name example: developers type: string type: object portainer.TeamAccessPolicies: additionalProperties: $ref: "#/components/schemas/portainer.AccessPolicy" type: object portainer.TeamMembership: properties: Id: description: Membership Identifier example: 1 type: integer Role: allOf: - $ref: "#/components/schemas/portainer.MembershipRole" description: Team role (1 for team leader and 2 for team member) example: 1 TeamID: description: Team identifier example: 1 type: integer UserID: description: User identifier example: 1 type: integer type: object portainer.TeamResourceAccess: properties: AccessLevel: $ref: "#/components/schemas/portainer.ResourceAccessLevel" TeamId: type: integer type: object portainer.Template: properties: administrator_only: description: Whether the template should be available to administrators only example: true type: boolean categories: description: A list of categories associated to the template example: - database items: type: string type: array command: description: The command that will be executed in a container template example: ls -lah type: string description: description: Description of the template example: High performance web server type: string env: description: A list of environment(endpoint) variables used during the template deployment items: $ref: "#/components/schemas/portainer.TemplateEnv" type: array hostname: description: Container hostname example: mycontainer type: string id: description: |- Mandatory container/stack fields Template Identifier example: 1 type: integer image: description: >- Mandatory container fields Image associated to a container template. Mandatory for a container template example: nginx:latest type: string interactive: description: |- Whether the container should be started in interactive mode (-i -t equivalent on the CLI) example: true type: boolean labels: description: Container labels items: $ref: "#/components/schemas/portainer.Pair" type: array logo: description: URL of the template's logo example: https://portainer.io/img/logo.svg type: string name: description: |- Optional stack/container fields Default name for the stack/container to be used on deployment example: mystackname type: string network: description: Name of a network that will be used on container deployment if it exists inside the environment(endpoint) example: mynet type: string note: description: A note that will be displayed in the UI. Supports HTML content example: This is my custom template type: string platform: description: >- Platform associated to the template. Valid values are: 'linux', 'windows' or leave empty for multi-platform example: linux type: string ports: description: A list of ports exposed by the container example: - 8080:80/tcp items: type: string type: array privileged: description: Whether the container should be started in privileged mode example: true type: boolean registry: description: >- Optional container fields The URL of a registry associated to the image for a container template example: quay.io type: string repository: allOf: - $ref: "#/components/schemas/portainer.TemplateRepository" description: Mandatory stack fields restart_policy: description: Container restart policy example: on-failure type: string stackFile: description: |- Mandatory Edge stack fields Stack file used for this template type: string title: description: Title of the template example: Nginx type: string type: allOf: - $ref: "#/components/schemas/portainer.TemplateType" description: "Template type. Valid values are: 1 (container), 2 (Swarm stack), 3 (Compose stack), 4 (Compose edge stack)" example: 1 volumes: description: A list of volumes used during the container template deployment items: $ref: "#/components/schemas/portainer.TemplateVolume" type: array type: object portainer.TemplateEnv: properties: default: description: Default value that will be set for the variable example: default_value type: string description: description: Content of the tooltip that will be generated in the UI example: MySQL root account password type: string label: description: Text for the label that will be generated in the UI example: Root password type: string name: description: name of the environment(endpoint) variable example: MYSQL_ROOT_PASSWORD type: string preset: description: If set to true, will not generate any input for this variable in the UI example: false type: boolean select: description: A list of name/value that will be used to generate a dropdown in the UI items: $ref: "#/components/schemas/portainer.TemplateEnvSelect" type: array type: object portainer.TemplateEnvSelect: properties: default: description: Will set this choice as the default choice example: false type: boolean text: description: Some text that will displayed as a choice example: text value type: string value: description: A value that will be associated to the choice example: value type: string type: object portainer.TemplateRepository: properties: stackfile: description: Path to the stack file inside the git repository example: ./subfolder/docker-compose.yml type: string url: description: URL of a git repository used to deploy a stack template. Mandatory for a Swarm/Compose stack template example: https://github.com/portainer/portainer-compose type: string type: object portainer.TemplateType: enum: - 0 - 1 - 2 - 3 type: integer x-enum-varnames: - _ - ContainerTemplate - SwarmStackTemplate - ComposeStackTemplate portainer.TemplateVolume: properties: bind: description: Path on the host example: /tmp type: string container: description: Path inside the container example: /data type: string readonly: description: Whether the volume used should be readonly example: true type: boolean type: object portainer.User: properties: Id: description: User Identifier example: 1 type: integer Role: allOf: - $ref: "#/components/schemas/portainer.UserRole" description: User role (1 for administrator account and 2 for regular account) example: 1 ThemeSettings: $ref: "#/components/schemas/portainer.UserThemeSettings" TokenIssueAt: example: 1 type: integer UseCache: example: true type: boolean Username: example: bob type: string required: - Id - Role - Username type: object portainer.UserAccessPolicies: additionalProperties: $ref: "#/components/schemas/portainer.AccessPolicy" type: object portainer.UserResourceAccess: properties: AccessLevel: $ref: "#/components/schemas/portainer.ResourceAccessLevel" UserId: type: integer type: object portainer.UserRole: enum: - 0 - 1 - 2 type: integer x-enum-varnames: - _ - AdministratorRole - StandardUserRole portainer.UserThemeSettings: properties: color: description: Color represents the color theme of the UI enum: - dark - light - highcontrast - auto - "" example: dark type: string type: object portainer.Webhook: properties: EndpointId: type: integer Id: description: Webhook Identifier example: 1 type: integer RegistryId: type: integer ResourceId: type: string Token: type: string Type: allOf: - $ref: "#/components/schemas/portainer.WebhookType" description: Type of webhook (1 - service) type: object portainer.WebhookType: enum: - 0 - 1 type: integer x-enum-varnames: - _ - ServiceWebhook registries.registryConfigurePayload: properties: Authentication: description: Is authentication against this registry enabled example: false type: boolean Password: description: Password used to authenticate against this registry. required when Authentication is true example: registry_password type: string Region: description: ECR region type: string TLS: description: Use TLS example: true type: boolean TLSCACertFile: description: The TLS CA certificate file items: format: int32 type: integer type: array TLSCertFile: description: The TLS client certificate file items: format: int32 type: integer type: array TLSKeyFile: description: The TLS client key file items: format: int32 type: integer type: array TLSSkipVerify: description: Skip the verification of the server TLS certificate example: false type: boolean Username: description: Username used to authenticate against this registry. Required when Authentication is true example: registry_user type: string required: - Authentication type: object registries.registryCreatePayload: properties: Authentication: description: Is authentication against this registry enabled example: false type: boolean BaseURL: description: BaseURL required for ProGet registry example: registry.mydomain.tld:2375 type: string Ecr: allOf: - $ref: "#/components/schemas/portainer.EcrData" description: ECR specific details, required when type = 7 Gitlab: allOf: - $ref: "#/components/schemas/portainer.GitlabRegistryData" description: Gitlab specific details, required when type = 4 Name: description: Name that will be used to identify this registry example: my-registry type: string Password: description: Password used to authenticate against this registry. required when Authentication is true example: registry_password type: string Quay: allOf: - $ref: "#/components/schemas/portainer.QuayRegistryData" description: Quay specific details, required when type = 1 TLS: description: Use TLS example: true type: boolean Type: allOf: - $ref: "#/components/schemas/portainer.RegistryType" description: |- Registry Type. Valid values are: 1 (Quay.io), 2 (Azure container registry), 3 (custom registry), 4 (Gitlab registry), 5 (ProGet registry), 6 (DockerHub) 7 (ECR) enum: - 1 - 2 - 3 - 4 - 5 - 6 - 7 example: 1 URL: description: URL or IP address of the Docker registry example: registry.mydomain.tld:2375/feed type: string Username: description: Username used to authenticate against this registry. Required when Authentication is true example: registry_user type: string required: - Authentication - Name - Type - URL type: object registries.registryPingPayload: properties: Password: description: Password used to authenticate against this registry example: registry_password type: string TLS: description: Use TLS example: true type: boolean Type: allOf: - $ref: "#/components/schemas/portainer.RegistryType" description: |- Registry Type. Valid values are: 1 (Quay.io), 2 (Azure container registry), 3 (custom registry), 4 (Gitlab registry), 5 (ProGet registry), 6 (DockerHub) 7 (ECR) 8 (Github registry) enum: - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 example: 6 URL: description: URL or IP address of the Docker registry example: registry-1.docker.io type: string Username: description: Username used to authenticate against this registry example: registry_user type: string required: - Type - URL type: object registries.registryPingResponse: properties: message: description: Message provides details about the connection test result example: Registry connection successful type: string success: description: Success indicates if the registry connection was successful example: true type: boolean type: object registries.registryUpdatePayload: properties: Authentication: description: Is authentication against this registry enabled example: false type: boolean BaseURL: description: BaseURL is used for quay registry example: registry.mydomain.tld:2375 type: string Ecr: allOf: - $ref: "#/components/schemas/portainer.EcrData" description: ECR data Name: description: Name that will be used to identify this registry example: my-registry type: string Password: description: Password used to authenticate against this registry. required when Authentication is true example: registry_password type: string Quay: allOf: - $ref: "#/components/schemas/portainer.QuayRegistryData" description: Quay data RegistryAccesses: allOf: - $ref: "#/components/schemas/portainer.RegistryAccesses" description: Registry access control URL: description: URL or IP address of the Docker registry example: registry.mydomain.tld:2375 type: string Username: description: Username used to authenticate against this registry. Required when Authentication is true example: registry_user type: string required: - Authentication - Name - URL type: object release.Chart: properties: files: description: |- Files are miscellaneous files in a chart archive, e.g. README, LICENSE, etc. items: $ref: "#/components/schemas/release.File" type: array lock: allOf: - $ref: "#/components/schemas/release.Lock" description: Lock is the contents of Chart.lock. metadata: allOf: - $ref: "#/components/schemas/release.Metadata" description: Metadata is the contents of the Chartfile. schema: description: Schema is an optional JSON schema for imposing structure on Values items: type: integer type: array templates: description: Templates for this chart. items: $ref: "#/components/schemas/release.File" type: array values: additionalProperties: {} description: Values are default config for this chart. type: object type: object release.ChartReference: properties: chartPath: type: string registryID: type: integer repoURL: type: string type: object release.Dependency: properties: alias: description: Alias usable alias to be used for the chart type: string condition: description: A yaml path that resolves to a boolean, used for enabling/disabling charts (e.g. subchart1.enabled ) type: string enabled: description: Enabled bool determines if chart should be loaded type: boolean import-values: description: >- ImportValues holds the mapping of source values to parent key to be imported. Each item can be a string or pair of child/parent sublist items. items: {} type: array name: description: |- Name is the name of the dependency. This must mach the name in the dependency's Chart.yaml. type: string repository: description: >- The URL to the repository. Appending `index.yaml` to this string should result in a URL that can be used to fetch the repository index. type: string tags: description: Tags can be used to group charts for enabling/disabling together items: type: string type: array version: description: |- Version is the version (range) of this chart. A lock file will always produce a single version, while a dependency may contain a semantic version range. type: string type: object release.File: properties: data: description: Data is the template as byte data. items: type: integer type: array name: description: Name is the path-like name of the template. type: string type: object release.HookExecution: properties: completed_at: description: CompletedAt indicates the date/time this hook was completed. type: string phase: description: Phase indicates whether the hook completed successfully type: string started_at: description: StartedAt indicates the date/time this hook was started type: string type: object release.Info: properties: deleted: description: Deleted tracks when this object was deleted. type: string description: description: Description is human-friendly "log entry" about this release. type: string first_deployed: description: FirstDeployed is when the release was first deployed. type: string last_deployed: description: LastDeployed is when the release was last deployed. type: string notes: description: Contains the rendered templates/NOTES.txt if available type: string resources: description: Resources is the list of resources that are part of the release items: $ref: "#/components/schemas/unstructured.Unstructured" type: array status: description: Status is the current state of the release type: string type: object release.Lock: properties: dependencies: description: Dependencies is the list of dependencies that this lock file has locked. items: $ref: "#/components/schemas/release.Dependency" type: array digest: description: Digest is a hash of the dependencies in Chart.yaml. type: string generated: description: Generated is the date the lock file was last generated. type: string type: object release.Maintainer: properties: email: description: Email is an optional email address to contact the named maintainer type: string name: description: Name is a user name or organization name type: string url: description: URL is an optional URL to an address for the named maintainer type: string type: object release.Metadata: properties: annotations: additionalProperties: type: string description: |- Annotations are additional mappings uninterpreted by Helm, made available for inspection by other applications. type: object apiVersion: description: The API Version of this chart. Required. type: string appVersion: description: The version of the application enclosed inside of this chart. type: string condition: description: The condition to check to enable chart type: string dependencies: description: Dependencies are a list of dependencies for a chart. items: $ref: "#/components/schemas/release.Dependency" type: array deprecated: description: Whether or not this chart is deprecated type: boolean description: description: A one-sentence description of the chart type: string home: description: The URL to a relevant project page, git repo, or contact person type: string icon: description: The URL to an icon file. type: string keywords: description: A list of string keywords items: type: string type: array kubeVersion: description: KubeVersion is a SemVer constraint specifying the version of Kubernetes required. type: string maintainers: description: A list of name and URL/email address combinations for the maintainer(s) items: $ref: "#/components/schemas/release.Maintainer" type: array name: description: The name of the chart. Required. type: string sources: description: Source is the URL to the source code of this chart items: type: string type: array tags: description: The tags to check to enable chart type: string type: description: "Specifies the chart type: application or library" type: string version: description: A SemVer 2 conformant version string of the chart. Required. type: string type: object release.Release: properties: appVersion: description: AppVersion is the app version of the release. type: string chart: allOf: - $ref: "#/components/schemas/release.Chart" description: Chart is the chart that was released. chartReference: allOf: - $ref: "#/components/schemas/release.ChartReference" description: ChartReference are the labels that are used to identify the chart source. config: additionalProperties: {} description: |- Config is the set of extra Values added to the chart. These values override the default values inside of the chart. type: object hooks: description: Hooks are all of the hooks declared for this release. items: $ref: "#/components/schemas/github_com_portainer_portainer_pkg_libhelm_release.\ Hook" type: array info: allOf: - $ref: "#/components/schemas/release.Info" description: Info provides information about a release manifest: description: Manifest is the string representation of the rendered template. type: string name: description: Name is the name of the release type: string namespace: description: Namespace is the kubernetes namespace of the release. type: string stackID: description: StackID is the ID of the Portainer stack associated with this release (if using GitOps) type: integer values: allOf: - $ref: "#/components/schemas/release.Values" description: Values are the values used to deploy the chart. version: description: Version is an int which represents the revision of the release. type: integer type: object release.ReleaseElement: properties: appVersion: type: string chart: type: string name: type: string namespace: type: string revision: type: string status: type: string updated: type: string type: object release.Values: properties: computedValues: type: string userSuppliedValues: type: string type: object resource.Quantity: properties: Format: enum: - DecimalExponent - BinarySI - DecimalSI type: string x-enum-comments: BinarySI: e.g., 12Mi (12 * 2^20) DecimalExponent: e.g., 12e6 DecimalSI: e.g., 12M (12 * 10^6) x-enum-descriptions: - e.g., 12e6 - e.g., 12Mi (12 * 2^20) - e.g., 12M (12 * 10^6) x-enum-varnames: - DecimalExponent - BinarySI - DecimalSI type: object resourcecontrols.resourceControlCreatePayload: properties: AdministratorsOnly: description: Permit access to resource only to admins example: true type: boolean Public: description: Permit access to the associated resource to any user example: true type: boolean ResourceID: example: 617c5f22bb9b023d6daab7cba43a57576f83492867bc767d1c59416b065e5f08 type: string SubResourceIDs: description: List of Docker resources that will inherit this access control example: - 617c5f22bb9b023d6daab7cba43a57576f83492867bc767d1c59416b065e5f08 items: type: string type: array Teams: description: List of team identifiers with access to the associated resource example: - 56 - 7 items: type: integer type: array Type: allOf: - $ref: "#/components/schemas/portainer.ResourceControlType" description: >- Type of Resource. Valid values are: 1 - container, 2 - service 3 - volume, 4 - network, 5 - secret, 6 - stack, 7 - config, 8 - custom template, 9 - azure-container-group enum: - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 example: 1 Users: description: List of user identifiers with access to the associated resource example: - 1 - 4 items: type: integer type: array required: - ResourceID - Type type: object resourcecontrols.resourceControlUpdatePayload: properties: AdministratorsOnly: description: Permit access to resource only to admins example: true type: boolean Public: description: Permit access to the associated resource to any user example: true type: boolean Teams: description: List of team identifiers with access to the associated resource example: - 7 items: type: integer type: array Users: description: List of user identifiers with access to the associated resource example: - 4 items: type: integer type: array type: object roar.Roar-portainer_EndpointID: type: object settings.publicSettingsResponse: properties: AuthenticationMethod: allOf: - $ref: "#/components/schemas/portainer.AuthenticationMethod" description: "Active authentication method for the Portainer instance. Valid values are: 1 for internal, 2 for LDAP, or 3 for oauth" example: 1 Edge: properties: CheckinInterval: description: The check in interval for edge agent (in seconds) - used in non async mode [seconds] example: 60 type: integer CommandInterval: description: The command list interval for edge agent - used in edge async mode [seconds] example: 60 type: integer PingInterval: description: The ping interval for edge agent - used in edge async mode [seconds] example: 60 type: integer SnapshotInterval: description: The snapshot interval for edge agent - used in edge async mode [seconds] example: 60 type: integer type: object EnableEdgeComputeFeatures: description: Whether edge compute features are enabled example: true type: boolean Features: additionalProperties: type: boolean description: Supported feature flags type: object GlobalDeploymentOptions: allOf: - $ref: "#/components/schemas/portainer.GlobalDeploymentOptions" description: Deployment options for encouraging deployment as code IsDockerDesktopExtension: example: false type: boolean KubeconfigExpiry: default: "0" description: The expiry of a Kubeconfig example: 24h type: string LogoURL: description: URL to a logo that will be displayed on the login page as well as on top of the sidebar. Will use default Portainer logo when value is empty string example: https://mycompany.mydomain.tld/logo.png type: string OAuthLoginURI: description: The URL used for oauth login example: https://gitlab.com/oauth type: string OAuthLogoutURI: description: The URL used for oauth logout example: https://gitlab.com/oauth/logout type: string RequiredPasswordLength: description: The minimum required length for a password of any user when using internal auth mode example: 1 type: integer RequiresSetupToken: description: Whether the setup wizard must send the X-Setup-Token header for admin init / restore example: false type: boolean TeamSync: description: Whether team sync is enabled example: true type: boolean type: object settings.settingsUpdatePayload: properties: AuthenticationMethod: description: "Active authentication method for the Portainer instance. Valid values are: 1 for internal, 2 for LDAP, or 3 for oauth" example: 1 type: integer BlackListedLabels: description: A list of label name & value that will be used to hide containers when querying containers items: $ref: "#/components/schemas/portainer.Pair" type: array EdgeAgentCheckinInterval: example: 5 type: integer EdgePortainerURL: description: EdgePortainerURL is the URL that is exposed to edge agents type: string EnableEdgeComputeFeatures: description: Whether edge compute features are enabled example: true type: boolean EnforceEdgeID: description: EnforceEdgeID makes Portainer store the Edge ID instead of accepting anyone example: false type: boolean ForceSecureCookies: description: ForceSecureCookies forces the Secure attribute on auth cookies regardless of the detected scheme example: false type: boolean GlobalDeploymentOptions: allOf: - $ref: "#/components/schemas/portainer.GlobalDeploymentOptions" description: Deployment options for encouraging deployment as code HelmRepositoryURL: description: Helm repository URL example: https://charts.bitnami.com/bitnami type: string InternalAuthSettings: $ref: "#/components/schemas/portainer.InternalAuthSettings" KubeconfigExpiry: default: "0" description: The expiry of a Kubeconfig example: 24h type: string KubectlShellImage: description: Kubectl Shell Image example: portainer/kubectl-shell:latest type: string LDAPSettings: $ref: "#/components/schemas/portainer.LDAPSettings" LogoURL: description: URL to a logo that will be displayed on the login page as well as on top of the sidebar. Will use default Portainer logo when value is empty string example: https://mycompany.mydomain.tld/logo.png type: string OAuthSettings: $ref: "#/components/schemas/portainer.OAuthSettings" SnapshotInterval: description: The interval in which environment(endpoint) snapshots are created example: 5m type: string TemplatesURL: description: URL to the templates that will be displayed in the UI when navigating to App Templates example: https://raw.githubusercontent.com/portainer/templates/master/templates.json type: string TrustOnFirstConnect: description: TrustOnFirstConnect makes Portainer accepting edge agent connection by default example: false type: boolean UserSessionTimeout: description: The duration of a user session example: 5m type: string type: object sources.AutoUpdateInfo: properties: fetchInterval: type: string mechanism: type: string type: object sources.ConnectionTestResult: properties: error: type: string success: type: boolean type: object sources.GitAuthenticationPayload: properties: password: type: string username: type: string type: object sources.GitAuthenticationUpdatePayload: properties: password: type: string username: type: string type: object sources.GitSourceCreatePayload: properties: administratorsOnly: example: true type: boolean authentication: $ref: "#/components/schemas/sources.GitAuthenticationPayload" name: type: string public: example: true type: boolean teamAccesses: items: type: integer type: array tlsSkipVerify: type: boolean url: type: string userAccesses: items: type: integer type: array required: - url type: object sources.GitSourceUpdatePayload: properties: authentication: $ref: "#/components/schemas/sources.GitAuthenticationUpdatePayload" name: type: string tlsSkipVerify: type: boolean url: type: string type: object sources.Source: properties: environments: type: integer error: type: string id: type: integer lastSync: type: integer name: type: string status: $ref: "#/components/schemas/workflows.Status" type: $ref: "#/components/schemas/sources.SourceType" url: type: string usedBy: type: integer required: - id - name - status - type - url type: object sources.SourceAccess: properties: public: type: boolean teams: items: type: integer type: array users: items: type: integer type: array type: object sources.SourceAccessUpdatePayload: properties: public: type: boolean teams: items: type: integer type: array users: items: type: integer type: array type: object sources.SourceDetail: properties: access: $ref: "#/components/schemas/sources.SourceAccess" autoUpdate: $ref: "#/components/schemas/sources.AutoUpdateInfo" connection: $ref: "#/components/schemas/sources.connectionInfo" environments: type: integer error: type: string id: type: integer lastSync: type: integer name: type: string status: $ref: "#/components/schemas/workflows.Status" type: $ref: "#/components/schemas/sources.SourceType" url: type: string usedBy: type: integer workflows: items: $ref: "#/components/schemas/workflows.Workflow" type: array required: - connection - id - name - status - type - url type: object sources.SourceType: enum: - git - helm - oci type: string x-enum-varnames: - SourceTypeGit - SourceTypeHelm - SourceTypeOCI sources.Status: enum: - unknown - healthy - error type: string x-enum-varnames: - SourceStatusUnknown - SourceStatusHealthy - SourceStatusError sources.connectionInfo: properties: authentication: $ref: "#/components/schemas/sources.gitAuthInfo" tlsSkipVerify: type: boolean type: object sources.gitAuthInfo: properties: username: type: string type: object ssl.sslUpdatePayload: properties: Cert: description: SSL Certificates type: string HTTPEnabled: type: boolean Key: type: string type: object stacks.composeStackFromFileContentPayload: properties: Env: description: A list of environment variables used during stack deployment items: $ref: "#/components/schemas/portainer.Pair" type: array FromAppTemplate: description: Whether the stack is from a app template example: false type: boolean Name: description: Name of the stack example: myStack type: string StackFileContent: description: Content of the Stack file example: |- version: 3 services: web: image:nginx type: string required: - Name - StackFileContent type: object stacks.composeStackFromGitRepositoryPayload: properties: AdditionalFiles: description: Applicable when deploying with multiple stack files example: - "[nz.compose.yml" - " uat.compose.yml]" items: type: string type: array AutoUpdate: allOf: - $ref: "#/components/schemas/portainer.AutoUpdateSettings" description: Optional GitOps update configuration ComposeFile: default: docker-compose.yml description: Path to the Stack file inside the Git repository example: docker-compose.yml type: string Env: description: A list of environment variables used during stack deployment items: $ref: "#/components/schemas/portainer.Pair" type: array FromAppTemplate: description: Whether the stack is from a app template example: false type: boolean Name: description: Name of the stack example: myStack type: string RepositoryAuthentication: description: "Deprecated: use SourceID instead. Use basic authentication to clone the Git repository." example: true type: boolean RepositoryPassword: description: "Deprecated: use SourceID instead. Password used in basic authentication." example: myGitPassword type: string RepositoryReferenceName: description: Reference name of a Git repository hosting the Stack file example: refs/heads/master type: string RepositoryURL: description: "Deprecated: use SourceID instead. URL of a Git repository hosting the Stack file." example: https://github.com/openfaas/faas type: string RepositoryUsername: description: "Deprecated: use SourceID instead. Username used in basic authentication." example: myGitUsername type: string SourceID: description: |- SourceID references an existing Source for git credentials/URL. When set, the inline URL and authentication fields are ignored. example: 1 type: integer TLSSkipVerify: description: "Deprecated: use SourceID instead. TLSSkipVerify skips SSL verification when cloning the Git repository." example: false type: boolean required: - Name type: object stacks.kubernetesGitDeploymentPayload: properties: AdditionalFiles: items: type: string type: array AutoUpdate: $ref: "#/components/schemas/portainer.AutoUpdateSettings" ComposeFormat: type: boolean ManifestFile: type: string Namespace: type: string RepositoryAuthentication: description: "Deprecated: use SourceID instead. Use basic authentication to clone the Git repository." type: boolean RepositoryPassword: description: "Deprecated: use SourceID instead. Password used in basic authentication." type: string RepositoryReferenceName: description: "Deprecated: use SourceID instead. Reference name of a Git repository hosting the Stack file." type: string RepositoryURL: description: "Deprecated: use SourceID instead. URL of a Git repository hosting the Stack file." type: string RepositoryUsername: description: "Deprecated: use SourceID instead. Username used in basic authentication." type: string SourceID: description: |- SourceID references an existing Source for git credentials/URL. When set, the inline URL and authentication fields are ignored. example: 1 type: integer StackName: type: string TLSSkipVerify: description: "Deprecated: use SourceID instead. TLSSkipVerify skips SSL verification when cloning the Git repository." example: false type: boolean type: object stacks.kubernetesManifestURLDeploymentPayload: properties: ComposeFormat: type: boolean ManifestURL: type: string Namespace: type: string StackName: type: string type: object stacks.kubernetesStringDeploymentPayload: properties: ComposeFormat: type: boolean FromAppTemplate: description: Whether the stack is from a app template example: false type: boolean Namespace: type: string StackFileContent: type: string StackName: type: string type: object stacks.stackFileResponse: properties: StackFileContent: description: Content of the Stack file example: |- version: 3 services: web: image:nginx type: string type: object stacks.stackGitRedeployPayload: properties: Env: items: $ref: "#/components/schemas/portainer.Pair" type: array Prune: type: boolean PullImage: description: >- Deprecated(2.36): use RepullImageAndRedeploy instead for cleaner responsibility Force a pulling to current image with the original tag though the image is already the latest example: false type: boolean RepositoryAuthentication: description: When true and RepositoryPassword is non-empty, stored credentials are replaced. type: boolean RepositoryPassword: description: Non-empty value (with RepositoryAuthentication=true) replaces stored credentials; leave blank to keep them. type: string RepositoryReferenceName: type: string RepositoryUsername: type: string RepullImageAndRedeploy: description: RepullImageAndRedeploy indicates whether to force repulling images and redeploying the stack type: boolean StackName: type: string type: object stacks.stackGitUpdatePayload: properties: AdditionalFiles: items: type: string type: array AutoUpdate: $ref: "#/components/schemas/portainer.AutoUpdateSettings" ConfigFilePath: type: string Env: items: $ref: "#/components/schemas/portainer.Pair" type: array Prune: type: boolean RepositoryAuthentication: description: "Deprecated: use SourceID instead. Use basic authentication to clone the Git repository." type: boolean RepositoryPassword: description: "Deprecated: use SourceID instead. Password used in basic authentication." type: string RepositoryReferenceName: type: string RepositoryURL: description: "Deprecated: use SourceID instead. URL of a Git repository hosting the Stack file." type: string RepositoryUsername: description: "Deprecated: use SourceID instead. Username used in basic authentication." type: string SourceID: description: |- SourceID references an existing Source for git credentials/URL. When set, the inline URL and authentication fields are ignored. type: integer TLSSkipVerify: description: "Deprecated: use SourceID instead. Skip TLS verification when cloning the Git repository." type: boolean type: object stacks.stackMigratePayload: properties: EndpointID: description: Environment(Endpoint) identifier of the target environment(endpoint) where the stack will be relocated example: 2 type: integer Name: description: If provided will rename the migrated stack example: new-stack type: string SwarmID: description: Swarm cluster identifier, must match the identifier of the cluster where the stack will be relocated example: jpofkc0i9uo9wtx1zesuk649w type: string required: - EndpointID type: object stacks.stackResponse: properties: AdditionalFiles: description: Only applies when deploying stack with multiple files items: type: string type: array AutoUpdate: allOf: - $ref: "#/components/schemas/portainer.AutoUpdateSettings" description: The GitOps update settings of a git stack CreatedBy: description: The username which created this stack example: admin type: string CreationDate: description: The date in unix time when stack was created example: 1587399600 type: integer CurrentDeploymentInfo: allOf: - $ref: "#/components/schemas/portainer.StackDeploymentInfo" description: CurrentDeploymentInfo records the git repository state at the time of the last actual deployment. DeploymentStartStatus: allOf: - $ref: "#/components/schemas/portainer.StackStatus" description: >- DeploymentStartStatus is the stack status captured when the current deployment starts. It is used by deployment logic during the current deployment attempt and is cleared/replaced when a new deployment begins. example: 1 DeploymentStatus: description: >- DeploymentStatus records the status progression of the current deployment. Cleared when a new deployment starts. items: $ref: "#/components/schemas/portainer.StackDeploymentStatus" type: array EndpointId: description: Environment(Endpoint) identifier. Reference the environment(endpoint) that will be used for deployment example: 1 type: integer EntryPoint: description: >- EntryPoint is the path to the config file relative to the project root. NOTE: For git stacks this mirrors GitConfig.ConfigFilePath and the two are kept in sync by stackUpdateGit. The deploy command builder (compose_unpacker_cmd_builder) uses this field directly; Kubernetes deploy and git clone operations use GitConfig.ConfigFilePath. example: docker-compose.yml type: string Env: description: A list of environment(endpoint) variables used during stack deployment items: $ref: "#/components/schemas/portainer.Pair" type: array FromAppTemplate: description: Whether the stack is from a app template example: false type: boolean GitConfig: allOf: - $ref: "#/components/schemas/gittypes.RepoConfig" description: >- GitConfig is the git repository configuration for git-backed stacks. Deprecated: loaded from Source via WorkflowID; kept for DB backwards-compatibility only. Non-migration code must not read or write this field; use Source records instead. GitSourceId: type: integer Id: description: Stack Identifier example: 1 type: integer Name: description: Stack name example: myStack type: string Namespace: description: Kubernetes namespace if stack is a kube application example: default type: string Option: allOf: - $ref: "#/components/schemas/portainer.StackOption" description: The stack deployment option ProjectPath: description: Path on disk to the repository hosting the Stack file example: /data/compose/myStack_jpofkc0i9uo9wtx1zesuk649w type: string ResourceControl: $ref: "#/components/schemas/portainer.ResourceControl" Status: allOf: - $ref: "#/components/schemas/portainer.StackStatus" description: Stack status (1 - active, 2 - inactive, 3 - deploying, 4 - error) example: 1 SwarmId: description: Cluster identifier of the Swarm cluster where the stack is deployed example: jpofkc0i9uo9wtx1zesuk649w type: string Type: allOf: - $ref: "#/components/schemas/portainer.StackType" description: Stack type. 1 for a Swarm stack, 2 for a Compose stack example: 2 UpdateDate: description: The date in unix time when stack was last updated example: 1587399600 type: integer UpdatedBy: description: The username which last updated this stack example: bob type: string WorkflowID: description: WorkflowID is the ID of the Workflow that owns the Source for this stack. type: integer type: object stacks.swarmStackFromFileContentPayload: properties: Env: description: A list of environment variables used during stack deployment items: $ref: "#/components/schemas/portainer.Pair" type: array FromAppTemplate: description: Whether the stack is from a app template example: false type: boolean Name: description: Name of the stack example: myStack type: string StackFileContent: description: Content of the Stack file example: |- version: 3 services: web: image:nginx type: string SwarmID: description: Swarm cluster identifier example: jpofkc0i9uo9wtx1zesuk649w type: string required: - Name - StackFileContent - SwarmID type: object stacks.swarmStackFromGitRepositoryPayload: properties: AdditionalFiles: description: Applicable when deploying with multiple stack files example: - "[nz.compose.yml" - " uat.compose.yml]" items: type: string type: array AutoUpdate: allOf: - $ref: "#/components/schemas/portainer.AutoUpdateSettings" description: Optional GitOps update configuration ComposeFile: default: docker-compose.yml description: Path to the Stack file inside the Git repository example: docker-compose.yml type: string Env: description: A list of environment variables used during stack deployment items: $ref: "#/components/schemas/portainer.Pair" type: array FromAppTemplate: description: Whether the stack is from a app template example: false type: boolean Name: description: Name of the stack example: myStack type: string RepositoryAuthentication: description: "Deprecated: use SourceID instead. Use basic authentication to clone the Git repository." example: true type: boolean RepositoryPassword: description: "Deprecated: use SourceID instead. Password used in basic authentication." example: myGitPassword type: string RepositoryReferenceName: description: Reference name of a Git repository hosting the Stack file example: refs/heads/master type: string RepositoryURL: description: "Deprecated: use SourceID instead. URL of a Git repository hosting the Stack file." example: https://github.com/openfaas/faas type: string RepositoryUsername: description: "Deprecated: use SourceID instead. Username used in basic authentication." example: myGitUsername type: string SourceID: description: |- SourceID references an existing Source for git credentials/URL. When set, the inline URL and authentication fields are ignored. example: 1 type: integer SwarmID: description: Swarm cluster identifier example: jpofkc0i9uo9wtx1zesuk649w type: string TLSSkipVerify: description: "Deprecated: use SourceID instead. TLSSkipVerify skips SSL verification when cloning the Git repository." example: false type: boolean required: - Name - SwarmID type: object stacks.updateSwarmStackPayload: properties: Env: description: A list of environment(endpoint) variables used during stack deployment items: $ref: "#/components/schemas/portainer.Pair" type: array Prune: description: Prune services that are no longer referenced example: true type: boolean PullImage: description: >- Deprecated(2.36): use RepullImageAndRedeploy instead for cleaner responsibility Force a pulling to current image with the original tag though the image is already the latest example: false type: boolean RepullImageAndRedeploy: description: RepullImageAndRedeploy indicates whether to force repulling images and redeploying the stack type: boolean StackFileContent: description: New content of the Stack file example: |- version: 3 services: web: image:nginx type: string type: object stats.ContainerStats: properties: healthy: type: integer running: type: integer stopped: type: integer total: type: integer unhealthy: type: integer type: object swarm.ServiceUpdateResponse: properties: Warnings: description: Optional warning messages items: type: string type: array type: object system.nodesCountResponse: properties: nodes: type: integer type: object system.status: properties: InstanceID: description: Server Instance ID example: 299ab403-70a8-4c05-92f7-bf7a994d50df type: string Version: description: Portainer API version example: 2.0.0 type: string type: object system.systemInfoResponse: properties: agents: type: integer edgeAgents: type: integer platform: $ref: "#/components/schemas/platform.ContainerPlatform" type: object system.versionResponse: properties: Build: $ref: "#/components/schemas/build.BuildInfo" DatabaseVersion: type: string Dependencies: $ref: "#/components/schemas/build.DependenciesInfo" LatestVersion: description: The latest version available example: 2.0.0 type: string Runtime: $ref: "#/components/schemas/build.RuntimeInfo" ServerEdition: example: CE/EE type: string ServerVersion: type: string UpdateAvailable: description: Whether portainer has an update available example: false type: boolean VersionSupport: example: STS/LTS type: string type: object tags.tagCreatePayload: properties: Name: example: org/acme type: string required: - Name type: object teammemberships.teamMembershipCreatePayload: properties: Role: description: Role for the user inside the team (1 for leader and 2 for regular member) enum: - 1 - 2 example: 1 type: integer TeamID: description: Team identifier example: 1 type: integer UserID: description: User identifier example: 1 type: integer required: - Role - TeamID - UserID type: object teammemberships.teamMembershipUpdatePayload: properties: Role: description: Role for the user inside the team (1 for leader and 2 for regular member) enum: - 1 - 2 example: 1 type: integer TeamID: description: Team identifier example: 1 type: integer UserID: description: User identifier example: 1 type: integer required: - Role - TeamID - UserID type: object teams.teamCreatePayload: properties: Name: description: Name example: developers type: string TeamLeaders: description: TeamLeaders example: - 3 - 5 items: type: integer type: array required: - Name type: object teams.teamUpdatePayload: properties: Name: description: Name example: developers type: string type: object templates.fileResponse: properties: FileContent: description: The requested file content example: version:2 type: string type: object templates.listResponse: properties: templates: items: $ref: "#/components/schemas/portainer.Template" type: array version: type: string type: object unstructured.Unstructured: properties: Object: additionalProperties: true description: >- Object is a JSON compatible map with string, float, int, bool, []interface{}, or map[string]interface{} children. type: object type: object users.AccessLocation: enum: - environment - environmentGroup type: string x-enum-varnames: - AccessLocationEnvironment - AccessLocationEnvironmentGroup users.EffectiveAccessEntry: properties: accessLocation: $ref: "#/components/schemas/users.AccessLocation" endpointId: type: integer endpointName: type: string groupId: type: integer groupName: type: string roleId: type: integer roleName: type: string rolePriority: type: integer teamId: type: integer teamName: type: string type: object users.accessTokenResponse: properties: apiKey: $ref: "#/components/schemas/portainer.APIKey" rawAPIKey: type: string type: object users.addHelmRepoUrlPayload: properties: url: type: string type: object users.adminInitPayload: properties: Password: description: Password for the admin user example: admin-password type: string Username: description: Username for the admin user example: admin type: string required: - Password - Username type: object users.helmUserRepositoryResponse: properties: GlobalRepository: type: string UserRepositories: items: $ref: "#/components/schemas/portainer.HelmUserRepository" type: array type: object users.themePayload: properties: color: description: Color represents the color theme of the UI enum: - dark - light - highcontrast - auto example: dark type: string type: object users.userAccessTokenCreatePayload: properties: description: example: github-api-key type: string password: example: password type: string required: - description - password type: object users.userCreatePayload: properties: Password: example: cg9Wgky3 type: string Role: description: User role (1 for administrator account and 2 for regular account) enum: - 1 - 2 example: 2 type: integer Username: example: bob type: string required: - Password - Role - Username type: object users.userUpdatePasswordPayload: properties: NewPassword: description: New Password example: new_passwd type: string Password: description: Current Password example: passwd type: string required: - NewPassword - Password type: object users.userUpdatePayload: properties: NewPassword: example: asfj2emv type: string Password: example: cg9Wgky3 type: string Role: description: User role (1 for administrator account and 2 for regular account) enum: - 1 - 2 example: 2 type: integer Theme: $ref: "#/components/schemas/users.themePayload" UseCache: example: true type: boolean Username: example: bob type: string required: - NewPassword - Password - Role - UseCache - Username type: object v1.AppArmorProfile: properties: localhostProfile: description: >- localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". +optional type: string type: allOf: - $ref: "#/components/schemas/v1.AppArmorProfileType" description: |- type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. +unionDiscriminator type: object v1.AppArmorProfileType: enum: - Unconfined - RuntimeDefault - Localhost type: string x-enum-varnames: - AppArmorProfileTypeUnconfined - AppArmorProfileTypeRuntimeDefault - AppArmorProfileTypeLocalhost v1.AttachedVolume: properties: devicePath: description: DevicePath represents the device path where the volume should be available type: string name: description: Name of the attached volume type: string type: object v1.CSIPersistentVolumeSource: properties: controllerExpandSecretRef: allOf: - $ref: "#/components/schemas/v1.SecretReference" description: >- controllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed. +optional controllerPublishSecretRef: allOf: - $ref: "#/components/schemas/v1.SecretReference" description: >- controllerPublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerPublishVolume and ControllerUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed. +optional driver: description: |- driver is the name of the driver to use for this volume. Required. type: string fsType: description: >- fsType to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". +optional type: string nodeExpandSecretRef: allOf: - $ref: "#/components/schemas/v1.SecretReference" description: >- nodeExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeExpandVolume call. This field is optional, may be omitted if no secret is required. If the secret object contains more than one secret, all secrets are passed. +optional nodePublishSecretRef: allOf: - $ref: "#/components/schemas/v1.SecretReference" description: >- nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed. +optional nodeStageSecretRef: allOf: - $ref: "#/components/schemas/v1.SecretReference" description: >- nodeStageSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeStageVolume and NodeStageVolume and NodeUnstageVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed. +optional readOnly: description: |- readOnly value to pass to ControllerPublishVolumeRequest. Defaults to false (read/write). +optional type: boolean volumeAttributes: additionalProperties: type: string description: |- volumeAttributes of the volume to publish. +optional type: object volumeHandle: description: >- volumeHandle is the unique volume name returned by the CSI volume plugin’s CreateVolume to refer to the volume on all subsequent calls. Required. type: string type: object v1.Capabilities: properties: add: description: |- Added capabilities +optional +listType=atomic items: type: string type: array drop: description: |- Removed capabilities +optional +listType=atomic items: type: string type: array type: object v1.ConfigMapEnvSource: properties: name: description: >- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +optional +default="" +kubebuilder:default="" TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: |- Specify whether the ConfigMap must be defined +optional type: boolean type: object v1.ConfigMapKeySelector: properties: key: description: The key to select. type: string name: description: >- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +optional +default="" +kubebuilder:default="" TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: |- Specify whether the ConfigMap or its key must be defined +optional type: boolean type: object v1.ConfigMapNodeConfigSource: properties: kubeletConfigKey: description: >- KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases. type: string name: description: |- Name is the metadata.name of the referenced ConfigMap. This field is required in all cases. type: string namespace: description: |- Namespace is the metadata.namespace of the referenced ConfigMap. This field is required in all cases. type: string resourceVersion: description: >- ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status. +optional type: string uid: description: |- UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status. +optional type: string type: object v1.Container: properties: args: description: >- Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell +optional +listType=atomic items: type: string type: array command: description: >- Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell +optional +listType=atomic items: type: string type: array env: description: |- List of environment variables to set in the container. Cannot be updated. +optional +patchMergeKey=name +patchStrategy=merge +listType=map +listMapKey=name items: $ref: "#/components/schemas/v1.EnvVar" type: array envFrom: description: >- List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +optional +listType=atomic items: $ref: "#/components/schemas/v1.EnvFromSource" type: array image: description: >- Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. +optional type: string imagePullPolicy: allOf: - $ref: "#/components/schemas/v1.PullPolicy" description: >- Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images +optional lifecycle: allOf: - $ref: "#/components/schemas/v1.Lifecycle" description: >- Actions that the management system should take in response to container lifecycle events. Cannot be updated. +optional livenessProbe: allOf: - $ref: "#/components/schemas/v1.Probe" description: >- Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +optional name: description: |- Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. type: string ports: description: >- List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. +optional +patchMergeKey=containerPort +patchStrategy=merge +listType=map +listMapKey=containerPort +listMapKey=protocol items: $ref: "#/components/schemas/v1.ContainerPort" type: array readinessProbe: allOf: - $ref: "#/components/schemas/v1.Probe" description: >- Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +optional resizePolicy: description: |- Resources resize policy for the container. This field cannot be set on ephemeral containers. +featureGate=InPlacePodVerticalScaling +optional +listType=atomic items: $ref: "#/components/schemas/v1.ContainerResizePolicy" type: array resources: allOf: - $ref: "#/components/schemas/v1.ResourceRequirements" description: >- Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +optional restartPolicy: allOf: - $ref: "#/components/schemas/v1.ContainerRestartPolicy" description: >- RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +optional restartPolicyRules: description: >- Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy. +featureGate=ContainerRestartRules +optional +listType=atomic items: $ref: "#/components/schemas/v1.ContainerRestartRule" type: array securityContext: allOf: - $ref: "#/components/schemas/v1.SecurityContext" description: >- SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +optional startupProbe: allOf: - $ref: "#/components/schemas/v1.Probe" description: >- StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +optional stdin: description: >- Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. +optional type: boolean stdinOnce: description: >- Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false +optional type: boolean terminationMessagePath: description: >- Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. +optional type: string terminationMessagePolicy: allOf: - $ref: "#/components/schemas/v1.TerminationMessagePolicy" description: >- Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. +optional tty: description: >- Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. +optional type: boolean volumeDevices: description: >- volumeDevices is the list of block devices to be used by the container. +patchMergeKey=devicePath +patchStrategy=merge +listType=map +listMapKey=devicePath +optional items: $ref: "#/components/schemas/v1.VolumeDevice" type: array volumeMounts: description: |- Pod volumes to mount into the container's filesystem. Cannot be updated. +optional +patchMergeKey=mountPath +patchStrategy=merge +listType=map +listMapKey=mountPath items: $ref: "#/components/schemas/v1.VolumeMount" type: array workingDir: description: >- Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. +optional type: string type: object v1.ContainerImage: properties: names: description: >- Names by which this image is known. e.g. ["kubernetes.example/hyperkube:v1.0.7", "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"] +optional +listType=atomic items: type: string type: array sizeBytes: description: |- The size of the image in bytes. +optional type: integer type: object v1.ContainerPort: properties: containerPort: description: |- Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. type: integer hostIP: description: |- What host IP to bind the external port to. +optional type: string hostPort: description: |- Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. +optional type: integer name: description: >- If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. +optional type: string protocol: allOf: - $ref: "#/components/schemas/v1.Protocol" description: |- Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". +optional +default="TCP" type: object v1.ContainerResizePolicy: properties: resourceName: allOf: - $ref: "#/components/schemas/v1.ResourceName" description: |- Name of the resource to which this resource resize policy applies. Supported values: cpu, memory. restartPolicy: allOf: - $ref: "#/components/schemas/v1.ResourceResizeRestartPolicy" description: |- Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. type: object v1.ContainerRestartPolicy: enum: - Always - Never - OnFailure type: string x-enum-varnames: - ContainerRestartPolicyAlways - ContainerRestartPolicyNever - ContainerRestartPolicyOnFailure v1.ContainerRestartRule: properties: action: allOf: - $ref: "#/components/schemas/v1.ContainerRestartRuleAction" description: |- Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is "Restart" to restart the container. +required exitCodes: allOf: - $ref: "#/components/schemas/v1.ContainerRestartRuleOnExitCodes" description: |- Represents the exit codes to check on container exits. +optional +oneOf=when type: object v1.ContainerRestartRuleAction: enum: - Restart - RestartAllContainers type: string x-enum-varnames: - ContainerRestartRuleActionRestart - ContainerRestartRuleActionRestartAllContainers v1.ContainerRestartRuleOnExitCodes: properties: operator: allOf: - $ref: "#/components/schemas/v1.ContainerRestartRuleOnExitCodesOperator" description: >- Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the set of specified values. - NotIn: the requirement is satisfied if the container exit code is not in the set of specified values. +required values: description: |- Specifies the set of values to check for container exit codes. At most 255 elements are allowed. +optional +listType=set items: type: integer type: array type: object v1.ContainerRestartRuleOnExitCodesOperator: enum: - In - NotIn type: string x-enum-varnames: - ContainerRestartRuleOnExitCodesOpIn - ContainerRestartRuleOnExitCodesOpNotIn v1.DaemonEndpoint: properties: Port: description: Port number of the given endpoint. type: integer type: object v1.EnvFromSource: properties: configMapRef: allOf: - $ref: "#/components/schemas/v1.ConfigMapEnvSource" description: |- The ConfigMap to select from +optional prefix: description: |- Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='. +optional type: string secretRef: allOf: - $ref: "#/components/schemas/v1.SecretEnvSource" description: |- The Secret to select from +optional type: object v1.EnvVar: properties: name: description: |- Name of the environment variable. May consist of any printable ASCII characters except '='. type: string value: description: >- Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". +optional type: string valueFrom: allOf: - $ref: "#/components/schemas/v1.EnvVarSource" description: >- Source for the environment variable's value. Cannot be used if value is not empty. +optional type: object v1.EnvVarSource: properties: configMapKeyRef: allOf: - $ref: "#/components/schemas/v1.ConfigMapKeySelector" description: |- Selects a key of a ConfigMap. +optional fieldRef: allOf: - $ref: "#/components/schemas/v1.ObjectFieldSelector" description: >- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +optional fileKeyRef: allOf: - $ref: "#/components/schemas/v1.FileKeySelector" description: |- FileKeyRef selects a key of the env file. Requires the EnvFiles feature gate to be enabled. +featureGate=EnvFiles +optional resourceFieldRef: allOf: - $ref: "#/components/schemas/v1.ResourceFieldSelector" description: >- Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +optional secretKeyRef: allOf: - $ref: "#/components/schemas/v1.SecretKeySelector" description: |- Selects a key of a secret in the pod's namespace +optional type: object v1.ExecAction: properties: command: description: >- Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +optional +listType=atomic items: type: string type: array type: object v1.FieldsV1: type: object v1.FileKeySelector: properties: key: description: >- The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. +required type: string optional: description: >- Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers. If optional is set to false and the specified key does not exist, an error will be returned during Pod creation. +optional +default=false type: boolean path: description: >- The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'. +required type: string volumeName: description: |- The name of the volume mount containing the env file. +required type: string type: object v1.GRPCAction: properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. type: integer service: description: >- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. +optional +default="" type: string type: object v1.HTTPGetAction: properties: host: description: >- Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. +optional type: string httpHeaders: description: |- Custom headers to set in the request. HTTP allows repeated headers. +optional +listType=atomic items: $ref: "#/components/schemas/k8s_io_api_core_v1.HTTPHeader" type: array path: description: |- Path to access on the HTTP server. +optional type: string port: allOf: - $ref: "#/components/schemas/intstr.IntOrString" description: |- Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. scheme: allOf: - $ref: "#/components/schemas/v1.URIScheme" description: |- Scheme to use for connecting to the host. Defaults to HTTP. +optional type: object v1.Lifecycle: properties: postStart: allOf: - $ref: "#/components/schemas/v1.LifecycleHandler" description: >- PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +optional preStop: allOf: - $ref: "#/components/schemas/v1.LifecycleHandler" description: >- PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +optional stopSignal: allOf: - $ref: "#/components/schemas/v1.Signal" description: >- StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name +optional type: object v1.LifecycleHandler: properties: exec: allOf: - $ref: "#/components/schemas/v1.ExecAction" description: |- Exec specifies a command to execute in the container. +optional httpGet: allOf: - $ref: "#/components/schemas/v1.HTTPGetAction" description: |- HTTPGet specifies an HTTP GET request to perform. +optional sleep: allOf: - $ref: "#/components/schemas/v1.SleepAction" description: |- Sleep represents a duration that the container should sleep. +optional tcpSocket: allOf: - $ref: "#/components/schemas/v1.TCPSocketAction" description: >- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. +optional type: object v1.ListMeta: properties: continue: description: >- continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message. type: string remainingItemCount: description: >- remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is *estimating* the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact. +optional type: integer resourceVersion: description: >- String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency +optional type: string selfLink: description: >- Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. +optional type: string type: object v1.ManagedFieldsEntry: properties: apiVersion: description: |- APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. type: string fieldsType: description: >- FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1" type: string fieldsV1: allOf: - $ref: "#/components/schemas/v1.FieldsV1" description: >- FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. +optional manager: description: Manager is an identifier of the workflow managing these fields. type: string operation: allOf: - $ref: "#/components/schemas/v1.ManagedFieldsOperationType" description: >- Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. subresource: description: >- Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. type: string time: description: |- Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. +optional type: string type: object v1.ManagedFieldsOperationType: enum: - Apply - Update type: string x-enum-varnames: - ManagedFieldsOperationApply - ManagedFieldsOperationUpdate v1.MountPropagationMode: enum: - None - HostToContainer - Bidirectional type: string x-enum-varnames: - MountPropagationNone - MountPropagationHostToContainer - MountPropagationBidirectional v1.NamespaceCondition: properties: lastTransitionTime: description: |- Last time the condition transitioned from one status to another. +optional type: string message: description: |- Human-readable message indicating details about last transition. +optional type: string reason: description: >- Unique, one-word, CamelCase reason for the condition's last transition. +optional type: string status: allOf: - $ref: "#/components/schemas/k8s_io_api_core_v1.ConditionStatus" description: Status of the condition, one of True, False, Unknown. type: allOf: - $ref: "#/components/schemas/v1.NamespaceConditionType" description: Type of namespace controller condition. type: object v1.NamespaceConditionType: enum: - NamespaceDeletionDiscoveryFailure - NamespaceDeletionContentFailure - NamespaceDeletionGroupVersionParsingFailure - NamespaceContentRemaining - NamespaceFinalizersRemaining type: string x-enum-varnames: - NamespaceDeletionDiscoveryFailure - NamespaceDeletionContentFailure - NamespaceDeletionGVParsingFailure - NamespaceContentRemaining - NamespaceFinalizersRemaining v1.NamespacePhase: enum: - Active - Terminating type: string x-enum-varnames: - NamespaceActive - NamespaceTerminating v1.NamespaceStatus: properties: conditions: description: >- Represents the latest available observations of a namespace's current state. +optional +patchMergeKey=type +patchStrategy=merge +listType=map +listMapKey=type items: $ref: "#/components/schemas/v1.NamespaceCondition" type: array phase: allOf: - $ref: "#/components/schemas/v1.NamespacePhase" description: >- Phase is the current lifecycle phase of the namespace. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ +optional type: object v1.NodeAddress: properties: address: description: The node address. type: string type: allOf: - $ref: "#/components/schemas/v1.NodeAddressType" description: Node address type, one of Hostname, ExternalIP or InternalIP. type: object v1.NodeAddressType: enum: - Hostname - InternalIP - ExternalIP - InternalDNS - ExternalDNS type: string x-enum-varnames: - NodeHostName - NodeInternalIP - NodeExternalIP - NodeInternalDNS - NodeExternalDNS v1.NodeCondition: properties: lastHeartbeatTime: description: |- Last time we got an update on a given condition. +optional type: string lastTransitionTime: description: |- Last time the condition transit from one status to another. +optional type: string message: description: |- Human readable message indicating details about last transition. +optional type: string reason: description: |- (brief) reason for the condition's last transition. +optional type: string status: allOf: - $ref: "#/components/schemas/k8s_io_api_core_v1.ConditionStatus" description: Status of the condition, one of True, False, Unknown. type: allOf: - $ref: "#/components/schemas/v1.NodeConditionType" description: Type of node condition. type: object v1.NodeConditionType: enum: - Ready - MemoryPressure - DiskPressure - PIDPressure - NetworkUnavailable type: string x-enum-varnames: - NodeReady - NodeMemoryPressure - NodeDiskPressure - NodePIDPressure - NodeNetworkUnavailable v1.NodeConfigSource: properties: configMap: allOf: - $ref: "#/components/schemas/v1.ConfigMapNodeConfigSource" description: ConfigMap is a reference to a Node's ConfigMap type: object v1.NodeConfigStatus: properties: active: allOf: - $ref: "#/components/schemas/v1.NodeConfigSource" description: >- Active reports the checkpointed config the node is actively using. Active will represent either the current version of the Assigned config, or the current LastKnownGood config, depending on whether attempting to use the Assigned config results in an error. +optional assigned: allOf: - $ref: "#/components/schemas/v1.NodeConfigSource" description: >- Assigned reports the checkpointed config the node will try to use. When Node.Spec.ConfigSource is updated, the node checkpoints the associated config payload to local disk, along with a record indicating intended config. The node refers to this record to choose its config checkpoint, and reports this record in Assigned. Assigned only updates in the status after the record has been checkpointed to disk. When the Kubelet is restarted, it tries to make the Assigned config the Active config by loading and validating the checkpointed payload identified by Assigned. +optional error: description: >- Error describes any problems reconciling the Spec.ConfigSource to the Active config. Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting to load or validate the Assigned config, etc. Errors may occur at different points while syncing config. Earlier errors (e.g. download or checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error by fixing the config assigned in Spec.ConfigSource. You can find additional information for debugging by searching the error message in the Kubelet log. Error is a human-readable description of the error state; machines can check whether or not Error is empty, but should not rely on the stability of the Error text across Kubelet versions. +optional type: string lastKnownGood: allOf: - $ref: "#/components/schemas/v1.NodeConfigSource" description: >- LastKnownGood reports the checkpointed config the node will fall back to when it encounters an error attempting to use the Assigned config. The Assigned config becomes the LastKnownGood config when the node determines that the Assigned config is stable and correct. This is currently implemented as a 10-minute soak period starting when the local record of Assigned config is updated. If the Assigned config is Active at the end of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, because the local default config is always assumed good. You should not make assumptions about the node's method of determining config stability and correctness, as this may change or become configurable in the future. +optional type: object v1.NodeDaemonEndpoints: properties: kubeletEndpoint: allOf: - $ref: "#/components/schemas/v1.DaemonEndpoint" description: |- Endpoint on which Kubelet is listening. +optional type: object v1.NodeFeatures: properties: supplementalGroupsPolicy: description: >- SupplementalGroupsPolicy is set to true if the runtime supports SupplementalGroupsPolicy and ContainerUser. +optional type: boolean type: object v1.NodePhase: enum: - Pending - Running - Terminated type: string x-enum-varnames: - NodePending - NodeRunning - NodeTerminated v1.NodeRuntimeHandler: properties: features: allOf: - $ref: "#/components/schemas/v1.NodeRuntimeHandlerFeatures" description: |- Supported features. +optional name: description: |- Runtime handler name. Empty for the default runtime handler. +optional type: string type: object v1.NodeRuntimeHandlerFeatures: properties: recursiveReadOnlyMounts: description: >- RecursiveReadOnlyMounts is set to true if the runtime handler supports RecursiveReadOnlyMounts. +optional type: boolean userNamespaces: description: >- UserNamespaces is set to true if the runtime handler supports UserNamespaces, including for volumes. +featureGate=UserNamespacesSupport +optional type: boolean type: object v1.NodeSpec: properties: configSource: allOf: - $ref: "#/components/schemas/v1.NodeConfigSource" description: >- Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed. +optional externalID: description: >- Deprecated. Not all kubelets will set this field. Remove field after 1.13. see: https://issues.k8s.io/61966 +optional type: string podCIDR: description: |- PodCIDR represents the pod IP range assigned to the node. +optional type: string podCIDRs: description: >- podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for each of IPv4 and IPv6. +optional +patchStrategy=merge +listType=set items: type: string type: array providerID: description: >- ID of the node assigned by the cloud provider in the format: :// +optional type: string taints: description: |- If specified, the node's taints. +optional +listType=atomic items: $ref: "#/components/schemas/v1.Taint" type: array unschedulable: description: >- Unschedulable controls node schedulability of new pods. By default, node is schedulable. More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration +optional type: boolean type: object v1.NodeStatus: properties: addresses: description: >- List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/reference/node/node-status/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See https://pr.k8s.io/79391 for an example. Consumers should assume that addresses can change during the lifetime of a Node. However, there are some exceptions where this may not be possible, such as Pods that inherit a Node's address in its own status or consumers of the downward API (status.hostIP). +optional +patchMergeKey=type +patchStrategy=merge +listType=map +listMapKey=type items: $ref: "#/components/schemas/v1.NodeAddress" type: array allocatable: allOf: - $ref: "#/components/schemas/v1.ResourceList" description: >- Allocatable represents the resources of a node that are available for scheduling. Defaults to Capacity. +optional capacity: allOf: - $ref: "#/components/schemas/v1.ResourceList" description: >- Capacity represents the total resources of a node. More info: https://kubernetes.io/docs/reference/node/node-status/#capacity +optional conditions: description: >- Conditions is an array of current observed node conditions. More info: https://kubernetes.io/docs/reference/node/node-status/#condition +optional +patchMergeKey=type +patchStrategy=merge +listType=map +listMapKey=type items: $ref: "#/components/schemas/v1.NodeCondition" type: array config: allOf: - $ref: "#/components/schemas/v1.NodeConfigStatus" description: >- Status of the config assigned to the node via the dynamic Kubelet config feature. +optional daemonEndpoints: allOf: - $ref: "#/components/schemas/v1.NodeDaemonEndpoints" description: |- Endpoints of daemons running on the Node. +optional declaredFeatures: description: >- DeclaredFeatures represents the features related to feature gates that are declared by the node. +featureGate=NodeDeclaredFeatures +optional +listType=atomic items: type: string type: array features: allOf: - $ref: "#/components/schemas/v1.NodeFeatures" description: >- Features describes the set of features implemented by the CRI implementation. +featureGate=SupplementalGroupsPolicy +optional images: description: |- List of container images on this node +optional +listType=atomic items: $ref: "#/components/schemas/v1.ContainerImage" type: array nodeInfo: allOf: - $ref: "#/components/schemas/v1.NodeSystemInfo" description: >- Set of ids/uuids to uniquely identify the node. More info: https://kubernetes.io/docs/reference/node/node-status/#info +optional phase: allOf: - $ref: "#/components/schemas/v1.NodePhase" description: |- NodePhase is the recently observed lifecycle phase of the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#phase The field is never populated, and now is deprecated. +optional runtimeHandlers: description: |- The available runtime handlers. +featureGate=UserNamespacesSupport +optional +listType=atomic items: $ref: "#/components/schemas/v1.NodeRuntimeHandler" type: array volumesAttached: description: |- List of volumes that are attached to the node. +optional +listType=atomic items: $ref: "#/components/schemas/v1.AttachedVolume" type: array volumesInUse: description: |- List of attachable volumes in use (mounted) by the node. +optional +listType=atomic items: type: string type: array type: object v1.NodeSwapStatus: properties: capacity: description: |- Total amount of swap memory in bytes. +optional type: integer type: object v1.NodeSystemInfo: properties: architecture: description: The Architecture reported by the node type: string bootID: description: Boot ID reported by the node. type: string containerRuntimeVersion: description: ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2). type: string kernelVersion: description: Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64). type: string kubeProxyVersion: description: "Deprecated: KubeProxy Version reported by the node." type: string kubeletVersion: description: Kubelet Version reported by the node. type: string machineID: description: |- MachineID reported by the node. For unique machine identification in the cluster this field is preferred. Learn more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html type: string operatingSystem: description: The Operating System reported by the node type: string osImage: description: OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)). type: string swap: allOf: - $ref: "#/components/schemas/v1.NodeSwapStatus" description: Swap Info reported by the node. systemUUID: description: >- SystemUUID reported by the node. For unique machine identification MachineID is preferred. This field is specific to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid type: string type: object v1.ObjectFieldSelector: properties: apiVersion: description: >- Version of the schema the FieldPath is written in terms of, defaults to "v1". +optional type: string fieldPath: description: Path of the field to select in the specified API version. type: string type: object v1.ObjectMeta: properties: annotations: additionalProperties: type: string description: >- Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations +optional type: object creationTimestamp: description: >- CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +optional type: string deletionGracePeriodSeconds: description: >- Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. +optional type: integer deletionTimestamp: description: >- DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +optional type: string finalizers: description: >- Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. +optional +patchStrategy=merge +listType=set items: type: string type: array generateName: description: >- GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. If this field is specified and the generated name exists, the server will return a 409. Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency +optional type: string generation: description: >- A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. +optional type: integer labels: additionalProperties: type: string description: >- Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels +optional type: object managedFields: description: |- ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. +optional +listType=atomic items: $ref: "#/components/schemas/v1.ManagedFieldsEntry" type: array name: description: >- Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names +optional type: string namespace: description: >- Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces +optional type: string ownerReferences: description: >- List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. +optional +patchMergeKey=uid +patchStrategy=merge +listType=map +listMapKey=uid items: $ref: "#/components/schemas/v1.OwnerReference" type: array resourceVersion: description: >- An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency +optional type: string selfLink: description: >- Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. +optional type: string uid: description: >- UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids +optional type: string type: object v1.OwnerReference: properties: apiVersion: description: API version of the referent. type: string blockOwnerDeletion: description: >- If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. +optional type: boolean controller: description: |- If true, this reference points to the managing controller. +optional type: boolean kind: description: >- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: >- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names type: string uid: description: >- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids type: string type: object v1.PersistentVolumeAccessMode: enum: - ReadWriteOnce - ReadOnlyMany - ReadWriteMany - ReadWriteOncePod type: string x-enum-varnames: - ReadWriteOnce - ReadOnlyMany - ReadWriteMany - ReadWriteOncePod v1.PersistentVolumeClaimPhase: enum: - Pending - Bound - Lost type: string x-enum-varnames: - ClaimPending - ClaimBound - ClaimLost v1.PersistentVolumeMode: enum: - Block - Filesystem type: string x-enum-varnames: - PersistentVolumeBlock - PersistentVolumeFilesystem v1.PersistentVolumePhase: enum: - Pending - Available - Bound - Released - Failed type: string x-enum-varnames: - VolumePending - VolumeAvailable - VolumeBound - VolumeReleased - VolumeFailed v1.PersistentVolumeReclaimPolicy: enum: - Recycle - Delete - Retain type: string x-enum-varnames: - PersistentVolumeReclaimRecycle - PersistentVolumeReclaimDelete - PersistentVolumeReclaimRetain v1.Probe: properties: exec: allOf: - $ref: "#/components/schemas/v1.ExecAction" description: |- Exec specifies a command to execute in the container. +optional failureThreshold: description: >- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. +optional type: integer grpc: allOf: - $ref: "#/components/schemas/v1.GRPCAction" description: |- GRPC specifies a GRPC HealthCheckRequest. +optional httpGet: allOf: - $ref: "#/components/schemas/v1.HTTPGetAction" description: |- HTTPGet specifies an HTTP GET request to perform. +optional initialDelaySeconds: description: >- Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +optional type: integer periodSeconds: description: |- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +optional type: integer successThreshold: description: >- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +optional type: integer tcpSocket: allOf: - $ref: "#/components/schemas/v1.TCPSocketAction" description: |- TCPSocket specifies a connection to a TCP port. +optional terminationGracePeriodSeconds: description: >- Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +optional type: integer timeoutSeconds: description: >- Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +optional type: integer type: object v1.ProcMountType: enum: - Default - Unmasked type: string x-enum-varnames: - DefaultProcMount - UnmaskedProcMount v1.Protocol: enum: - TCP - UDP - SCTP type: string x-enum-varnames: - ProtocolTCP - ProtocolUDP - ProtocolSCTP v1.PullPolicy: enum: - Always - Never - IfNotPresent type: string x-enum-varnames: - PullAlways - PullNever - PullIfNotPresent v1.RecursiveReadOnlyMode: enum: - Disabled - IfPossible - Enabled type: string x-enum-varnames: - RecursiveReadOnlyDisabled - RecursiveReadOnlyIfPossible - RecursiveReadOnlyEnabled v1.ResourceFieldSelector: properties: containerName: description: |- Container name: required for volumes, optional for env vars +optional type: string divisor: allOf: - $ref: "#/components/schemas/resource.Quantity" description: >- Specifies the output format of the exposed resources, defaults to "1" +optional resource: description: "Required: resource to select" type: string type: object v1.ResourceList: additionalProperties: $ref: "#/components/schemas/resource.Quantity" type: object v1.ResourceName: enum: - cpu - memory - storage - ephemeral-storage - pods - services - replicationcontrollers - resourcequotas - secrets - configmaps - persistentvolumeclaims - services.nodeports - services.loadbalancers - requests.cpu - requests.memory - requests.storage - requests.ephemeral-storage - limits.cpu - limits.memory - limits.ephemeral-storage type: string x-enum-varnames: - ResourceCPU - ResourceMemory - ResourceStorage - ResourceEphemeralStorage - ResourcePods - ResourceServices - ResourceReplicationControllers - ResourceQuotas - ResourceSecrets - ResourceConfigMaps - ResourcePersistentVolumeClaims - ResourceServicesNodePorts - ResourceServicesLoadBalancers - ResourceRequestsCPU - ResourceRequestsMemory - ResourceRequestsStorage - ResourceRequestsEphemeralStorage - ResourceLimitsCPU - ResourceLimitsMemory - ResourceLimitsEphemeralStorage v1.ResourceQuota: properties: apiVersion: description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources +optional type: string kind: description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds +optional type: string metadata: allOf: - $ref: "#/components/schemas/v1.ObjectMeta" description: >- Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +optional spec: allOf: - $ref: "#/components/schemas/v1.ResourceQuotaSpec" description: >- Spec defines the desired quota. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +optional status: allOf: - $ref: "#/components/schemas/v1.ResourceQuotaStatus" description: >- Status defines the actual enforced quota and its current usage. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +optional type: object v1.ResourceQuotaScope: enum: - Terminating - NotTerminating - BestEffort - NotBestEffort - PriorityClass - CrossNamespacePodAffinity - VolumeAttributesClass type: string x-enum-varnames: - ResourceQuotaScopeTerminating - ResourceQuotaScopeNotTerminating - ResourceQuotaScopeBestEffort - ResourceQuotaScopeNotBestEffort - ResourceQuotaScopePriorityClass - ResourceQuotaScopeCrossNamespacePodAffinity - ResourceQuotaScopeVolumeAttributesClass v1.ResourceQuotaSpec: properties: hard: allOf: - $ref: "#/components/schemas/v1.ResourceList" description: >- hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ +optional scopeSelector: allOf: - $ref: "#/components/schemas/v1.ScopeSelector" description: >- scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. +optional scopes: description: >- A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects. +optional +listType=atomic items: $ref: "#/components/schemas/v1.ResourceQuotaScope" type: array type: object v1.ResourceQuotaStatus: properties: hard: allOf: - $ref: "#/components/schemas/v1.ResourceList" description: >- Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ +optional used: allOf: - $ref: "#/components/schemas/v1.ResourceList" description: >- Used is the current observed total usage of the resource in the namespace. +optional type: object v1.ResourceRequirements: properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. +listType=map +listMapKey=name +featureGate=DynamicResourceAllocation +optional items: $ref: "#/components/schemas/k8s_io_api_core_v1.ResourceClaim" type: array limits: allOf: - $ref: "#/components/schemas/v1.ResourceList" description: >- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +optional requests: allOf: - $ref: "#/components/schemas/v1.ResourceList" description: >- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +optional type: object v1.ResourceResizeRestartPolicy: enum: - NotRequired - RestartContainer type: string x-enum-varnames: - NotRequired - RestartContainer v1.RoleRef: properties: apiGroup: description: APIGroup is the group for the resource being referenced type: string kind: description: Kind is the type of resource being referenced type: string name: description: |- Name is the name of resource being referenced +required +k8s:required type: string type: object v1.SELinuxOptions: properties: level: description: |- Level is SELinux level label that applies to the container. +optional type: string role: description: |- Role is a SELinux role label that applies to the container. +optional type: string type: description: |- Type is a SELinux type label that applies to the container. +optional type: string user: description: |- User is a SELinux user label that applies to the container. +optional type: string type: object v1.ScopeSelector: properties: matchExpressions: description: |- A list of scope selector requirements by scope of the resources. +optional +listType=atomic items: $ref: "#/components/schemas/v1.ScopedResourceSelectorRequirement" type: array type: object v1.ScopeSelectorOperator: enum: - In - NotIn - Exists - DoesNotExist type: string x-enum-varnames: - ScopeSelectorOpIn - ScopeSelectorOpNotIn - ScopeSelectorOpExists - ScopeSelectorOpDoesNotExist v1.ScopedResourceSelectorRequirement: properties: operator: allOf: - $ref: "#/components/schemas/v1.ScopeSelectorOperator" description: |- Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. scopeName: allOf: - $ref: "#/components/schemas/v1.ResourceQuotaScope" description: The name of the scope that the selector applies to. values: description: >- An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +optional +listType=atomic items: type: string type: array type: object v1.SeccompProfile: properties: localhostProfile: description: >- localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. +optional type: string type: allOf: - $ref: "#/components/schemas/v1.SeccompProfileType" description: >- type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. +unionDiscriminator type: object v1.SeccompProfileType: enum: - Unconfined - RuntimeDefault - Localhost type: string x-enum-varnames: - SeccompProfileTypeUnconfined - SeccompProfileTypeRuntimeDefault - SeccompProfileTypeLocalhost v1.SecretEnvSource: properties: name: description: >- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +optional +default="" +kubebuilder:default="" TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: |- Specify whether the Secret must be defined +optional type: boolean type: object v1.SecretKeySelector: properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: >- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +optional +default="" +kubebuilder:default="" TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: |- Specify whether the Secret or its key must be defined +optional type: boolean type: object v1.SecretReference: properties: name: description: |- name is unique within a namespace to reference a secret resource. +optional type: string namespace: description: >- namespace defines the space within which the secret name must be unique. +optional type: string type: object v1.SecurityContext: properties: allowPrivilegeEscalation: description: |- AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. +optional type: boolean appArmorProfile: allOf: - $ref: "#/components/schemas/v1.AppArmorProfile" description: >- appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. +optional capabilities: allOf: - $ref: "#/components/schemas/v1.Capabilities" description: >- The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +optional privileged: description: >- Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. +optional type: boolean procMount: allOf: - $ref: "#/components/schemas/v1.ProcMountType" description: >- procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. +optional readOnlyRootFilesystem: description: |- Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. +optional type: boolean runAsGroup: description: >- The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +optional type: integer runAsNonRoot: description: >- Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +optional type: boolean runAsUser: description: >- The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +optional type: integer seLinuxOptions: allOf: - $ref: "#/components/schemas/v1.SELinuxOptions" description: >- The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +optional seccompProfile: allOf: - $ref: "#/components/schemas/v1.SeccompProfile" description: |- The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +optional windowsOptions: allOf: - $ref: "#/components/schemas/v1.WindowsSecurityContextOptions" description: >- The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +optional type: object v1.Signal: enum: - SIGABRT - SIGALRM - SIGBUS - SIGCHLD - SIGCLD - SIGCONT - SIGFPE - SIGHUP - SIGILL - SIGINT - SIGIO - SIGIOT - SIGKILL - SIGPIPE - SIGPOLL - SIGPROF - SIGPWR - SIGQUIT - SIGSEGV - SIGSTKFLT - SIGSTOP - SIGSYS - SIGTERM - SIGTRAP - SIGTSTP - SIGTTIN - SIGTTOU - SIGURG - SIGUSR1 - SIGUSR2 - SIGVTALRM - SIGWINCH - SIGXCPU - SIGXFSZ - SIGRTMIN - SIGRTMIN+1 - SIGRTMIN+2 - SIGRTMIN+3 - SIGRTMIN+4 - SIGRTMIN+5 - SIGRTMIN+6 - SIGRTMIN+7 - SIGRTMIN+8 - SIGRTMIN+9 - SIGRTMIN+10 - SIGRTMIN+11 - SIGRTMIN+12 - SIGRTMIN+13 - SIGRTMIN+14 - SIGRTMIN+15 - SIGRTMAX-14 - SIGRTMAX-13 - SIGRTMAX-12 - SIGRTMAX-11 - SIGRTMAX-10 - SIGRTMAX-9 - SIGRTMAX-8 - SIGRTMAX-7 - SIGRTMAX-6 - SIGRTMAX-5 - SIGRTMAX-4 - SIGRTMAX-3 - SIGRTMAX-2 - SIGRTMAX-1 - SIGRTMAX type: string x-enum-varnames: - SIGABRT - SIGALRM - SIGBUS - SIGCHLD - SIGCLD - SIGCONT - SIGFPE - SIGHUP - SIGILL - SIGINT - SIGIO - SIGIOT - SIGKILL - SIGPIPE - SIGPOLL - SIGPROF - SIGPWR - SIGQUIT - SIGSEGV - SIGSTKFLT - SIGSTOP - SIGSYS - SIGTERM - SIGTRAP - SIGTSTP - SIGTTIN - SIGTTOU - SIGURG - SIGUSR1 - SIGUSR2 - SIGVTALRM - SIGWINCH - SIGXCPU - SIGXFSZ - SIGRTMIN - SIGRTMINPLUS1 - SIGRTMINPLUS2 - SIGRTMINPLUS3 - SIGRTMINPLUS4 - SIGRTMINPLUS5 - SIGRTMINPLUS6 - SIGRTMINPLUS7 - SIGRTMINPLUS8 - SIGRTMINPLUS9 - SIGRTMINPLUS10 - SIGRTMINPLUS11 - SIGRTMINPLUS12 - SIGRTMINPLUS13 - SIGRTMINPLUS14 - SIGRTMINPLUS15 - SIGRTMAXMINUS14 - SIGRTMAXMINUS13 - SIGRTMAXMINUS12 - SIGRTMAXMINUS11 - SIGRTMAXMINUS10 - SIGRTMAXMINUS9 - SIGRTMAXMINUS8 - SIGRTMAXMINUS7 - SIGRTMAXMINUS6 - SIGRTMAXMINUS5 - SIGRTMAXMINUS4 - SIGRTMAXMINUS3 - SIGRTMAXMINUS2 - SIGRTMAXMINUS1 - SIGRTMAX v1.SleepAction: properties: seconds: description: Seconds is the number of seconds to sleep. type: integer type: object v1.TCPSocketAction: properties: host: description: |- Optional: Host name to connect to, defaults to the pod IP. +optional type: string port: allOf: - $ref: "#/components/schemas/intstr.IntOrString" description: |- Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. type: object v1.Taint: properties: effect: allOf: - $ref: "#/components/schemas/v1.TaintEffect" description: |- Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute. key: description: Required. The taint key to be applied to a node. type: string timeAdded: description: |- TimeAdded represents the time at which the taint was added. +optional type: string value: description: |- The taint value corresponding to the taint key. +optional type: string type: object v1.TaintEffect: enum: - NoSchedule - PreferNoSchedule - NoExecute type: string x-enum-varnames: - TaintEffectNoSchedule - TaintEffectPreferNoSchedule - TaintEffectNoExecute v1.TerminationMessagePolicy: enum: - File - FallbackToLogsOnError type: string x-enum-varnames: - TerminationMessageReadFile - TerminationMessageFallbackToLogsOnError v1.URIScheme: enum: - HTTP - HTTPS type: string x-enum-varnames: - URISchemeHTTP - URISchemeHTTPS v1.VolumeDevice: properties: devicePath: description: devicePath is the path inside of the container that the device will be mapped to. type: string name: description: name must match the name of a persistentVolumeClaim in the pod type: string type: object v1.VolumeMount: properties: mountPath: description: >- Path within the container at which the volume should be mounted. Must not contain ':'. type: string mountPropagation: allOf: - $ref: "#/components/schemas/v1.MountPropagationMode" description: >- mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). +optional name: description: This must match the Name of a Volume. type: string readOnly: description: >- Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +optional type: boolean recursiveReadOnly: allOf: - $ref: "#/components/schemas/v1.RecursiveReadOnlyMode" description: >- RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled. +optional subPath: description: >- Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). +optional type: string subPathExpr: description: >- Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. +optional type: string type: object v1.WindowsSecurityContextOptions: properties: gmsaCredentialSpec: description: >- GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. +optional type: string gmsaCredentialSpecName: description: >- GMSACredentialSpecName is the name of the GMSA credential spec to use. +optional type: string hostProcess: description: >- HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. +optional type: boolean runAsUserName: description: >- The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +optional type: string type: object v1beta1.ContainerMetrics: properties: name: description: Container name corresponding to the one from pod.spec.containers. type: string usage: allOf: - $ref: "#/components/schemas/v1.ResourceList" description: The memory usage is the memory working set. type: object v1beta1.NodeMetrics: properties: apiVersion: description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources +optional type: string kind: description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds +optional type: string metadata: allOf: - $ref: "#/components/schemas/v1.ObjectMeta" description: >- Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +optional timestamp: description: |- The following fields define time interval from which metrics were collected from the interval [Timestamp-Window, Timestamp]. type: string usage: allOf: - $ref: "#/components/schemas/v1.ResourceList" description: The memory usage is the memory working set. window: type: string type: object v1beta1.NodeMetricsList: properties: apiVersion: description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources +optional type: string items: description: List of node metrics. items: $ref: "#/components/schemas/v1beta1.NodeMetrics" type: array kind: description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds +optional type: string metadata: allOf: - $ref: "#/components/schemas/v1.ListMeta" description: >- Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: object v1beta1.PodMetrics: properties: apiVersion: description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources +optional type: string containers: description: >- Metrics for all containers are collected within the same time window. +listType=atomic items: $ref: "#/components/schemas/v1beta1.ContainerMetrics" type: array kind: description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds +optional type: string metadata: allOf: - $ref: "#/components/schemas/v1.ObjectMeta" description: >- Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +optional timestamp: description: |- The following fields define time interval from which metrics were collected from the interval [Timestamp-Window, Timestamp]. type: string window: type: string type: object v1beta1.PodMetricsList: properties: apiVersion: description: >- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources +optional type: string items: description: List of pod metrics. items: $ref: "#/components/schemas/v1beta1.PodMetrics" type: array kind: description: >- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds +optional type: string metadata: allOf: - $ref: "#/components/schemas/v1.ListMeta" description: >- Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: object webhooks.webhookCreatePayload: properties: EndpointID: type: integer RegistryID: type: integer ResourceID: type: string WebhookType: allOf: - $ref: "#/components/schemas/portainer.WebhookType" description: Type of webhook (1 - service) type: object webhooks.webhookUpdatePayload: properties: RegistryID: type: integer type: object workflows.ArtifactDetail: properties: autoUpdate: $ref: "#/components/schemas/portainer.AutoUpdateSettings" creationDate: type: integer files: items: $ref: "#/components/schemas/workflows.ArtifactFileDetail" type: array id: type: integer lastSyncDate: type: integer name: type: string platform: $ref: "#/components/schemas/workflows.DeploymentPlatform" status: $ref: "#/components/schemas/workflows.WorkflowStatusObject" target: $ref: "#/components/schemas/workflows.Target" type: $ref: "#/components/schemas/workflows.Type" required: - id - name - type type: object workflows.ArtifactFileDetail: properties: hash: example: abc123 type: string path: example: portainer.yaml type: string pathError: type: string pathStatus: $ref: "#/components/schemas/sources.Status" ref: example: refs/heads/main type: string refError: type: string refStatus: $ref: "#/components/schemas/sources.Status" sourceId: type: integer type: object workflows.DeploymentPlatform: enum: - dockerStandalone - dockerSwarm - kubernetes type: string x-enum-varnames: - DeploymentPlatformDockerStandalone - DeploymentPlatformDockerSwarm - DeploymentPlatformKubernetes workflows.Status: enum: - healthy - syncing - error - paused - unknown type: string x-enum-varnames: - StatusHealthy - StatusSyncing - StatusError - StatusPaused - StatusUnknown workflows.StatusSummary: properties: error: type: integer healthy: type: integer paused: type: integer syncing: type: integer unknown: type: integer type: object workflows.Target: properties: edgeGroupIds: items: type: integer type: array endpointId: type: integer groupStatus: additionalProperties: $ref: "#/components/schemas/workflows.Status" type: object namespace: type: string resolvedEndpointIds: items: type: integer type: array type: object workflows.Type: enum: - stack - edgeStack type: string x-enum-varnames: - TypeStack - TypeEdgeStack workflows.Workflow: properties: autoUpdate: $ref: "#/components/schemas/portainer.AutoUpdateSettings" creationDate: type: integer gitConfig: $ref: "#/components/schemas/gittypes.RepoConfig" id: type: integer lastSyncDate: type: integer name: type: string platform: $ref: "#/components/schemas/workflows.DeploymentPlatform" sourceId: type: integer status: $ref: "#/components/schemas/workflows.WorkflowStatusObject" target: $ref: "#/components/schemas/workflows.Target" type: $ref: "#/components/schemas/workflows.Type" required: - id - name - platform - status - target - type type: object workflows.WorkflowDetail: properties: artifacts: items: $ref: "#/components/schemas/workflows.ArtifactDetail" type: array id: type: integer name: type: string required: - id - name type: object workflows.WorkflowPhaseStatus: properties: error: type: string status: $ref: "#/components/schemas/workflows.Status" type: object workflows.WorkflowStatusObject: properties: artifact: $ref: "#/components/schemas/workflows.WorkflowPhaseStatus" source: $ref: "#/components/schemas/workflows.WorkflowPhaseStatus" target: $ref: "#/components/schemas/workflows.WorkflowPhaseStatus" type: object