basePath: /api definitions: auth.authenticatePayload: properties: Password: description: Password example: mypassword type: string Username: description: Username example: admin type: string required: - Password - Username type: object auth.authenticateResponse: properties: jwt: description: JWT token used to authenticate against the API example: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyzAB type: string type: object auth.oauthPayload: properties: Code: description: OAuth code returned from OAuth Provided type: string type: object backup.backupPayload: properties: Password: type: string type: object backup.restorePayload: properties: FileContent: items: type: integer type: array FileName: type: string Password: type: string type: object build.BuildInfo: properties: BuildNumber: type: string GitCommit: type: string GoVersion: type: string ImageTag: type: string NodejsVersion: type: string PnpmVersion: type: string WebpackVersion: type: string type: object build.DependenciesInfo: properties: ComposeVersion: type: string DockerVersion: type: string HelmVersion: type: string KubectlVersion: type: string type: object build.RuntimeInfo: properties: Env: items: type: string type: array type: object containers.containerGpusResponse: properties: gpus: type: string type: object customtemplates.customTemplateFromFileContentPayload: properties: Description: description: Description of the template example: High performance web server type: string EdgeTemplate: description: EdgeTemplate indicates if this template purpose for Edge Stack example: false type: boolean FileContent: description: Content of stack file type: string Logo: description: URL of the template's logo example: https://portainer.io/img/logo.svg type: string Note: description: A note that will be displayed in the UI. Supports HTML content example: This is my custom template type: string Platform: allOf: - $ref: '#/definitions/portainer.CustomTemplatePlatform' description: |- Platform associated to the template. Valid values are: 1 - 'linux', 2 - 'windows' Required for Docker stacks enum: - 1 - 2 example: 1 Title: description: Title of the template example: Nginx type: string Type: allOf: - $ref: '#/definitions/portainer.StackType' description: |- Type of created stack: * 1 - swarm * 2 - compose * 3 - kubernetes enum: - 1 - 2 - 3 example: 1 Variables: description: Definitions of variables in the stack file items: $ref: '#/definitions/portainer.CustomTemplateVariableDefinition' type: array required: - Description - FileContent - Title - Type type: object customtemplates.customTemplateFromGitRepositoryPayload: properties: ComposeFilePathInRepository: default: docker-compose.yml description: Path to the Stack file inside the Git repository example: docker-compose.yml type: string Description: description: Description of the template example: High performance web server type: string EdgeTemplate: description: EdgeTemplate indicates if this template purpose for Edge Stack example: false type: boolean IsComposeFormat: description: IsComposeFormat indicates if the Kubernetes template is created from a Docker Compose file example: false type: boolean Logo: description: URL of the template's logo example: https://portainer.io/img/logo.svg type: string Note: description: A note that will be displayed in the UI. Supports HTML content example: This is my custom template type: string Platform: allOf: - $ref: '#/definitions/portainer.CustomTemplatePlatform' description: |- Platform associated to the template. Valid values are: 1 - 'linux', 2 - 'windows' Required for Docker stacks enum: - 1 - 2 example: 1 RepositoryAuthentication: description: Use basic authentication to clone the Git repository example: true type: boolean RepositoryPassword: description: Password used in basic authentication. Required when RepositoryAuthentication is true. example: myGitPassword type: string RepositoryReferenceName: description: Reference name of a Git repository hosting the Stack file example: refs/heads/master type: string RepositoryURL: description: URL of a Git repository hosting the Stack file example: https://github.com/openfaas/faas type: string RepositoryUsername: description: Username used in basic authentication. Required when RepositoryAuthentication is true. example: myGitUsername type: string TLSSkipVerify: description: TLSSkipVerify skips SSL verification when cloning the Git repository example: false type: boolean Title: description: Title of the template example: Nginx type: string Type: allOf: - $ref: '#/definitions/portainer.StackType' description: |- Type of created stack: * 1 - swarm * 2 - compose * 3 - kubernetes enum: - 1 - 2 example: 1 Variables: description: Definitions of variables in the stack file items: $ref: '#/definitions/portainer.CustomTemplateVariableDefinition' type: array required: - Description - RepositoryURL - Title - Type type: object customtemplates.customTemplateUpdatePayload: properties: ComposeFilePathInRepository: default: docker-compose.yml description: Path to the Stack file inside the Git repository example: docker-compose.yml type: string Description: description: Description of the template example: High performance web server type: string EdgeTemplate: description: EdgeTemplate indicates if this template purpose for Edge Stack example: false type: boolean FileContent: description: Content of stack file type: string IsComposeFormat: description: IsComposeFormat indicates if the Kubernetes template is created from a Docker Compose file example: false type: boolean Logo: description: URL of the template's logo example: https://portainer.io/img/logo.svg type: string Note: description: A note that will be displayed in the UI. Supports HTML content example: This is my custom template type: string Platform: allOf: - $ref: '#/definitions/portainer.CustomTemplatePlatform' description: |- Platform associated to the template. Valid values are: 1 - 'linux', 2 - 'windows' Required for Docker stacks enum: - 1 - 2 example: 1 RepositoryAuthentication: description: Use authentication to clone the Git repository example: true type: boolean RepositoryAuthorizationType: allOf: - $ref: '#/definitions/gittypes.GitCredentialAuthType' description: RepositoryAuthorizationType is the authorization type to use example: 0 RepositoryGitCredentialID: description: |- GitCredentialID used to identify the bound git credential. Required when RepositoryAuthentication is true and RepositoryUsername/RepositoryPassword are not provided example: 0 type: integer RepositoryPassword: description: |- Password used in basic authentication or token used in token authentication. Required when RepositoryAuthentication is true and RepositoryGitCredentialID is 0 example: myGitPassword type: string RepositoryReferenceName: description: Reference name of a Git repository hosting the Stack file example: refs/heads/master type: string RepositoryURL: description: URL of a Git repository hosting the Stack file example: https://github.com/openfaas/faas type: string RepositoryUsername: description: |- Username used in basic authentication. Required when RepositoryAuthentication is true and RepositoryGitCredentialID is 0. Ignored if RepositoryAuthType is token example: myGitUsername type: string TLSSkipVerify: description: TLSSkipVerify skips SSL verification when cloning the Git repository example: false type: boolean Title: description: Title of the template example: Nginx type: string Type: allOf: - $ref: '#/definitions/portainer.StackType' description: Type of created stack (1 - swarm, 2 - compose, 3 - kubernetes) enum: - 1 - 2 - 3 example: 1 Variables: description: Definitions of variables in the stack file items: $ref: '#/definitions/portainer.CustomTemplateVariableDefinition' type: array required: - Description - FileContent - RepositoryURL - Title - Type type: object customtemplates.fileResponse: properties: FileContent: type: string type: object docker.dashboardResponse: properties: containers: $ref: '#/definitions/stats.ContainerStats' images: $ref: '#/definitions/docker.imagesCounters' networks: type: integer services: type: integer stacks: type: integer volumes: type: integer type: object docker.imagesCounters: properties: size: type: integer total: type: integer type: object edge.DeployerOptionsPayload: properties: ForceRecreate: description: |- ForceRecreate is a flag indicating if the agent must force the redeployment of the stack. This field is only used when the Force Redeployment is triggered. Once the stack is redeployed, this field will be reset to false. For standard edge agent, this field is used in agent side For async edge agent, this field is used in both agent side and server side. This flag drives `docker compose up --force-recreate` option type: boolean Prune: description: |- Prune is a flag indicating if the agent must prune the containers or not when creating/updating an edge stack This flag drives `docker compose up --remove-orphans` and `docker stack up --prune` options Used only for EE type: boolean RemoveVolumes: description: |- RemoveVolumes is a flag indicating if the agent must remove the named volumes declared in the compose file and anonymouse volumes attached to containers This flag drives `docker compose down --volumes` option Used only for EE type: boolean type: object edge.RegistryCredentials: properties: Secret: type: string ServerURL: type: string Username: type: string type: object edge.StackPayload: properties: AlwaysCloneGitRepoForRelativePath: description: |- AlwaysCloneGitRepoForRelativePath is a flag indicating if the agent must always clone the git repository for relative path. This field is only valid when SupportRelativePath is true. Used only for EE type: boolean CreatedBy: description: |- CreatedBy is the username that created this stack Used for adding labels to Kubernetes manifests type: string CreatedByUserId: description: |- CreatedByUserId is the user ID that created this stack Used for adding labels to Kubernetes manifests type: string DeployerOptionsPayload: $ref: '#/definitions/edge.DeployerOptionsPayload' DirEntries: description: Content of stack folder items: $ref: '#/definitions/filesystem.DirEntry' type: array EdgeUpdateID: description: |- EdgeUpdateID is the ID of the edge update related to this stack. Used only for EE type: integer EntryFileName: description: Name of the stack entry file type: string EnvVars: description: |- Used only for EE EnvVars is a list of environment variables to inject into the stack items: $ref: '#/definitions/portainer.Pair' type: array FilesystemPath: description: Mount point for relative path type: string ForceUpdate: description: |- ForceUpdate is a flag indicating if the agent must force the update of the stack. Used only for EE type: boolean HelmConfig: allOf: - $ref: '#/definitions/portainer.HelmConfig' description: HelmConfig represents the Helm configuration for an edge stack ID: description: ID of the stack type: integer Name: description: Name of the stack type: string Namespace: description: Namespace to use for kubernetes stack. Keep empty to use the manifest namespace. type: string PrePullImage: description: |- PrePullImage is a flag indicating if the agent must pull the image before deploying the stack. Used only for EE type: boolean RePullImage: description: |- RePullImage is a flag indicating if the agent must pull the image if it is already present on the node. Used only for EE type: boolean ReadyRePullImage: description: |- Used only for EE async edge agent ReadyRePullImage is a flag to indicate whether the auto update is trigger to re-pull image Deprecated(2.36): use DeployerOptionsPayload.ForceRecreate instead type: boolean RegistryCredentials: description: |- RegistryCredentials holds the credentials for a Docker registry. Used only for EE items: $ref: '#/definitions/edge.RegistryCredentials' type: array RetryDeploy: description: |- RetryDeploy is a flag indicating if the agent must retry to deploy the stack if it fails. Used only for EE type: boolean RetryPeriod: description: |- RetryPeriod specifies the duration, in seconds, for which the agent should continue attempting to deploy the stack after a failure Used only for EE type: integer RollbackTo: description: RollbackTo specifies the stack file version to rollback to (only support to rollback to the last version currently) type: integer StackFileContent: description: Content of the stack file (for compatibility to agent version less than 2.19.0) type: string SupportRelativePath: description: Is relative path supported type: boolean Version: description: Version of the stack file type: integer type: object edgegroups.decoratedEdgeGroup: properties: Dynamic: type: boolean EndpointIds: description: Shadow to avoid exposing in the API type: integer EndpointTypes: items: $ref: '#/definitions/portainer.EndpointType' type: array Endpoints: description: 'Deprecated: only used for API responses' items: type: integer type: array HasEdgeJob: type: boolean HasEdgeStack: type: boolean Id: description: EdgeGroup Identifier example: 1 type: integer Name: type: string PartialMatch: type: boolean TagIds: items: type: integer type: array TrustedEndpoints: items: type: integer type: array type: object edgegroups.edgeGroupCreatePayload: properties: Dynamic: type: boolean Endpoints: items: type: integer type: array Name: type: string PartialMatch: type: boolean TagIDs: items: type: integer type: array type: object edgegroups.edgeGroupUpdatePayload: properties: Dynamic: type: boolean Endpoints: items: type: integer type: array Name: type: string PartialMatch: type: boolean TagIDs: items: type: integer type: array type: object edgejobs.edgeJobCreateFromFileContentPayload: properties: CronExpression: type: string EdgeGroups: items: type: integer type: array Endpoints: items: type: integer type: array FileContent: type: string Name: type: string Recurring: type: boolean type: object edgejobs.edgeJobFileResponse: properties: FileContent: type: string type: object edgejobs.edgeJobUpdatePayload: properties: CronExpression: type: string EdgeGroups: items: type: integer type: array Endpoints: items: type: integer type: array FileContent: type: string Name: type: string Recurring: type: boolean type: object edgejobs.fileResponse: properties: FileContent: type: string type: object edgejobs.taskContainer: properties: EndpointId: type: integer EndpointName: type: string Id: type: string LogsStatus: $ref: '#/definitions/portainer.EdgeJobLogsStatus' type: object edgestacks.edgeStackFromGitRepositoryPayload: properties: DeploymentType: allOf: - $ref: '#/definitions/portainer.EdgeStackDeploymentType' description: |- Deployment type to deploy this stack Valid values are: 0 - 'compose', 1 - 'kubernetes' compose is enabled only for docker environments kubernetes is enabled only for kubernetes environments enum: - 0 - 1 - 2 example: 0 EdgeGroups: description: List of identifiers of EdgeGroups example: - 1 items: type: integer type: array FilePathInRepository: default: docker-compose.yml description: Path to the Stack file inside the Git repository example: docker-compose.yml type: string Name: description: |- Name of the stack Max length: 255 Name must only contains lowercase characters, numbers, hyphens, or underscores Name must start with a lowercase character or number Example: stack-name or stack_123 or stackName example: stack-name type: string Registries: description: List of Registries to use for this stack items: type: integer type: array RepositoryAuthentication: description: Use basic authentication to clone the Git repository example: true type: boolean RepositoryAuthorizationType: allOf: - $ref: '#/definitions/gittypes.GitCredentialAuthType' description: RepositoryAuthorizationType is the authorization type to use example: 0 RepositoryPassword: description: Password used in basic authentication. Required when RepositoryAuthentication is true. example: myGitPassword type: string RepositoryReferenceName: description: Reference name of a Git repository hosting the Stack file example: refs/heads/master type: string RepositoryURL: description: URL of a Git repository hosting the Stack file example: https://github.com/openfaas/faas type: string RepositoryUsername: description: Username used in basic authentication. Required when RepositoryAuthentication is true. example: myGitUsername type: string TLSSkipVerify: description: TLSSkipVerify skips SSL verification when cloning the Git repository example: false type: boolean UseManifestNamespaces: description: Uses the manifest's namespaces instead of the default one type: boolean required: - EdgeGroups - Name - RepositoryURL type: object edgestacks.edgeStackFromStringPayload: properties: DeploymentType: allOf: - $ref: '#/definitions/portainer.EdgeStackDeploymentType' description: |- Deployment type to deploy this stack Valid values are: 0 - 'compose', 1 - 'kubernetes' compose is enabled only for docker environments kubernetes is enabled only for kubernetes environments enum: - 0 - 1 - 2 example: 0 EdgeGroups: description: List of identifiers of EdgeGroups example: - 1 items: type: integer type: array Name: description: |- Name of the stack Max length: 255 Name must only contains lowercase characters, numbers, hyphens, or underscores Name must start with a lowercase character or number Example: stack-name or stack_123 or stackName example: stack-name type: string Registries: description: List of Registries to use for this stack items: type: integer type: array StackFileContent: description: Content of the Stack file example: |- version: 3 services: web: image:nginx type: string UseManifestNamespaces: description: Uses the manifest's namespaces instead of the default one type: boolean required: - Name - StackFileContent type: object edgestacks.stackFileResponse: properties: StackFileContent: type: string type: object edgestacks.updateEdgeStackPayload: properties: DeploymentType: $ref: '#/definitions/portainer.EdgeStackDeploymentType' EdgeGroups: items: type: integer type: array StackFileContent: type: string UpdateVersion: type: boolean UseManifestNamespaces: description: Uses the manifest's namespaces instead of the default one type: boolean type: object edgestacks.updateStatusPayload: properties: EndpointID: type: integer Error: type: string Status: $ref: '#/definitions/portainer.EdgeStackStatusType' Time: type: integer Version: type: integer type: object endpointedge.edgeJobResponse: properties: CollectLogs: description: Whether to collect logs example: true type: boolean CronExpression: description: A cron expression to schedule this job example: '* * * * *' type: string Id: description: EdgeJob Identifier example: 2 type: integer Script: description: Script to run example: echo hello type: string Version: description: Version of this EdgeJob example: 2 type: integer type: object endpointedge.endpointEdgeStatusInspectResponse: properties: checkin: description: The current value of CheckinInterval example: 5 type: integer credentials: type: string port: description: The tunnel port example: 8732 type: integer schedules: description: List of requests for jobs to run on the environment(endpoint) items: $ref: '#/definitions/endpointedge.edgeJobResponse' type: array stacks: description: List of stacks to be deployed on the environments(endpoints) items: $ref: '#/definitions/endpointedge.stackStatusResponse' type: array status: description: Status represents the environment(endpoint) status example: REQUIRED type: string type: object endpointedge.stackStatusResponse: properties: ID: description: EdgeStack Identifier example: 1 type: integer Version: description: Version of this stack example: 3 type: integer type: object endpointgroups.endpointGroupCreatePayload: properties: AssociatedEndpoints: description: List of environment(endpoint) identifiers that will be part of this group example: - 1 - 3 items: type: integer type: array Description: description: Environment(Endpoint) group description example: description type: string Name: description: Environment(Endpoint) group name example: my-environment-group type: string TagIDs: description: List of tag identifiers to which this environment(endpoint) group is associated example: - 1 - 2 items: type: integer type: array required: - Name type: object endpointgroups.endpointGroupUpdatePayload: properties: AssociatedEndpoints: description: List of environment(endpoint) identifiers that will be part of this group example: - 1 - 3 items: type: integer type: array Description: description: Environment(Endpoint) group description example: description type: string Name: description: Environment(Endpoint) group name example: my-environment-group type: string TagIDs: description: List of tag identifiers associated to the environment(endpoint) group example: - 3 - 4 items: type: integer type: array TeamAccessPolicies: $ref: '#/definitions/portainer.TeamAccessPolicies' UserAccessPolicies: $ref: '#/definitions/portainer.UserAccessPolicies' type: object endpoints.dockerhubStatusResponse: properties: limit: description: Daily limit type: integer remaining: description: Remaiming images to pull type: integer type: object endpoints.endpointCreateGlobalKeyResponse: properties: endpointID: type: integer type: object endpoints.endpointDeleteBatchPartialResponse: properties: deleted: items: type: integer type: array errors: items: type: integer type: array type: object endpoints.endpointDeleteBatchPayload: properties: endpoints: items: $ref: '#/definitions/endpoints.endpointDeleteRequest' type: array type: object endpoints.endpointDeleteRequest: properties: deleteCluster: type: boolean id: type: integer type: object endpoints.endpointSettingsUpdatePayload: properties: allowBindMountsForRegularUsers: description: Whether non-administrator should be able to use bind mounts when creating containers example: false type: boolean allowContainerCapabilitiesForRegularUsers: description: Whether non-administrator should be able to use container capabilities example: true type: boolean allowDeviceMappingForRegularUsers: description: Whether non-administrator should be able to use device mapping example: true type: boolean allowHostNamespaceForRegularUsers: description: Whether non-administrator should be able to use the host pid example: true type: boolean allowPrivilegedModeForRegularUsers: description: Whether non-administrator should be able to use privileged mode when creating containers example: false type: boolean allowStackManagementForRegularUsers: description: Whether non-administrator should be able to manage stacks example: true type: boolean allowSysctlSettingForRegularUsers: description: Whether non-administrator should be able to use sysctl settings example: true type: boolean allowVolumeBrowserForRegularUsers: description: Whether non-administrator should be able to browse volumes example: true type: boolean enableGPUManagement: example: false type: boolean enableHostManagementFeatures: description: Whether host management features are enabled example: true type: boolean gpus: items: $ref: '#/definitions/portainer.Pair' type: array type: object endpoints.endpointUpdatePayload: properties: AzureApplicationID: description: Azure application ID example: eag7cdo9-o09l-9i83-9dO9-f0b23oe78db4 type: string AzureAuthenticationKey: description: Azure authentication key example: cOrXoK/1D35w8YQ8nH1/8ZGwzz45JIYD5jxHKXEQknk= type: string AzureTenantID: description: Azure tenant ID example: 34ddc78d-4fel-2358-8cc1-df84c8o839f5 type: string EdgeCheckinInterval: description: The check in interval for edge agent (in seconds) example: 5 type: integer Gpus: description: GPUs information items: $ref: '#/definitions/portainer.Pair' type: array GroupID: description: Group identifier example: 1 type: integer Kubernetes: allOf: - $ref: '#/definitions/portainer.KubernetesData' description: Associated Kubernetes data Name: description: Name that will be used to identify this environment(endpoint) example: my-environment type: string PublicURL: description: |- URL or IP address where exposed containers will be reachable.\ Defaults to URL if not specified example: docker.mydomain.tld:2375 type: string Status: description: The status of the environment(endpoint) (1 - up, 2 - down) example: 1 type: integer TLS: description: Require TLS to connect against this environment(endpoint) example: true type: boolean TLSSkipClientVerify: description: Skip client verification when using TLS example: false type: boolean TLSSkipVerify: description: Skip server verification when using TLS example: false type: boolean TagIDs: description: List of tag identifiers to which this environment(endpoint) is associated example: - 1 - 2 items: type: integer type: array TeamAccessPolicies: $ref: '#/definitions/portainer.TeamAccessPolicies' URL: description: URL or IP address of a Docker host example: docker.mydomain.tld:2375 type: string UserAccessPolicies: $ref: '#/definitions/portainer.UserAccessPolicies' type: object endpoints.endpointUpdateRelationsPayload: properties: Relations: additionalProperties: properties: EdgeGroups: items: type: integer type: array Group: type: integer Tags: items: type: integer type: array type: object type: object type: object endpoints.forceUpdateServicePayload: properties: PullImage: description: PullImage if true will pull the image type: boolean ServiceID: description: ServiceId to update type: string type: object endpoints.registryAccessPayload: properties: Namespaces: items: type: string type: array TeamAccessPolicies: $ref: '#/definitions/portainer.TeamAccessPolicies' UserAccessPolicies: $ref: '#/definitions/portainer.UserAccessPolicies' type: object filesystem.DirEntry: properties: Content: type: string IsFile: type: boolean Name: type: string Permissions: $ref: '#/definitions/os.FileMode' type: object github_com_portainer_portainer_pkg_libhelm_release.Hook: properties: delete_policies: description: DeletePolicies are the policies that indicate when to delete the hook items: type: string type: array events: description: Events are the events that this hook fires on. items: type: string type: array kind: description: Kind is the Kubernetes kind. type: string last_run: allOf: - $ref: '#/definitions/github_com_portainer_portainer_pkg_libhelm_release.HookExecution' description: LastRun indicates the date/time this was last run. manifest: description: Manifest is the manifest contents. type: string name: type: string path: description: Path is the chart-relative path to the template. type: string weight: description: Weight indicates the sort order for execution among similar Hook type type: integer type: object github_com_portainer_portainer_pkg_libhelm_release.HookExecution: properties: completed_at: description: CompletedAt indicates the date/time this hook was completed. type: string phase: description: Phase indicates whether the hook completed successfully type: string started_at: description: StartedAt indicates the date/time this hook was started type: string type: object github_com_portainer_portainer_pkg_libhelm_release.Info: properties: deleted: description: Deleted tracks when this object was deleted. type: string description: description: Description is human-friendly "log entry" about this release. type: string first_deployed: description: FirstDeployed is when the release was first deployed. type: string last_deployed: description: LastDeployed is when the release was last deployed. type: string notes: description: Contains the rendered templates/NOTES.txt if available type: string resources: description: Resources is the list of resources that are part of the release items: $ref: '#/definitions/unstructured.Unstructured' type: array status: description: Status is the current state of the release type: string type: object github_com_portainer_portainer_pkg_libhelm_release.Release: properties: appVersion: description: AppVersion is the app version of the release. type: string chart: allOf: - $ref: '#/definitions/release.Chart' description: Chart is the chart that was released. chartReference: allOf: - $ref: '#/definitions/release.ChartReference' description: ChartReference are the labels that are used to identify the chart source. config: additionalProperties: {} description: |- Config is the set of extra Values added to the chart. These values override the default values inside of the chart. type: object hooks: description: Hooks are all of the hooks declared for this release. items: $ref: '#/definitions/github_com_portainer_portainer_pkg_libhelm_release.Hook' type: array info: allOf: - $ref: '#/definitions/github_com_portainer_portainer_pkg_libhelm_release.Info' description: Info provides information about a release manifest: description: Manifest is the string representation of the rendered template. type: string name: description: Name is the name of the release type: string namespace: description: Namespace is the kubernetes namespace of the release. type: string stackID: description: StackID is the ID of the Portainer stack associated with this release (if using GitOps) type: integer values: allOf: - $ref: '#/definitions/release.Values' description: Values are the values used to deploy the chart. version: description: Version is an int which represents the revision of the release. type: integer type: object gitops.fileResponse: properties: FileContent: type: string type: object gitops.repositoryFilePreviewPayload: properties: TLSSkipVerify: description: TLSSkipVerify skips SSL verification when cloning the Git repository example: false type: boolean authorizationType: $ref: '#/definitions/gittypes.GitCredentialAuthType' password: example: myGitPassword type: string reference: example: refs/heads/master type: string repository: example: https://github.com/openfaas/faas type: string targetFile: description: Path to file whose content will be read example: docker-compose.yml type: string username: example: myGitUsername type: string required: - repository type: object gittypes.GitAuthentication: properties: AuthorizationType: $ref: '#/definitions/gittypes.GitCredentialAuthType' GitCredentialID: description: |- Git credentials identifier when the value is not 0 When the value is 0, Username, Password, and Authtype are set without using saved credential This is introduced since 2.15.0 example: 0 type: integer Password: type: string Username: type: string type: object gittypes.GitCredentialAuthType: enum: - 0 - 1 type: integer x-enum-varnames: - GitCredentialAuthType_Basic - GitCredentialAuthType_Token gittypes.RepoConfig: properties: Authentication: allOf: - $ref: '#/definitions/gittypes.GitAuthentication' description: Git credentials ConfigFilePath: description: Path to where the config file is in this url/refName example: docker-compose.yml type: string ConfigHash: description: Repository hash example: bc4c183d756879ea4d173315338110b31004b8e0 type: string ReferenceName: description: The reference name example: refs/heads/branch_name type: string TLSSkipVerify: description: TLSSkipVerify skips SSL verification when cloning the Git repository example: false type: boolean URL: description: The repo url example: https://github.com/portainer/portainer.git type: string type: object helm.installChartPayload: properties: atomic: type: boolean chart: type: string name: type: string namespace: type: string repo: type: string values: type: string version: type: string type: object images.ImageResponse: properties: created: type: integer id: type: string nodeName: type: string size: type: integer tags: items: type: string type: array used: description: |- Used is true if the image is used by at least one container supplied only when withUsage is true type: boolean type: object intstr.IntOrString: properties: IntVal: type: integer StrVal: type: string Type: $ref: '#/definitions/intstr.Type' type: object intstr.Type: enum: - 0 - 1 type: integer x-enum-comments: Int: The IntOrString holds an int. String: The IntOrString holds a string. x-enum-varnames: - Int - String k8s_io_api_core_v1.ConditionStatus: enum: - "True" - "False" - Unknown type: string x-enum-varnames: - ConditionTrue - ConditionFalse - ConditionUnknown k8s_io_api_core_v1.ResourceClaim: properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. +optional type: string type: object k8s_io_api_rbac_v1.Subject: properties: apiGroup: description: |- APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. +optional type: string kind: description: |- Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. type: string name: description: |- Name of the object being referenced. +required +k8s:required type: string namespace: description: |- Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. +optional type: string type: object kubernetes.Configuration: properties: ConfigurationOwner: type: string Data: additionalProperties: {} type: object Kind: type: string type: object kubernetes.CustomResourceMetadata: properties: apiVersion: type: string kind: type: string name: type: string plural: type: string scope: type: string type: object kubernetes.IngressRule: properties: Host: type: string IP: type: string Path: type: string TLS: items: $ref: '#/definitions/kubernetes.TLSInfo' type: array type: object kubernetes.K8sApplication: properties: Annotations: additionalProperties: type: string type: object ApplicationOwner: type: string ApplicationType: type: string Configurations: items: $ref: '#/definitions/kubernetes.Configuration' type: array Containers: items: {} type: array CreationDate: type: string CustomResourceMetadata: $ref: '#/definitions/kubernetes.CustomResourceMetadata' DeploymentType: type: string Id: type: string Image: type: string Kind: type: string Labels: additionalProperties: type: string type: object LoadBalancerIPAddress: type: string MatchLabels: additionalProperties: type: string type: object Metadata: $ref: '#/definitions/kubernetes.Metadata' Name: type: string Namespace: type: string Pods: items: $ref: '#/definitions/kubernetes.Pod' type: array PublishedPorts: items: $ref: '#/definitions/kubernetes.PublishedPort' type: array Resource: $ref: '#/definitions/kubernetes.K8sApplicationResource' ResourcePool: type: string RunningPodsCount: type: integer ServiceId: type: string ServiceName: type: string ServiceType: type: string StackId: type: string StackKind: type: string StackName: type: string Status: type: string TotalPodsCount: type: integer Uid: type: string type: object kubernetes.K8sApplicationResource: properties: CpuLimit: type: number CpuRequest: type: number MemoryLimit: type: integer MemoryRequest: type: integer type: object kubernetes.K8sClusterRole: properties: creationDate: type: string isSystem: type: boolean name: type: string uid: type: string type: object kubernetes.K8sClusterRoleBinding: properties: creationDate: type: string isSystem: type: boolean name: type: string namespace: type: string roleRef: $ref: '#/definitions/v1.RoleRef' subjects: items: $ref: '#/definitions/k8s_io_api_rbac_v1.Subject' type: array uid: type: string type: object kubernetes.K8sConfigMap: properties: Annotations: additionalProperties: type: string type: object ConfigurationOwner: type: string ConfigurationOwnerId: type: string ConfigurationOwners: items: $ref: '#/definitions/kubernetes.K8sConfigurationOwnerResource' type: array CreationDate: type: string Data: additionalProperties: type: string type: object IsUsed: type: boolean Labels: additionalProperties: type: string type: object Name: type: string Namespace: type: string UID: type: string type: object kubernetes.K8sConfigurationOwnerResource: properties: Id: type: string Name: type: string ResourceKind: type: string type: object kubernetes.K8sCronJob: properties: Command: type: string Id: type: string IsSystem: type: boolean Jobs: items: $ref: '#/definitions/kubernetes.K8sJob' type: array Name: type: string Namespace: type: string Schedule: type: string Suspend: type: boolean Timezone: type: string type: object kubernetes.K8sCronJobDeleteRequests: additionalProperties: items: type: string type: array type: object kubernetes.K8sDashboard: properties: applicationsCount: type: integer configMapsCount: type: integer ingressesCount: type: integer namespacesCount: type: integer secretsCount: type: integer servicesCount: type: integer volumesCount: type: integer type: object kubernetes.K8sEvent: properties: count: type: integer eventTime: type: string firstTimestamp: type: string involvedObject: $ref: '#/definitions/kubernetes.K8sEventInvolvedObject' kind: type: string lastTimestamp: type: string message: type: string name: type: string namespace: type: string reason: type: string type: type: string uid: type: string type: object kubernetes.K8sEventInvolvedObject: properties: kind: type: string name: type: string namespace: type: string uid: type: string type: object kubernetes.K8sIngressController: properties: Availability: type: boolean ClassName: type: string Name: type: string New: type: boolean Type: type: string Used: type: boolean type: object kubernetes.K8sIngressDeleteRequests: additionalProperties: items: type: string type: array type: object kubernetes.K8sIngressInfo: properties: Annotations: additionalProperties: type: string type: object ClassName: type: string CreationDate: type: string Hosts: items: type: string type: array Labels: additionalProperties: type: string type: object Name: type: string Namespace: type: string Paths: items: $ref: '#/definitions/kubernetes.K8sIngressPath' type: array TLS: items: $ref: '#/definitions/kubernetes.K8sIngressTLS' type: array Type: type: string UID: type: string type: object kubernetes.K8sIngressPath: properties: HasService: type: boolean Host: type: string IngressName: type: string Path: type: string PathType: type: string Port: type: integer ServiceName: type: string type: object kubernetes.K8sIngressTLS: properties: Hosts: items: type: string type: array SecretName: type: string type: object kubernetes.K8sJob: properties: BackoffLimit: type: integer Command: type: string Completions: type: integer Container: $ref: '#/definitions/v1.Container' Duration: type: string FailedReason: type: string FinishTime: type: string Id: type: string IsSystem: type: boolean Name: type: string Namespace: type: string PodName: type: string StartTime: type: string Status: type: string type: object kubernetes.K8sJobDeleteRequests: additionalProperties: items: type: string type: array type: object kubernetes.K8sNamespaceDetails: properties: Annotations: additionalProperties: type: string type: object Name: type: string Owner: type: string ResourceQuota: $ref: '#/definitions/kubernetes.K8sResourceQuota' type: object kubernetes.K8sPersistentVolume: properties: accessModes: items: $ref: '#/definitions/v1.PersistentVolumeAccessMode' type: array annotations: additionalProperties: type: string type: object capacity: $ref: '#/definitions/v1.ResourceList' claimRef: $ref: '#/definitions/v1.ObjectReference' csi: $ref: '#/definitions/v1.CSIPersistentVolumeSource' name: type: string persistentVolumeReclaimPolicy: $ref: '#/definitions/v1.PersistentVolumeReclaimPolicy' storageClassName: type: string volumeMode: $ref: '#/definitions/v1.PersistentVolumeMode' type: object kubernetes.K8sPersistentVolumeClaim: properties: accessModes: items: $ref: '#/definitions/v1.PersistentVolumeAccessMode' type: array creationDate: type: string id: type: string labels: additionalProperties: type: string type: object name: type: string namespace: type: string owningApplications: items: $ref: '#/definitions/kubernetes.K8sApplication' type: array phase: $ref: '#/definitions/v1.PersistentVolumeClaimPhase' resourcesRequests: $ref: '#/definitions/v1.ResourceList' storage: type: integer storageClass: type: string volumeMode: $ref: '#/definitions/v1.PersistentVolumeMode' volumeName: type: string type: object kubernetes.K8sResourceQuota: properties: cpu: type: string enabled: type: boolean memory: type: string type: object kubernetes.K8sRole: properties: creationDate: type: string isSystem: description: |- isSystem is true if prefixed with "system:" or exists in the kube-system namespace or is one of the portainer roles type: boolean name: type: string namespace: type: string uid: type: string type: object kubernetes.K8sRoleBinding: properties: creationDate: type: string isSystem: type: boolean name: type: string namespace: type: string roleRef: $ref: '#/definitions/v1.RoleRef' subjects: items: $ref: '#/definitions/k8s_io_api_rbac_v1.Subject' type: array uid: type: string type: object kubernetes.K8sRoleBindingDeleteRequests: additionalProperties: items: type: string type: array type: object kubernetes.K8sRoleDeleteRequests: additionalProperties: items: type: string type: array type: object kubernetes.K8sSecret: properties: Annotations: additionalProperties: type: string type: object ConfigurationOwner: type: string ConfigurationOwnerId: type: string ConfigurationOwners: items: $ref: '#/definitions/kubernetes.K8sConfigurationOwnerResource' type: array CreationDate: type: string Data: additionalProperties: type: string type: object IsUsed: type: boolean Labels: additionalProperties: type: string type: object Name: type: string Namespace: type: string SecretType: type: string UID: type: string type: object kubernetes.K8sServiceAccount: properties: creationDate: type: string isSystem: type: boolean name: type: string namespace: type: string uid: type: string type: object kubernetes.K8sServiceAccountDeleteRequests: additionalProperties: items: type: string type: array type: object kubernetes.K8sServiceDeleteRequests: additionalProperties: items: type: string type: array type: object kubernetes.K8sServiceInfo: properties: AllocateLoadBalancerNodePorts: type: boolean Annotations: additionalProperties: type: string type: object Applications: description: serviceList screen items: $ref: '#/definitions/kubernetes.K8sApplication' type: array ClusterIPs: items: type: string type: array CreationDate: type: string ExternalIPs: items: type: string type: array ExternalName: type: string IngressStatus: items: $ref: '#/definitions/kubernetes.K8sServiceIngress' type: array Labels: additionalProperties: type: string type: object Name: type: string Namespace: type: string Ports: items: $ref: '#/definitions/kubernetes.K8sServicePort' type: array Selector: additionalProperties: type: string type: object Type: type: string UID: type: string type: object kubernetes.K8sServiceIngress: properties: Hostname: type: string IP: type: string type: object kubernetes.K8sServicePort: properties: Name: type: string NodePort: type: integer Port: type: integer Protocol: type: string TargetPort: type: string type: object kubernetes.K8sStorageClass: properties: allowVolumeExpansion: type: boolean name: type: string provisioner: type: string reclaimPolicy: $ref: '#/definitions/v1.PersistentVolumeReclaimPolicy' type: object kubernetes.K8sVolumeInfo: properties: persistentVolume: $ref: '#/definitions/kubernetes.K8sPersistentVolume' persistentVolumeClaim: $ref: '#/definitions/kubernetes.K8sPersistentVolumeClaim' storageClass: $ref: '#/definitions/kubernetes.K8sStorageClass' type: object kubernetes.Metadata: properties: annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object type: object kubernetes.Pod: properties: ContainerName: type: string CreationDate: type: string Image: type: string ImagePullPolicy: type: string Name: type: string NodeName: type: string PodIP: type: string Resource: $ref: '#/definitions/kubernetes.K8sApplicationResource' Status: type: string Uid: type: string type: object kubernetes.PublishedPort: properties: IngressRules: items: $ref: '#/definitions/kubernetes.IngressRule' type: array Port: type: integer type: object kubernetes.TLSInfo: properties: hosts: items: type: string type: array type: object kubernetes.describeResourceResponse: properties: describe: type: string type: object kubernetes.namespacesToggleSystemPayload: properties: System: description: Toggle the system state of this namespace to true or false example: true type: boolean type: object ldap.checkPayload: properties: LDAPSettings: $ref: '#/definitions/portainer.LDAPSettings' type: object motd.motdResponse: properties: ContentLayout: additionalProperties: type: string type: object Hash: items: type: integer type: array Message: type: string Style: type: string Title: type: string type: object oauth2.AuthStyle: enum: - 0 - 1 - 2 type: integer x-enum-varnames: - AuthStyleAutoDetect - AuthStyleInParams - AuthStyleInHeader openamt.deviceActionPayload: properties: Action: type: string type: object openamt.deviceFeaturesPayload: properties: Features: $ref: '#/definitions/portainer.OpenAMTDeviceEnabledFeatures' type: object openamt.openAMTConfigurePayload: properties: CertFileContent: type: string CertFileName: type: string CertFilePassword: type: string DomainName: type: string Enabled: type: boolean MPSPassword: type: string MPSServer: type: string MPSUser: type: string type: object os.FileMode: enum: - 2147483648 - 1073741824 - 536870912 - 268435456 - 134217728 - 67108864 - 33554432 - 16777216 - 8388608 - 4194304 - 2097152 - 1048576 - 524288 - 2401763328 - 511 - 2147483648 - 1073741824 - 536870912 - 268435456 - 134217728 - 67108864 - 33554432 - 16777216 - 8388608 - 4194304 - 2097152 - 1048576 - 524288 - 2401763328 - 511 type: integer x-enum-comments: ModeAppend: 'a: append-only' ModeCharDevice: 'c: Unix character device, when ModeDevice is set' ModeDevice: 'D: device file' ModeDir: 'd: is a directory' ModeExclusive: 'l: exclusive use' ModeIrregular: '?: non-regular file; nothing else is known about this file' ModeNamedPipe: 'p: named pipe (FIFO)' ModePerm: Unix permission bits, 0o777 ModeSetgid: 'g: setgid' ModeSetuid: 'u: setuid' ModeSocket: 'S: Unix domain socket' ModeSticky: 't: sticky' ModeSymlink: 'L: symbolic link' ModeTemporary: 'T: temporary file; Plan 9 only' x-enum-varnames: - ModeDir - ModeAppend - ModeExclusive - ModeTemporary - ModeSymlink - ModeDevice - ModeNamedPipe - ModeSocket - ModeSetuid - ModeSetgid - ModeCharDevice - ModeSticky - ModeIrregular - ModeType - ModePerm platform.ContainerPlatform: enum: - Docker - Docker Standalone - Docker Swarm - Kubernetes - Podman type: string x-enum-varnames: - PlatformDocker - PlatformDockerStandalone - PlatformDockerSwarm - PlatformKubernetes - PlatformPodman portainer.APIKey: properties: dateCreated: description: Unix timestamp (UTC) when the API key was created type: integer description: example: portainer-api-key type: string digest: description: Digest represents SHA256 hash of the raw API key type: string id: example: 1 type: integer lastUsed: description: Unix timestamp (UTC) when the API key was last used type: integer prefix: description: API key identifier (7 char prefix) type: string userId: example: 1 type: integer type: object portainer.AccessPolicy: properties: Namespaces: description: Namespaces is a list of namespaces that this access policy applies to. Only used for namespaced level roles items: type: string type: array RoleId: description: Role identifier. Reference the role that will be associated to this access policy example: 1 type: integer type: object portainer.AuthenticationMethod: enum: - 0 - 1 - 2 - 3 type: integer x-enum-varnames: - _ - AuthenticationInternal - AuthenticationLDAP - AuthenticationOAuth portainer.Authorizations: additionalProperties: type: boolean type: object portainer.AutoUpdateSettings: properties: ForcePullImage: description: Pull latest image example: false type: boolean ForceUpdate: description: Force update ignores repo changes example: false type: boolean Interval: description: Auto update interval example: 1m30s type: string JobID: description: Autoupdate job id example: "15" type: string Webhook: description: A UUID generated from client example: 05de31a2-79fa-4644-9c12-faa67e5c49f0 type: string type: object portainer.AzureCredentials: properties: ApplicationID: description: Azure application ID example: eag7cdo9-o09l-9i83-9dO9-f0b23oe78db4 type: string AuthenticationKey: description: Azure authentication key example: cOrXoK/1D35w8YQ8nH1/8ZGwzz45JIYD5jxHKXEQknk= type: string TenantID: description: Azure tenant ID example: 34ddc78d-4fel-2358-8cc1-df84c8o839f5 type: string type: object portainer.CustomTemplate: properties: CreatedByUserId: description: User identifier who created this template example: 3 type: integer Description: description: Description of the template example: High performance web server type: string EdgeTemplate: description: EdgeTemplate indicates if this template purpose for Edge Stack example: false type: boolean EntryPoint: description: Path to the Stack file example: docker-compose.yml type: string GitConfig: $ref: '#/definitions/gittypes.RepoConfig' Id: description: CustomTemplate Identifier example: 1 type: integer IsComposeFormat: description: IsComposeFormat indicates if the Kubernetes template is created from a Docker Compose file example: false type: boolean Logo: description: URL of the template's logo example: https://portainer.io/img/logo.svg type: string Note: description: A note that will be displayed in the UI. Supports HTML content example: This is my custom template type: string Platform: allOf: - $ref: '#/definitions/portainer.CustomTemplatePlatform' description: |- Platform associated to the template. Valid values are: 1 - 'linux', 2 - 'windows' enum: - 1 - 2 example: 1 ProjectPath: description: Path on disk to the repository hosting the Stack file example: /data/custom_template/3 type: string ResourceControl: $ref: '#/definitions/portainer.ResourceControl' Title: description: Title of the template example: Nginx type: string Type: allOf: - $ref: '#/definitions/portainer.StackType' description: |- Type of created stack: * 1 - swarm * 2 - compose * 3 - kubernetes enum: - 1 - 2 - 3 example: 1 Variables: items: $ref: '#/definitions/portainer.CustomTemplateVariableDefinition' type: array type: object portainer.CustomTemplatePlatform: enum: - 0 - 1 - 2 type: integer x-enum-varnames: - _ - CustomTemplatePlatformLinux - CustomTemplatePlatformWindows portainer.CustomTemplateVariableDefinition: properties: defaultValue: example: default value type: string description: example: Description type: string label: example: My Variable type: string name: example: MY_VAR type: string type: object portainer.DiagnosticsData: properties: DNS: additionalProperties: type: string type: object Log: type: string Proxy: additionalProperties: type: string type: object Telnet: additionalProperties: type: string type: object type: object portainer.DockerSnapshot: properties: ContainerCount: type: integer DiagnosticsData: $ref: '#/definitions/portainer.DiagnosticsData' DockerSnapshotRaw: $ref: '#/definitions/portainer.DockerSnapshotRaw' DockerVersion: type: string GpuUseAll: type: boolean GpuUseList: items: type: string type: array HealthyContainerCount: type: integer ImageCount: type: integer IsPodman: type: boolean NodeCount: type: integer PerformanceMetrics: $ref: '#/definitions/portainer.PerformanceMetrics' RunningContainerCount: type: integer ServiceCount: type: integer StackCount: type: integer StoppedContainerCount: type: integer Swarm: type: boolean Time: type: integer TotalCPU: type: integer TotalMemory: type: integer UnhealthyContainerCount: type: integer VolumeCount: type: integer type: object portainer.DockerSnapshotRaw: type: object portainer.EcrData: properties: Region: example: ap-southeast-2 type: string type: object portainer.Edge: properties: AsyncMode: description: Deprecated 2.18 example: false type: boolean CommandInterval: description: The command list interval for edge agent - used in edge async mode (in seconds) example: 5 type: integer PingInterval: description: The ping interval for edge agent - used in edge async mode (in seconds) example: 5 type: integer SnapshotInterval: description: The snapshot interval for edge agent - used in edge async mode (in seconds) example: 5 type: integer type: object portainer.EdgeGroup: properties: Dynamic: type: boolean EndpointIds: $ref: '#/definitions/roar.Roar-portainer_EndpointID' Endpoints: description: 'Deprecated: only used for API responses' items: type: integer type: array Id: description: EdgeGroup Identifier example: 1 type: integer Name: type: string PartialMatch: type: boolean TagIds: items: type: integer type: array type: object portainer.EdgeJob: properties: Created: type: integer CronExpression: type: string EdgeGroups: items: type: integer type: array Endpoints: additionalProperties: $ref: '#/definitions/portainer.EdgeJobEndpointMeta' type: object GroupLogsCollection: additionalProperties: $ref: '#/definitions/portainer.EdgeJobEndpointMeta' description: Field used for log collection of Endpoints belonging to EdgeGroups type: object Id: description: EdgeJob Identifier example: 1 type: integer Name: type: string Recurring: type: boolean ScriptPath: type: string Version: type: integer type: object portainer.EdgeJobEndpointMeta: properties: CollectLogs: type: boolean LogsStatus: $ref: '#/definitions/portainer.EdgeJobLogsStatus' type: object portainer.EdgeJobLogsStatus: enum: - 0 - 1 - 2 - 3 type: integer x-enum-varnames: - _ - EdgeJobLogsStatusIdle - EdgeJobLogsStatusPending - EdgeJobLogsStatusCollected portainer.EdgeStack: properties: CreatedBy: description: The username which created this stack example: admin type: string CreatedByUserId: description: The username id which created this stack example: "1" type: string CreationDate: description: StatusArray map[EndpointID][]EdgeStackStatus `json:"StatusArray"` type: integer DeploymentType: $ref: '#/definitions/portainer.EdgeStackDeploymentType' EdgeGroups: items: type: integer type: array EntryPoint: type: string Id: description: EdgeStack Identifier example: 1 type: integer ManifestPath: type: string Name: type: string NumDeployments: type: integer ProjectPath: type: string Status: additionalProperties: $ref: '#/definitions/portainer.EdgeStackStatus' type: object UseManifestNamespaces: description: Uses the manifest's namespaces instead of the default one type: boolean Version: type: integer type: object portainer.EdgeStackDeploymentStatus: properties: Error: type: string RollbackTo: description: EE only feature type: integer Time: type: integer Type: $ref: '#/definitions/portainer.EdgeStackStatusType' Version: type: integer type: object portainer.EdgeStackDeploymentType: enum: - 0 - 1 type: integer x-enum-varnames: - EdgeStackDeploymentCompose - EdgeStackDeploymentKubernetes portainer.EdgeStackStatus: properties: DeploymentInfo: allOf: - $ref: '#/definitions/portainer.StackDeploymentInfo' description: EE only feature Details: allOf: - $ref: '#/definitions/portainer.EdgeStackStatusDetails' description: Deprecated EndpointID: type: integer Error: description: Deprecated type: string ReadyRePullImage: description: ReadyRePullImage is a flag to indicate whether the auto update is trigger to re-pull image type: boolean Status: items: $ref: '#/definitions/portainer.EdgeStackDeploymentStatus' type: array Type: allOf: - $ref: '#/definitions/portainer.EdgeStackStatusType' description: Deprecated type: object portainer.EdgeStackStatusDetails: properties: Acknowledged: type: boolean Error: type: boolean ImagesPulled: type: boolean Ok: type: boolean Pending: type: boolean RemoteUpdateSuccess: type: boolean Remove: type: boolean type: object portainer.EdgeStackStatusType: enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 - 12 - 13 type: integer x-enum-varnames: - EdgeStackStatusPending - EdgeStackStatusDeploymentReceived - EdgeStackStatusError - EdgeStackStatusAcknowledged - EdgeStackStatusRemoved - EdgeStackStatusRemoteUpdateSuccess - EdgeStackStatusImagesPulled - EdgeStackStatusRunning - EdgeStackStatusDeploying - EdgeStackStatusRemoving - EdgeStackStatusPausedDeploying - EdgeStackStatusRollingBack - EdgeStackStatusRolledBack - EdgeStackStatusCompleted portainer.Endpoint: properties: AMTDeviceGUID: description: The identifier of the AMT Device associated with this environment(endpoint) example: 4c4c4544-004b-3910-8037-b6c04f504633 type: string Agent: properties: Version: example: 1.0.0 type: string type: object AuthorizedTeams: items: type: integer type: array AuthorizedUsers: description: Deprecated in DBVersion == 18 items: type: integer type: array AzureCredentials: $ref: '#/definitions/portainer.AzureCredentials' ComposeSyntaxMaxVersion: description: Maximum version of docker-compose example: "3.8" type: string ContainerEngine: description: ContainerEngine represents the container engine type. This can be 'docker' or 'podman' when interacting directly with these environmentes, otherwise '' for kubernetes environments. example: docker type: string Edge: $ref: '#/definitions/portainer.EnvironmentEdgeSettings' EdgeCheckinInterval: description: The check in interval for edge agent (in seconds) example: 5 type: integer EdgeID: description: The identifier of the edge agent associated with this environment(endpoint) type: string EdgeKey: description: The key which is used to map the agent to Portainer type: string EnableGPUManagement: type: boolean Gpus: items: $ref: '#/definitions/portainer.Pair' type: array GroupId: description: Environment(Endpoint) group identifier example: 1 type: integer Heartbeat: description: Heartbeat indicates the heartbeat status of an edge environment example: true type: boolean Id: description: Environment(Endpoint) Identifier example: 1 type: integer IsEdgeDevice: description: Deprecated v2.18 type: boolean Kubernetes: allOf: - $ref: '#/definitions/portainer.KubernetesData' description: Associated Kubernetes data LastCheckInDate: description: LastCheckInDate mark last check-in date on checkin type: integer Name: description: Environment(Endpoint) name example: my-environment type: string PostInitMigrations: allOf: - $ref: '#/definitions/portainer.EndpointPostInitMigrations' description: Whether we need to run any "post init migrations". PublicURL: description: URL or IP address where exposed containers will be reachable example: docker.mydomain.tld:2375 type: string SecuritySettings: allOf: - $ref: '#/definitions/portainer.EndpointSecuritySettings' description: Environment(Endpoint) specific security settings Snapshots: description: List of snapshots items: $ref: '#/definitions/portainer.DockerSnapshot' type: array Status: allOf: - $ref: '#/definitions/portainer.EndpointStatus' description: The status of the environment(endpoint) (1 - up, 2 - down) example: 1 TLS: description: |- Deprecated fields Deprecated in DBVersion == 4 type: boolean TLSCACert: type: string TLSCert: type: string TLSConfig: $ref: '#/definitions/portainer.TLSConfiguration' TLSKey: type: string TagIds: description: List of tag identifiers to which this environment(endpoint) is associated items: type: integer type: array Tags: description: Deprecated in DBVersion == 22 items: type: string type: array TeamAccessPolicies: allOf: - $ref: '#/definitions/portainer.TeamAccessPolicies' description: List of team identifiers authorized to connect to this environment(endpoint) Type: allOf: - $ref: '#/definitions/portainer.EndpointType' description: Environment(Endpoint) environment(endpoint) type. 1 for a Docker environment(endpoint), 2 for an agent on Docker environment(endpoint) or 3 for an Azure environment(endpoint). example: 1 URL: description: URL or IP address of the Docker host associated to this environment(endpoint) example: docker.mydomain.tld:2375 type: string UserAccessPolicies: allOf: - $ref: '#/definitions/portainer.UserAccessPolicies' description: List of user identifiers authorized to connect to this environment(endpoint) UserTrusted: description: Whether the device has been trusted or not by the user type: boolean type: object portainer.EndpointAuthorizations: additionalProperties: $ref: '#/definitions/portainer.Authorizations' type: object portainer.EndpointGroup: properties: AuthorizedTeams: items: type: integer type: array AuthorizedUsers: description: Deprecated in DBVersion == 18 items: type: integer type: array Description: description: Description associated to the environment(endpoint) group example: Environment(Endpoint) group description type: string Id: description: Environment(Endpoint) group Identifier example: 1 type: integer Labels: description: Deprecated fields items: $ref: '#/definitions/portainer.Pair' type: array Name: description: Environment(Endpoint) group name example: my-environment-group type: string TagIds: description: List of tags associated to this environment(endpoint) group items: type: integer type: array Tags: description: Deprecated in DBVersion == 22 items: type: string type: array TeamAccessPolicies: $ref: '#/definitions/portainer.TeamAccessPolicies' UserAccessPolicies: $ref: '#/definitions/portainer.UserAccessPolicies' type: object portainer.EndpointPostInitMigrations: properties: MigrateGPUs: type: boolean MigrateIngresses: type: boolean type: object portainer.EndpointSecuritySettings: properties: allowBindMountsForRegularUsers: description: Whether non-administrator should be able to use bind mounts when creating containers example: false type: boolean allowContainerCapabilitiesForRegularUsers: description: Whether non-administrator should be able to use container capabilities example: true type: boolean allowDeviceMappingForRegularUsers: description: Whether non-administrator should be able to use device mapping example: true type: boolean allowHostNamespaceForRegularUsers: description: Whether non-administrator should be able to use the host pid example: true type: boolean allowPrivilegedModeForRegularUsers: description: Whether non-administrator should be able to use privileged mode when creating containers example: false type: boolean allowStackManagementForRegularUsers: description: Whether non-administrator should be able to manage stacks example: true type: boolean allowSysctlSettingForRegularUsers: description: Whether non-administrator should be able to use sysctl settings example: true type: boolean allowVolumeBrowserForRegularUsers: description: Whether non-administrator should be able to browse volumes example: true type: boolean enableHostManagementFeatures: description: Whether host management features are enabled example: true type: boolean type: object portainer.EndpointStatus: enum: - 0 - 1 - 2 type: integer x-enum-varnames: - _ - EndpointStatusUp - EndpointStatusDown portainer.EndpointType: enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 type: integer x-enum-varnames: - _ - DockerEnvironment - AgentOnDockerEnvironment - AzureEnvironment - EdgeAgentOnDockerEnvironment - KubernetesLocalEnvironment - AgentOnKubernetesEnvironment - EdgeAgentOnKubernetesEnvironment portainer.EnvironmentEdgeSettings: properties: AsyncMode: description: Whether the device has been started in edge async mode type: boolean CommandInterval: description: The command list interval for edge agent - used in edge async mode [seconds] example: 60 type: integer PingInterval: description: The ping interval for edge agent - used in edge async mode [seconds] example: 60 type: integer SnapshotInterval: description: The snapshot interval for edge agent - used in edge async mode [seconds] example: 60 type: integer type: object portainer.GithubRegistryData: properties: OrganisationName: type: string UseOrganisation: type: boolean type: object portainer.GitlabRegistryData: properties: InstanceURL: type: string ProjectId: type: integer ProjectPath: type: string type: object portainer.GlobalDeploymentOptions: properties: hideStacksFunctionality: example: false type: boolean type: object portainer.HelmConfig: properties: Atomic: description: Enable automatic rollback on deployment failure (equivalent to helm --atomic flag) example: true type: boolean ChartPath: description: Path to a Helm chart folder for Helm git deployments example: charts/my-app type: string Timeout: description: Timeout for Helm operations (equivalent to helm --timeout flag) example: 5m0s type: string ValuesFiles: description: Array of paths to Helm values YAML files for Helm git deployments example: - '[''values/prod.yaml''' - ' ''values/secrets.yaml'']' items: type: string type: array Version: description: Helm chart version from Chart.yaml (read-only, extracted during Git sync) example: 1.2.3 type: string type: object portainer.HelmUserRepository: properties: Id: description: Membership Identifier example: 1 type: integer URL: description: Helm repository URL example: https://charts.bitnami.com/bitnami type: string UserId: description: User identifier example: 1 type: integer type: object portainer.InternalAuthSettings: properties: RequiredPasswordLength: type: integer type: object portainer.K8sNamespaceInfo: properties: Annotations: additionalProperties: type: string type: object CreationDate: type: string Id: type: string IsDefault: type: boolean IsSystem: type: boolean Name: type: string NamespaceOwner: type: string ResourceQuota: $ref: '#/definitions/v1.ResourceQuota' Status: $ref: '#/definitions/v1.NamespaceStatus' UnhealthyEventCount: type: integer type: object portainer.K8sNodeLimits: properties: CPU: type: integer Memory: type: integer type: object portainer.K8sNodesLimits: additionalProperties: $ref: '#/definitions/portainer.K8sNodeLimits' type: object portainer.KubernetesConfiguration: properties: AllowNoneIngressClass: type: boolean EnableResourceOverCommit: type: boolean IngressAvailabilityPerNamespace: type: boolean IngressClasses: items: $ref: '#/definitions/portainer.KubernetesIngressClassConfig' type: array ResourceOverCommitPercentage: type: integer RestrictDefaultNamespace: type: boolean StorageClasses: items: $ref: '#/definitions/portainer.KubernetesStorageClassConfig' type: array UseLoadBalancer: type: boolean UseServerMetrics: type: boolean type: object portainer.KubernetesData: properties: Configuration: $ref: '#/definitions/portainer.KubernetesConfiguration' Flags: $ref: '#/definitions/portainer.KubernetesFlags' Snapshots: items: $ref: '#/definitions/portainer.KubernetesSnapshot' type: array type: object portainer.KubernetesFlags: properties: IsServerIngressClassDetected: type: boolean IsServerMetricsDetected: type: boolean IsServerStorageDetected: type: boolean type: object portainer.KubernetesIngressClassConfig: properties: Blocked: type: boolean BlockedNamespaces: items: type: string type: array Name: type: string Type: type: string type: object portainer.KubernetesSnapshot: properties: DiagnosticsData: $ref: '#/definitions/portainer.DiagnosticsData' KubernetesVersion: type: string NodeCount: type: integer PerformanceMetrics: $ref: '#/definitions/portainer.PerformanceMetrics' Time: type: integer TotalCPU: type: integer TotalMemory: type: integer type: object portainer.KubernetesStorageClassConfig: properties: AccessModes: items: type: string type: array AllowVolumeExpansion: type: boolean Name: type: string Provisioner: type: string type: object portainer.LDAPGroupSearchSettings: properties: GroupAttribute: description: LDAP attribute which denotes the group membership example: member type: string GroupBaseDN: description: The distinguished name of the element from which the LDAP server will search for groups example: dc=ldap,dc=domain,dc=tld type: string GroupFilter: description: The LDAP search filter used to select group elements, optional example: (objectClass=account type: string type: object portainer.LDAPSearchSettings: properties: BaseDN: description: The distinguished name of the element from which the LDAP server will search for users example: dc=ldap,dc=domain,dc=tld type: string Filter: description: Optional LDAP search filter used to select user elements example: (objectClass=account) type: string UserNameAttribute: description: LDAP attribute which denotes the username example: uid type: string type: object portainer.LDAPSettings: properties: AnonymousMode: description: Enable this option if the server is configured for Anonymous access. When enabled, ReaderDN and Password will not be used example: true type: boolean AutoCreateUsers: description: Automatically provision users and assign them to matching LDAP group names example: true type: boolean GroupSearchSettings: items: $ref: '#/definitions/portainer.LDAPGroupSearchSettings' type: array Password: description: Password of the account that will be used to search users example: readonly-password type: string ReaderDN: description: Account that will be used to search for users example: cn=readonly-account,dc=ldap,dc=domain,dc=tld type: string SearchSettings: items: $ref: '#/definitions/portainer.LDAPSearchSettings' type: array StartTLS: description: Whether LDAP connection should use StartTLS example: true type: boolean TLSConfig: $ref: '#/definitions/portainer.TLSConfiguration' URL: description: URL or IP address of the LDAP server example: myldap.domain.tld:389 type: string type: object portainer.MembershipRole: enum: - 0 - 1 - 2 type: integer x-enum-varnames: - _ - TeamLeader - TeamMember portainer.OAuthSettings: properties: AccessTokenURI: type: string AuthStyle: $ref: '#/definitions/oauth2.AuthStyle' AuthorizationURI: type: string ClientID: type: string ClientSecret: type: string DefaultTeamID: type: integer KubeSecretKey: items: type: integer type: array LogoutURI: type: string OAuthAutoCreateUsers: type: boolean RedirectURI: type: string ResourceURI: type: string SSO: type: boolean Scopes: type: string UserIdentifier: type: string type: object portainer.OpenAMTConfiguration: properties: certFileContent: type: string certFileName: type: string certFilePassword: type: string domainName: type: string enabled: type: boolean mpsPassword: type: string mpsServer: type: string mpsToken: description: retrieved from API type: string mpsUser: type: string type: object portainer.OpenAMTDeviceEnabledFeatures: properties: IDER: type: boolean KVM: type: boolean SOL: type: boolean redirection: type: boolean userConsent: type: string type: object portainer.Pair: properties: name: example: name type: string value: example: value type: string type: object portainer.PerformanceMetrics: properties: CPUUsage: type: number MemoryUsage: type: number NetworkUsage: type: number type: object portainer.QuayRegistryData: properties: OrganisationName: type: string UseOrganisation: type: boolean type: object portainer.Registry: properties: AccessToken: description: Stores temporary access token type: string AccessTokenExpiry: type: integer Authentication: description: Is authentication against this registry enabled example: true type: boolean AuthorizedTeams: description: Deprecated in DBVersion == 18 items: type: integer type: array AuthorizedUsers: description: Deprecated in DBVersion == 18 items: type: integer type: array BaseURL: description: Base URL, introduced for ProGet registry example: registry.mydomain.tld:2375 type: string Ecr: $ref: '#/definitions/portainer.EcrData' Github: $ref: '#/definitions/portainer.GithubRegistryData' Gitlab: $ref: '#/definitions/portainer.GitlabRegistryData' Id: description: Registry Identifier example: 1 type: integer ManagementConfiguration: $ref: '#/definitions/portainer.RegistryManagementConfiguration' Name: description: Registry Name example: my-registry type: string Password: description: Password or SecretAccessKey used to authenticate against this registry example: registry_password type: string Quay: $ref: '#/definitions/portainer.QuayRegistryData' RegistryAccesses: $ref: '#/definitions/portainer.RegistryAccesses' TeamAccessPolicies: allOf: - $ref: '#/definitions/portainer.TeamAccessPolicies' description: Deprecated in DBVersion == 31 Type: allOf: - $ref: '#/definitions/portainer.RegistryType' description: Registry Type (1 - Quay, 2 - Azure, 3 - Custom, 4 - Gitlab, 5 - ProGet, 6 - DockerHub, 7 - ECR) enum: - 1 - 2 - 3 - 4 - 5 - 6 - 7 URL: description: URL or IP address of the Docker registry example: registry.mydomain.tld:2375 type: string UserAccessPolicies: allOf: - $ref: '#/definitions/portainer.UserAccessPolicies' description: |- Deprecated fields Deprecated in DBVersion == 31 Username: description: Username or AccessKeyID used to authenticate against this registry example: registry user type: string type: object portainer.RegistryAccessPolicies: properties: Namespaces: description: Kubernetes specific fields (with kubernetes, namespaces have access to a registry, if users/teams have access to the same namespace, they have access to the registry) items: type: string type: array TeamAccessPolicies: $ref: '#/definitions/portainer.TeamAccessPolicies' UserAccessPolicies: allOf: - $ref: '#/definitions/portainer.UserAccessPolicies' description: Docker specific fields (with docker, users/teams have access to a registry) type: object portainer.RegistryAccesses: additionalProperties: $ref: '#/definitions/portainer.RegistryAccessPolicies' type: object portainer.RegistryManagementConfiguration: properties: AccessToken: type: string AccessTokenExpiry: type: integer Authentication: type: boolean Ecr: $ref: '#/definitions/portainer.EcrData' Password: type: string TLSConfig: $ref: '#/definitions/portainer.TLSConfiguration' Type: $ref: '#/definitions/portainer.RegistryType' Username: type: string type: object portainer.RegistryType: enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 type: integer x-enum-varnames: - _ - QuayRegistry - AzureRegistry - CustomRegistry - GitlabRegistry - ProGetRegistry - DockerHubRegistry - EcrRegistry - GithubRegistry portainer.ResourceAccessLevel: enum: - 0 - 1 type: integer x-enum-varnames: - _ - ReadWriteAccessLevel portainer.ResourceControl: properties: AccessLevel: $ref: '#/definitions/portainer.ResourceAccessLevel' AdministratorsOnly: description: Permit access to resource only to admins example: true type: boolean Id: description: ResourceControl Identifier example: 1 type: integer OwnerId: description: |- Deprecated fields Deprecated in DBVersion == 2 type: integer Public: description: Permit access to the associated resource to any user example: true type: boolean ResourceId: description: |- Docker resource identifier on which access control will be applied.\ In the case of a resource control applied to a stack, use the stack name as identifier example: 617c5f22bb9b023d6daab7cba43a57576f83492867bc767d1c59416b065e5f08 type: string SubResourceIds: description: List of Docker resources that will inherit this access control example: - 617c5f22bb9b023d6daab7cba43a57576f83492867bc767d1c59416b065e5f08 items: type: string type: array System: type: boolean TeamAccesses: items: $ref: '#/definitions/portainer.TeamResourceAccess' type: array Type: allOf: - $ref: '#/definitions/portainer.ResourceControlType' description: |- Type of Docker resource. Valid values are: 1- container, 2 -service 3 - volume, 4 - secret, 5 - stack, 6 - config or 7 - custom template example: 1 UserAccesses: items: $ref: '#/definitions/portainer.UserResourceAccess' type: array type: object portainer.ResourceControlType: enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 type: integer x-enum-varnames: - _ - ContainerResourceControl - ServiceResourceControl - VolumeResourceControl - NetworkResourceControl - SecretResourceControl - StackResourceControl - ConfigResourceControl - CustomTemplateResourceControl - ContainerGroupResourceControl portainer.Role: properties: Authorizations: allOf: - $ref: '#/definitions/portainer.Authorizations' description: Authorizations associated to a role Description: description: Role description example: Read-only access of all resources in an environment(endpoint) type: string Id: description: Role Identifier example: 1 type: integer Name: description: Role name example: HelpDesk type: string Priority: type: integer type: object portainer.SSLSettings: properties: certPath: type: string httpEnabled: type: boolean keyPath: type: string selfSigned: type: boolean type: object portainer.Settings: properties: AgentSecret: description: Container environment parameter AGENT_SECRET type: string AllowBindMountsForRegularUsers: type: boolean AllowContainerCapabilitiesForRegularUsers: type: boolean AllowDeviceMappingForRegularUsers: type: boolean AllowHostNamespaceForRegularUsers: type: boolean AllowPrivilegedModeForRegularUsers: type: boolean AllowStackManagementForRegularUsers: type: boolean AllowVolumeBrowserForRegularUsers: type: boolean AuthenticationMethod: allOf: - $ref: '#/definitions/portainer.AuthenticationMethod' description: 'Active authentication method for the Portainer instance. Valid values are: 1 for internal, 2 for LDAP, or 3 for oauth' example: 1 BlackListedLabels: description: A list of label name & value that will be used to hide containers when querying containers items: $ref: '#/definitions/portainer.Pair' type: array DisplayDonationHeader: description: Deprecated fields type: boolean DisplayExternalContributors: type: boolean Edge: $ref: '#/definitions/portainer.Edge' EdgeAgentCheckinInterval: description: The default check in interval for edge agent (in seconds) example: 5 type: integer EdgePortainerUrl: description: EdgePortainerURL is the URL that is exposed to edge agents type: string EnableEdgeComputeFeatures: description: Whether edge compute features are enabled type: boolean EnableHostManagementFeatures: description: Deprecated fields v26 type: boolean EnforceEdgeID: description: EnforceEdgeID makes Portainer store the Edge ID instead of accepting anyone example: false type: boolean FeatureFlagSettings: additionalProperties: type: boolean type: object GlobalDeploymentOptions: allOf: - $ref: '#/definitions/portainer.GlobalDeploymentOptions' description: Deployment options for encouraging git ops workflows HelmRepositoryURL: description: Helm repository URL, defaults to "https://charts.bitnami.com/bitnami" example: https://charts.bitnami.com/bitnami type: string InternalAuthSettings: $ref: '#/definitions/portainer.InternalAuthSettings' IsDockerDesktopExtension: type: boolean KubeconfigExpiry: description: The expiry of a Kubeconfig example: 24h type: string KubectlShellImage: description: KubectlImage, defaults to portainer/kubectl-shell example: portainer/kubectl-shell type: string LDAPSettings: $ref: '#/definitions/portainer.LDAPSettings' LogoURL: description: URL to a logo that will be displayed on the login page as well as on top of the sidebar. Will use default Portainer logo when value is empty string example: https://mycompany.mydomain.tld/logo.png type: string OAuthSettings: $ref: '#/definitions/portainer.OAuthSettings' SnapshotInterval: description: The interval in which environment(endpoint) snapshots are created example: 5m type: string TemplatesURL: description: URL to the templates that will be displayed in the UI when navigating to App Templates example: https://raw.githubusercontent.com/portainer/templates/master/templates.json type: string TrustOnFirstConnect: description: TrustOnFirstConnect makes Portainer accepting edge agent connection by default example: false type: boolean UserSessionTimeout: description: The duration of a user session example: 5m type: string openAMTConfiguration: $ref: '#/definitions/portainer.OpenAMTConfiguration' type: object portainer.Stack: properties: AdditionalFiles: description: Only applies when deploying stack with multiple files items: type: string type: array AutoUpdate: allOf: - $ref: '#/definitions/portainer.AutoUpdateSettings' description: The GitOps update settings of a git stack CreatedBy: description: The username which created this stack example: admin type: string CreationDate: description: The date in unix time when stack was created example: 1587399600 type: integer EndpointId: description: Environment(Endpoint) identifier. Reference the environment(endpoint) that will be used for deployment example: 1 type: integer EntryPoint: description: Path to the Stack file example: docker-compose.yml type: string Env: description: A list of environment(endpoint) variables used during stack deployment items: $ref: '#/definitions/portainer.Pair' type: array FromAppTemplate: description: Whether the stack is from a app template example: false type: boolean GitConfig: allOf: - $ref: '#/definitions/gittypes.RepoConfig' description: The git config of this stack Id: description: Stack Identifier example: 1 type: integer Name: description: Stack name example: myStack type: string Namespace: description: Kubernetes namespace if stack is a kube application example: default type: string Option: allOf: - $ref: '#/definitions/portainer.StackOption' description: The stack deployment option ProjectPath: description: Path on disk to the repository hosting the Stack file example: /data/compose/myStack_jpofkc0i9uo9wtx1zesuk649w type: string ResourceControl: $ref: '#/definitions/portainer.ResourceControl' Status: allOf: - $ref: '#/definitions/portainer.StackStatus' description: Stack status (1 - active, 2 - inactive) example: 1 SwarmId: description: Cluster identifier of the Swarm cluster where the stack is deployed example: jpofkc0i9uo9wtx1zesuk649w type: string Type: allOf: - $ref: '#/definitions/portainer.StackType' description: Stack type. 1 for a Swarm stack, 2 for a Compose stack example: 2 UpdateDate: description: The date in unix time when stack was last updated example: 1587399600 type: integer UpdatedBy: description: The username which last updated this stack example: bob type: string type: object portainer.StackDeploymentInfo: properties: ConfigHash: description: ConfigHash is the commit hash of the git repository used for deploying the stack type: string FileVersion: description: FileVersion is the version of the stack file, used to detect changes type: integer Version: description: Version is the version of the stack and also is the deployed version in edge agent type: integer type: object portainer.StackOption: properties: HelmAtomic: description: Enable atomic rollback on failure (Helm --atomic flag for Kubernetes Helm stacks) example: false type: boolean Prune: description: Prune services that are no longer referenced example: false type: boolean type: object portainer.StackStatus: enum: - 0 - 1 - 2 type: integer x-enum-varnames: - _ - StackStatusActive - StackStatusInactive portainer.StackType: enum: - 0 - 1 - 2 - 3 type: integer x-enum-varnames: - _ - DockerSwarmStack - DockerComposeStack - KubernetesStack portainer.TLSConfiguration: properties: TLS: description: Use TLS example: true type: boolean TLSCACert: description: Path to the TLS CA certificate file example: /data/tls/ca.pem type: string TLSCert: description: Path to the TLS client certificate file example: /data/tls/cert.pem type: string TLSKey: description: Path to the TLS client key file example: /data/tls/key.pem type: string TLSSkipVerify: description: Skip the verification of the server TLS certificate example: false type: boolean type: object portainer.Tag: properties: EndpointGroups: additionalProperties: type: boolean description: A set of environment(endpoint) group ids that have this tag type: object Endpoints: additionalProperties: type: boolean description: A set of environment(endpoint) ids that have this tag type: object ID: description: Tag identifier example: 1 type: integer Name: description: Tag name example: org/acme type: string type: object portainer.Team: properties: Id: description: Team Identifier example: 1 type: integer Name: description: Team name example: developers type: string type: object portainer.TeamAccessPolicies: additionalProperties: $ref: '#/definitions/portainer.AccessPolicy' type: object portainer.TeamMembership: properties: Id: description: Membership Identifier example: 1 type: integer Role: allOf: - $ref: '#/definitions/portainer.MembershipRole' description: Team role (1 for team leader and 2 for team member) example: 1 TeamID: description: Team identifier example: 1 type: integer UserID: description: User identifier example: 1 type: integer type: object portainer.TeamResourceAccess: properties: AccessLevel: $ref: '#/definitions/portainer.ResourceAccessLevel' TeamId: type: integer type: object portainer.Template: properties: administrator_only: description: Whether the template should be available to administrators only example: true type: boolean categories: description: A list of categories associated to the template example: - database items: type: string type: array command: description: The command that will be executed in a container template example: ls -lah type: string description: description: Description of the template example: High performance web server type: string env: description: A list of environment(endpoint) variables used during the template deployment items: $ref: '#/definitions/portainer.TemplateEnv' type: array hostname: description: Container hostname example: mycontainer type: string id: description: |- Mandatory container/stack fields Template Identifier example: 1 type: integer image: description: |- Mandatory container fields Image associated to a container template. Mandatory for a container template example: nginx:latest type: string interactive: description: |- Whether the container should be started in interactive mode (-i -t equivalent on the CLI) example: true type: boolean labels: description: Container labels items: $ref: '#/definitions/portainer.Pair' type: array logo: description: URL of the template's logo example: https://portainer.io/img/logo.svg type: string name: description: |- Optional stack/container fields Default name for the stack/container to be used on deployment example: mystackname type: string network: description: Name of a network that will be used on container deployment if it exists inside the environment(endpoint) example: mynet type: string note: description: A note that will be displayed in the UI. Supports HTML content example: This is my custom template type: string platform: description: |- Platform associated to the template. Valid values are: 'linux', 'windows' or leave empty for multi-platform example: linux type: string ports: description: A list of ports exposed by the container example: - 8080:80/tcp items: type: string type: array privileged: description: Whether the container should be started in privileged mode example: true type: boolean registry: description: |- Optional container fields The URL of a registry associated to the image for a container template example: quay.io type: string repository: allOf: - $ref: '#/definitions/portainer.TemplateRepository' description: Mandatory stack fields restart_policy: description: Container restart policy example: on-failure type: string stackFile: description: |- Mandatory Edge stack fields Stack file used for this template type: string title: description: Title of the template example: Nginx type: string type: allOf: - $ref: '#/definitions/portainer.TemplateType' description: 'Template type. Valid values are: 1 (container), 2 (Swarm stack), 3 (Compose stack), 4 (Compose edge stack)' example: 1 volumes: description: A list of volumes used during the container template deployment items: $ref: '#/definitions/portainer.TemplateVolume' type: array type: object portainer.TemplateEnv: properties: default: description: Default value that will be set for the variable example: default_value type: string description: description: Content of the tooltip that will be generated in the UI example: MySQL root account password type: string label: description: Text for the label that will be generated in the UI example: Root password type: string name: description: name of the environment(endpoint) variable example: MYSQL_ROOT_PASSWORD type: string preset: description: If set to true, will not generate any input for this variable in the UI example: false type: boolean select: description: A list of name/value that will be used to generate a dropdown in the UI items: $ref: '#/definitions/portainer.TemplateEnvSelect' type: array type: object portainer.TemplateEnvSelect: properties: default: description: Will set this choice as the default choice example: false type: boolean text: description: Some text that will displayed as a choice example: text value type: string value: description: A value that will be associated to the choice example: value type: string type: object portainer.TemplateRepository: properties: stackfile: description: Path to the stack file inside the git repository example: ./subfolder/docker-compose.yml type: string url: description: URL of a git repository used to deploy a stack template. Mandatory for a Swarm/Compose stack template example: https://github.com/portainer/portainer-compose type: string type: object portainer.TemplateType: enum: - 0 - 1 - 2 - 3 type: integer x-enum-varnames: - _ - ContainerTemplate - SwarmStackTemplate - ComposeStackTemplate portainer.TemplateVolume: properties: bind: description: Path on the host example: /tmp type: string container: description: Path inside the container example: /data type: string readonly: description: Whether the volume used should be readonly example: true type: boolean type: object portainer.User: properties: EndpointAuthorizations: allOf: - $ref: '#/definitions/portainer.EndpointAuthorizations' description: Deprecated in DBVersion == 25 Id: description: User Identifier example: 1 type: integer PortainerAuthorizations: allOf: - $ref: '#/definitions/portainer.Authorizations' description: Deprecated in DBVersion == 25 Role: allOf: - $ref: '#/definitions/portainer.UserRole' description: User role (1 for administrator account and 2 for regular account) example: 1 ThemeSettings: $ref: '#/definitions/portainer.UserThemeSettings' TokenIssueAt: example: 1 type: integer UseCache: example: true type: boolean UserTheme: description: Deprecated example: dark type: string Username: example: bob type: string type: object portainer.UserAccessPolicies: additionalProperties: $ref: '#/definitions/portainer.AccessPolicy' type: object portainer.UserResourceAccess: properties: AccessLevel: $ref: '#/definitions/portainer.ResourceAccessLevel' UserId: type: integer type: object portainer.UserRole: enum: - 0 - 1 - 2 type: integer x-enum-varnames: - _ - AdministratorRole - StandardUserRole portainer.UserThemeSettings: properties: color: description: Color represents the color theme of the UI enum: - dark - light - highcontrast - auto example: dark type: string type: object portainer.Webhook: properties: EndpointId: type: integer Id: description: Webhook Identifier example: 1 type: integer RegistryId: type: integer ResourceId: type: string Token: type: string Type: allOf: - $ref: '#/definitions/portainer.WebhookType' description: Type of webhook (1 - service) type: object portainer.WebhookType: enum: - 0 - 1 type: integer x-enum-varnames: - _ - ServiceWebhook registries.registryConfigurePayload: properties: Authentication: description: Is authentication against this registry enabled example: false type: boolean Password: description: Password used to authenticate against this registry. required when Authentication is true example: registry_password type: string Region: description: ECR region type: string TLS: description: Use TLS example: true type: boolean TLSCACertFile: description: The TLS CA certificate file items: type: integer type: array TLSCertFile: description: The TLS client certificate file items: type: integer type: array TLSKeyFile: description: The TLS client key file items: type: integer type: array TLSSkipVerify: description: Skip the verification of the server TLS certificate example: false type: boolean Username: description: Username used to authenticate against this registry. Required when Authentication is true example: registry_user type: string required: - Authentication type: object registries.registryCreatePayload: properties: Authentication: description: Is authentication against this registry enabled example: false type: boolean BaseURL: description: BaseURL required for ProGet registry example: registry.mydomain.tld:2375 type: string Ecr: allOf: - $ref: '#/definitions/portainer.EcrData' description: ECR specific details, required when type = 7 Gitlab: allOf: - $ref: '#/definitions/portainer.GitlabRegistryData' description: Gitlab specific details, required when type = 4 Name: description: Name that will be used to identify this registry example: my-registry type: string Password: description: Password used to authenticate against this registry. required when Authentication is true example: registry_password type: string Quay: allOf: - $ref: '#/definitions/portainer.QuayRegistryData' description: Quay specific details, required when type = 1 TLS: description: Use TLS example: true type: boolean Type: allOf: - $ref: '#/definitions/portainer.RegistryType' description: "Registry Type. Valid values are:\n\t1 (Quay.io),\n\t2 (Azure container registry),\n\t3 (custom registry),\n\t4 (Gitlab registry),\n\t5 (ProGet registry),\n\t6 (DockerHub)\n\t7 (ECR)" enum: - 1 - 2 - 3 - 4 - 5 - 6 - 7 example: 1 URL: description: URL or IP address of the Docker registry example: registry.mydomain.tld:2375/feed type: string Username: description: Username used to authenticate against this registry. Required when Authentication is true example: registry_user type: string required: - Authentication - Name - Type - URL type: object registries.registryPingPayload: properties: Password: description: Password used to authenticate against this registry example: registry_password type: string TLS: description: Use TLS example: true type: boolean Type: allOf: - $ref: '#/definitions/portainer.RegistryType' description: "Registry Type. Valid values are:\n\t1 (Quay.io),\n\t2 (Azure container registry),\n\t3 (custom registry),\n\t4 (Gitlab registry),\n\t5 (ProGet registry),\n\t6 (DockerHub)\n\t7 (ECR)\n\t8 (Github registry)" enum: - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 example: 6 URL: description: URL or IP address of the Docker registry example: registry-1.docker.io type: string Username: description: Username used to authenticate against this registry example: registry_user type: string required: - Type - URL type: object registries.registryPingResponse: properties: message: description: Message provides details about the connection test result example: Registry connection successful type: string success: description: Success indicates if the registry connection was successful example: true type: boolean type: object registries.registryUpdatePayload: properties: Authentication: description: Is authentication against this registry enabled example: false type: boolean BaseURL: description: BaseURL is used for quay registry example: registry.mydomain.tld:2375 type: string Ecr: allOf: - $ref: '#/definitions/portainer.EcrData' description: ECR data Name: description: Name that will be used to identify this registry example: my-registry type: string Password: description: Password used to authenticate against this registry. required when Authentication is true example: registry_password type: string Quay: allOf: - $ref: '#/definitions/portainer.QuayRegistryData' description: Quay data RegistryAccesses: allOf: - $ref: '#/definitions/portainer.RegistryAccesses' description: Registry access control URL: description: URL or IP address of the Docker registry example: registry.mydomain.tld:2375 type: string Username: description: Username used to authenticate against this registry. Required when Authentication is true example: registry_user type: string required: - Authentication - Name - URL type: object release.Chart: properties: files: description: |- Files are miscellaneous files in a chart archive, e.g. README, LICENSE, etc. items: $ref: '#/definitions/release.File' type: array lock: allOf: - $ref: '#/definitions/release.Lock' description: Lock is the contents of Chart.lock. metadata: allOf: - $ref: '#/definitions/release.Metadata' description: Metadata is the contents of the Chartfile. schema: description: Schema is an optional JSON schema for imposing structure on Values items: type: integer type: array templates: description: Templates for this chart. items: $ref: '#/definitions/release.File' type: array values: additionalProperties: {} description: Values are default config for this chart. type: object type: object release.ChartReference: properties: chartPath: type: string registryID: type: integer repoURL: type: string type: object release.Dependency: properties: alias: description: Alias usable alias to be used for the chart type: string condition: description: A yaml path that resolves to a boolean, used for enabling/disabling charts (e.g. subchart1.enabled ) type: string enabled: description: Enabled bool determines if chart should be loaded type: boolean import-values: description: |- ImportValues holds the mapping of source values to parent key to be imported. Each item can be a string or pair of child/parent sublist items. items: {} type: array name: description: |- Name is the name of the dependency. This must mach the name in the dependency's Chart.yaml. type: string repository: description: |- The URL to the repository. Appending `index.yaml` to this string should result in a URL that can be used to fetch the repository index. type: string tags: description: Tags can be used to group charts for enabling/disabling together items: type: string type: array version: description: |- Version is the version (range) of this chart. A lock file will always produce a single version, while a dependency may contain a semantic version range. type: string type: object release.File: properties: data: description: Data is the template as byte data. items: type: integer type: array name: description: Name is the path-like name of the template. type: string type: object release.Lock: properties: dependencies: description: Dependencies is the list of dependencies that this lock file has locked. items: $ref: '#/definitions/release.Dependency' type: array digest: description: Digest is a hash of the dependencies in Chart.yaml. type: string generated: description: Generated is the date the lock file was last generated. type: string type: object release.Maintainer: properties: email: description: Email is an optional email address to contact the named maintainer type: string name: description: Name is a user name or organization name type: string url: description: URL is an optional URL to an address for the named maintainer type: string type: object release.Metadata: properties: annotations: additionalProperties: type: string description: |- Annotations are additional mappings uninterpreted by Helm, made available for inspection by other applications. type: object apiVersion: description: The API Version of this chart. Required. type: string appVersion: description: The version of the application enclosed inside of this chart. type: string condition: description: The condition to check to enable chart type: string dependencies: description: Dependencies are a list of dependencies for a chart. items: $ref: '#/definitions/release.Dependency' type: array deprecated: description: Whether or not this chart is deprecated type: boolean description: description: A one-sentence description of the chart type: string home: description: The URL to a relevant project page, git repo, or contact person type: string icon: description: The URL to an icon file. type: string keywords: description: A list of string keywords items: type: string type: array kubeVersion: description: KubeVersion is a SemVer constraint specifying the version of Kubernetes required. type: string maintainers: description: A list of name and URL/email address combinations for the maintainer(s) items: $ref: '#/definitions/release.Maintainer' type: array name: description: The name of the chart. Required. type: string sources: description: Source is the URL to the source code of this chart items: type: string type: array tags: description: The tags to check to enable chart type: string type: description: 'Specifies the chart type: application or library' type: string version: description: A SemVer 2 conformant version string of the chart. Required. type: string type: object release.ReleaseElement: properties: appVersion: type: string chart: type: string name: type: string namespace: type: string revision: type: string status: type: string updated: type: string type: object release.Values: properties: computedValues: type: string userSuppliedValues: type: string type: object resource.Quantity: properties: Format: enum: - DecimalExponent - BinarySI - DecimalSI type: string x-enum-comments: BinarySI: e.g., 12Mi (12 * 2^20) DecimalExponent: e.g., 12e6 DecimalSI: e.g., 12M (12 * 10^6) x-enum-varnames: - DecimalExponent - BinarySI - DecimalSI type: object resourcecontrols.resourceControlCreatePayload: properties: AdministratorsOnly: description: Permit access to resource only to admins example: true type: boolean Public: description: Permit access to the associated resource to any user example: true type: boolean ResourceID: example: 617c5f22bb9b023d6daab7cba43a57576f83492867bc767d1c59416b065e5f08 type: string SubResourceIDs: description: List of Docker resources that will inherit this access control example: - 617c5f22bb9b023d6daab7cba43a57576f83492867bc767d1c59416b065e5f08 items: type: string type: array Teams: description: List of team identifiers with access to the associated resource example: - 56 - 7 items: type: integer type: array Type: allOf: - $ref: '#/definitions/portainer.ResourceControlType' description: |- Type of Resource. Valid values are: 1 - container, 2 - service 3 - volume, 4 - network, 5 - secret, 6 - stack, 7 - config, 8 - custom template, 9 - azure-container-group enum: - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 example: 1 Users: description: List of user identifiers with access to the associated resource example: - 1 - 4 items: type: integer type: array required: - ResourceID - Type type: object resourcecontrols.resourceControlUpdatePayload: properties: AdministratorsOnly: description: Permit access to resource only to admins example: true type: boolean Public: description: Permit access to the associated resource to any user example: true type: boolean Teams: description: List of team identifiers with access to the associated resource example: - 7 items: type: integer type: array Users: description: List of user identifiers with access to the associated resource example: - 4 items: type: integer type: array type: object roar.Roar-portainer_EndpointID: type: object settings.publicSettingsResponse: properties: AuthenticationMethod: allOf: - $ref: '#/definitions/portainer.AuthenticationMethod' description: 'Active authentication method for the Portainer instance. Valid values are: 1 for internal, 2 for LDAP, or 3 for oauth' example: 1 Edge: properties: CheckinInterval: description: The check in interval for edge agent (in seconds) - used in non async mode [seconds] example: 60 type: integer CommandInterval: description: The command list interval for edge agent - used in edge async mode [seconds] example: 60 type: integer PingInterval: description: The ping interval for edge agent - used in edge async mode [seconds] example: 60 type: integer SnapshotInterval: description: The snapshot interval for edge agent - used in edge async mode [seconds] example: 60 type: integer type: object EnableEdgeComputeFeatures: description: Whether edge compute features are enabled example: true type: boolean Features: additionalProperties: type: boolean description: Supported feature flags type: object GlobalDeploymentOptions: allOf: - $ref: '#/definitions/portainer.GlobalDeploymentOptions' description: Deployment options for encouraging deployment as code IsAMTEnabled: description: Whether AMT is enabled type: boolean IsDockerDesktopExtension: example: false type: boolean KubeconfigExpiry: default: "0" description: The expiry of a Kubeconfig example: 24h type: string LogoURL: description: URL to a logo that will be displayed on the login page as well as on top of the sidebar. Will use default Portainer logo when value is empty string example: https://mycompany.mydomain.tld/logo.png type: string OAuthLoginURI: description: The URL used for oauth login example: https://gitlab.com/oauth type: string OAuthLogoutURI: description: The URL used for oauth logout example: https://gitlab.com/oauth/logout type: string RequiredPasswordLength: description: The minimum required length for a password of any user when using internal auth mode example: 1 type: integer TeamSync: description: Whether team sync is enabled example: true type: boolean type: object settings.settingsUpdatePayload: properties: AuthenticationMethod: description: 'Active authentication method for the Portainer instance. Valid values are: 1 for internal, 2 for LDAP, or 3 for oauth' example: 1 type: integer BlackListedLabels: description: A list of label name & value that will be used to hide containers when querying containers items: $ref: '#/definitions/portainer.Pair' type: array EdgeAgentCheckinInterval: example: 5 type: integer EdgePortainerURL: description: EdgePortainerURL is the URL that is exposed to edge agents type: string EnableEdgeComputeFeatures: description: Whether edge compute features are enabled example: true type: boolean EnforceEdgeID: description: EnforceEdgeID makes Portainer store the Edge ID instead of accepting anyone example: false type: boolean GlobalDeploymentOptions: allOf: - $ref: '#/definitions/portainer.GlobalDeploymentOptions' description: Deployment options for encouraging deployment as code HelmRepositoryURL: description: Helm repository URL example: https://charts.bitnami.com/bitnami type: string InternalAuthSettings: $ref: '#/definitions/portainer.InternalAuthSettings' KubeconfigExpiry: default: "0" description: The expiry of a Kubeconfig example: 24h type: string KubectlShellImage: description: Kubectl Shell Image example: portainer/kubectl-shell:latest type: string LDAPSettings: $ref: '#/definitions/portainer.LDAPSettings' LogoURL: description: URL to a logo that will be displayed on the login page as well as on top of the sidebar. Will use default Portainer logo when value is empty string example: https://mycompany.mydomain.tld/logo.png type: string OAuthSettings: $ref: '#/definitions/portainer.OAuthSettings' SnapshotInterval: description: The interval in which environment(endpoint) snapshots are created example: 5m type: string TemplatesURL: description: URL to the templates that will be displayed in the UI when navigating to App Templates example: https://raw.githubusercontent.com/portainer/templates/master/templates.json type: string TrustOnFirstConnect: description: TrustOnFirstConnect makes Portainer accepting edge agent connection by default example: false type: boolean UserSessionTimeout: description: The duration of a user session example: 5m type: string type: object ssl.sslUpdatePayload: properties: Cert: description: SSL Certificates type: string HTTPEnabled: type: boolean Key: type: string type: object stacks.composeStackFromFileContentPayload: properties: Env: description: A list of environment variables used during stack deployment items: $ref: '#/definitions/portainer.Pair' type: array FromAppTemplate: description: Whether the stack is from a app template example: false type: boolean Name: description: Name of the stack example: myStack type: string StackFileContent: description: Content of the Stack file example: |- version: 3 services: web: image:nginx type: string required: - Name - StackFileContent type: object stacks.composeStackFromGitRepositoryPayload: properties: AdditionalFiles: description: Applicable when deploying with multiple stack files example: - '[nz.compose.yml' - ' uat.compose.yml]' items: type: string type: array AutoUpdate: allOf: - $ref: '#/definitions/portainer.AutoUpdateSettings' description: Optional GitOps update configuration ComposeFile: default: docker-compose.yml description: Path to the Stack file inside the Git repository example: docker-compose.yml type: string Env: description: A list of environment variables used during stack deployment items: $ref: '#/definitions/portainer.Pair' type: array FromAppTemplate: description: Whether the stack is from a app template example: false type: boolean Name: description: Name of the stack example: myStack type: string RepositoryAuthentication: description: Use basic authentication to clone the Git repository example: true type: boolean RepositoryPassword: description: Password used in basic authentication. Required when RepositoryAuthentication is true. example: myGitPassword type: string RepositoryReferenceName: description: Reference name of a Git repository hosting the Stack file example: refs/heads/master type: string RepositoryURL: description: URL of a Git repository hosting the Stack file example: https://github.com/openfaas/faas type: string RepositoryUsername: description: Username used in basic authentication. Required when RepositoryAuthentication is true. example: myGitUsername type: string TLSSkipVerify: description: TLSSkipVerify skips SSL verification when cloning the Git repository example: false type: boolean required: - Name - RepositoryURL type: object stacks.kubernetesGitDeploymentPayload: properties: AdditionalFiles: items: type: string type: array AutoUpdate: $ref: '#/definitions/portainer.AutoUpdateSettings' ComposeFormat: type: boolean ManifestFile: type: string Namespace: type: string RepositoryAuthentication: type: boolean RepositoryPassword: type: string RepositoryReferenceName: type: string RepositoryURL: type: string RepositoryUsername: type: string StackName: type: string TLSSkipVerify: description: TLSSkipVerify skips SSL verification when cloning the Git repository example: false type: boolean type: object stacks.kubernetesManifestURLDeploymentPayload: properties: ComposeFormat: type: boolean ManifestURL: type: string Namespace: type: string StackName: type: string type: object stacks.kubernetesStringDeploymentPayload: properties: ComposeFormat: type: boolean FromAppTemplate: description: Whether the stack is from a app template example: false type: boolean Namespace: type: string StackFileContent: type: string StackName: type: string type: object stacks.stackFileResponse: properties: StackFileContent: description: Content of the Stack file example: |- version: 3 services: web: image:nginx type: string type: object stacks.stackGitRedployPayload: properties: Env: items: $ref: '#/definitions/portainer.Pair' type: array Prune: type: boolean PullImage: description: |- Deprecated(2.36): use RepullImageAndRedeploy instead for cleaner responsibility Force a pulling to current image with the original tag though the image is already the latest example: false type: boolean RepositoryAuthentication: type: boolean RepositoryAuthorizationType: $ref: '#/definitions/gittypes.GitCredentialAuthType' RepositoryPassword: type: string RepositoryReferenceName: type: string RepositoryUsername: type: string RepullImageAndRedeploy: description: RepullImageAndRedeploy indicates whether to force repulling images and redeploying the stack type: boolean StackName: type: string type: object stacks.stackGitUpdatePayload: properties: AutoUpdate: $ref: '#/definitions/portainer.AutoUpdateSettings' Env: items: $ref: '#/definitions/portainer.Pair' type: array Prune: type: boolean RepositoryAuthentication: type: boolean RepositoryAuthorizationType: $ref: '#/definitions/gittypes.GitCredentialAuthType' RepositoryPassword: type: string RepositoryReferenceName: type: string RepositoryUsername: type: string TLSSkipVerify: type: boolean type: object stacks.stackMigratePayload: properties: EndpointID: description: Environment(Endpoint) identifier of the target environment(endpoint) where the stack will be relocated example: 2 type: integer Name: description: If provided will rename the migrated stack example: new-stack type: string SwarmID: description: Swarm cluster identifier, must match the identifier of the cluster where the stack will be relocated example: jpofkc0i9uo9wtx1zesuk649w type: string required: - EndpointID type: object stacks.swarmStackFromFileContentPayload: properties: Env: description: A list of environment variables used during stack deployment items: $ref: '#/definitions/portainer.Pair' type: array FromAppTemplate: description: Whether the stack is from a app template example: false type: boolean Name: description: Name of the stack example: myStack type: string StackFileContent: description: Content of the Stack file example: |- version: 3 services: web: image:nginx type: string SwarmID: description: Swarm cluster identifier example: jpofkc0i9uo9wtx1zesuk649w type: string required: - Name - StackFileContent - SwarmID type: object stacks.swarmStackFromGitRepositoryPayload: properties: AdditionalFiles: description: Applicable when deploying with multiple stack files example: - '[nz.compose.yml' - ' uat.compose.yml]' items: type: string type: array AutoUpdate: allOf: - $ref: '#/definitions/portainer.AutoUpdateSettings' description: Optional GitOps update configuration ComposeFile: default: docker-compose.yml description: Path to the Stack file inside the Git repository example: docker-compose.yml type: string Env: description: A list of environment variables used during stack deployment items: $ref: '#/definitions/portainer.Pair' type: array FromAppTemplate: description: Whether the stack is from a app template example: false type: boolean Name: description: Name of the stack example: myStack type: string RepositoryAuthentication: description: Use basic authentication to clone the Git repository example: true type: boolean RepositoryPassword: description: Password used in basic authentication. Required when RepositoryAuthentication is true. example: myGitPassword type: string RepositoryReferenceName: description: Reference name of a Git repository hosting the Stack file example: refs/heads/master type: string RepositoryURL: description: URL of a Git repository hosting the Stack file example: https://github.com/openfaas/faas type: string RepositoryUsername: description: Username used in basic authentication. Required when RepositoryAuthentication is true. example: myGitUsername type: string SwarmID: description: Swarm cluster identifier example: jpofkc0i9uo9wtx1zesuk649w type: string TLSSkipVerify: description: TLSSkipVerify skips SSL verification when cloning the Git repository example: false type: boolean required: - Name - RepositoryURL - SwarmID type: object stacks.updateSwarmStackPayload: properties: Env: description: A list of environment(endpoint) variables used during stack deployment items: $ref: '#/definitions/portainer.Pair' type: array Prune: description: Prune services that are no longer referenced (only available for Swarm stacks) example: true type: boolean PullImage: description: |- Deprecated(2.36): use RepullImageAndRedeploy instead for cleaner responsibility Force a pulling to current image with the original tag though the image is already the latest example: false type: boolean RepullImageAndRedeploy: description: RepullImageAndRedeploy indicates whether to force repulling images and redeploying the stack type: boolean StackFileContent: description: New content of the Stack file example: |- version: 3 services: web: image:nginx type: string type: object stats.ContainerStats: properties: healthy: type: integer running: type: integer stopped: type: integer total: type: integer unhealthy: type: integer type: object swarm.ServiceUpdateResponse: properties: Warnings: description: Optional warning messages items: type: string type: array type: object system.nodesCountResponse: properties: nodes: type: integer type: object system.status: properties: InstanceID: description: Server Instance ID example: 299ab403-70a8-4c05-92f7-bf7a994d50df type: string Version: description: Portainer API version example: 2.0.0 type: string type: object system.systemInfoResponse: properties: agents: type: integer edgeAgents: type: integer platform: $ref: '#/definitions/platform.ContainerPlatform' type: object system.versionResponse: properties: Build: $ref: '#/definitions/build.BuildInfo' DatabaseVersion: type: string Dependencies: $ref: '#/definitions/build.DependenciesInfo' LatestVersion: description: The latest version available example: 2.0.0 type: string Runtime: $ref: '#/definitions/build.RuntimeInfo' ServerEdition: example: CE/EE type: string ServerVersion: type: string UpdateAvailable: description: Whether portainer has an update available example: false type: boolean VersionSupport: example: STS/LTS type: string type: object tags.tagCreatePayload: properties: Name: example: org/acme type: string required: - Name type: object teammemberships.teamMembershipCreatePayload: properties: Role: description: Role for the user inside the team (1 for leader and 2 for regular member) enum: - 1 - 2 example: 1 type: integer TeamID: description: Team identifier example: 1 type: integer UserID: description: User identifier example: 1 type: integer required: - Role - TeamID - UserID type: object teammemberships.teamMembershipUpdatePayload: properties: Role: description: Role for the user inside the team (1 for leader and 2 for regular member) enum: - 1 - 2 example: 1 type: integer TeamID: description: Team identifier example: 1 type: integer UserID: description: User identifier example: 1 type: integer required: - Role - TeamID - UserID type: object teams.teamCreatePayload: properties: Name: description: Name example: developers type: string TeamLeaders: description: TeamLeaders example: - 3 - 5 items: type: integer type: array required: - Name type: object teams.teamUpdatePayload: properties: Name: description: Name example: developers type: string type: object templates.fileResponse: properties: FileContent: description: The requested file content example: version:2 type: string type: object templates.listResponse: properties: templates: items: $ref: '#/definitions/portainer.Template' type: array version: type: string type: object unstructured.Unstructured: properties: Object: additionalProperties: true description: |- Object is a JSON compatible map with string, float, int, bool, []interface{}, or map[string]interface{} children. type: object type: object users.accessTokenResponse: properties: apiKey: $ref: '#/definitions/portainer.APIKey' rawAPIKey: type: string type: object users.addHelmRepoUrlPayload: properties: url: type: string type: object users.adminInitPayload: properties: Password: description: Password for the admin user example: admin-password type: string Username: description: Username for the admin user example: admin type: string required: - Password - Username type: object users.helmUserRepositoryResponse: properties: GlobalRepository: type: string UserRepositories: items: $ref: '#/definitions/portainer.HelmUserRepository' type: array type: object users.themePayload: properties: color: description: Color represents the color theme of the UI enum: - dark - light - highcontrast - auto example: dark type: string type: object users.userAccessTokenCreatePayload: properties: description: example: github-api-key type: string password: example: password type: string required: - description - password type: object users.userCreatePayload: properties: Password: example: cg9Wgky3 type: string Role: description: User role (1 for administrator account and 2 for regular account) enum: - 1 - 2 example: 2 type: integer Username: example: bob type: string required: - Password - Role - Username type: object users.userUpdatePasswordPayload: properties: NewPassword: description: New Password example: new_passwd type: string Password: description: Current Password example: passwd type: string required: - NewPassword - Password type: object users.userUpdatePayload: properties: NewPassword: example: asfj2emv type: string Password: example: cg9Wgky3 type: string Role: description: User role (1 for administrator account and 2 for regular account) enum: - 1 - 2 example: 2 type: integer Theme: $ref: '#/definitions/users.themePayload' UseCache: example: true type: boolean Username: example: bob type: string required: - NewPassword - Password - Role - UseCache - Username type: object v1.AppArmorProfile: properties: localhostProfile: description: |- localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". +optional type: string type: allOf: - $ref: '#/definitions/v1.AppArmorProfileType' description: |- type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. +unionDiscriminator type: object v1.AppArmorProfileType: enum: - Unconfined - RuntimeDefault - Localhost type: string x-enum-varnames: - AppArmorProfileTypeUnconfined - AppArmorProfileTypeRuntimeDefault - AppArmorProfileTypeLocalhost v1.CSIPersistentVolumeSource: properties: controllerExpandSecretRef: allOf: - $ref: '#/definitions/v1.SecretReference' description: |- controllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed. +optional controllerPublishSecretRef: allOf: - $ref: '#/definitions/v1.SecretReference' description: |- controllerPublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerPublishVolume and ControllerUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed. +optional driver: description: |- driver is the name of the driver to use for this volume. Required. type: string fsType: description: |- fsType to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". +optional type: string nodeExpandSecretRef: allOf: - $ref: '#/definitions/v1.SecretReference' description: |- nodeExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeExpandVolume call. This field is optional, may be omitted if no secret is required. If the secret object contains more than one secret, all secrets are passed. +optional nodePublishSecretRef: allOf: - $ref: '#/definitions/v1.SecretReference' description: |- nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed. +optional nodeStageSecretRef: allOf: - $ref: '#/definitions/v1.SecretReference' description: |- nodeStageSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeStageVolume and NodeStageVolume and NodeUnstageVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed. +optional readOnly: description: |- readOnly value to pass to ControllerPublishVolumeRequest. Defaults to false (read/write). +optional type: boolean volumeAttributes: additionalProperties: type: string description: |- volumeAttributes of the volume to publish. +optional type: object volumeHandle: description: |- volumeHandle is the unique volume name returned by the CSI volume plugin’s CreateVolume to refer to the volume on all subsequent calls. Required. type: string type: object v1.Capabilities: properties: add: description: |- Added capabilities +optional +listType=atomic items: type: string type: array drop: description: |- Removed capabilities +optional +listType=atomic items: type: string type: array type: object v1.ConfigMapEnvSource: properties: name: description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +optional +default="" +kubebuilder:default="" TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: |- Specify whether the ConfigMap must be defined +optional type: boolean type: object v1.ConfigMapKeySelector: properties: key: description: The key to select. type: string name: description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +optional +default="" +kubebuilder:default="" TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: |- Specify whether the ConfigMap or its key must be defined +optional type: boolean type: object v1.Container: properties: args: description: |- Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell +optional +listType=atomic items: type: string type: array command: description: |- Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell +optional +listType=atomic items: type: string type: array env: description: |- List of environment variables to set in the container. Cannot be updated. +optional +patchMergeKey=name +patchStrategy=merge +listType=map +listMapKey=name items: $ref: '#/definitions/v1.EnvVar' type: array envFrom: description: |- List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. +optional +listType=atomic items: $ref: '#/definitions/v1.EnvFromSource' type: array image: description: |- Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. +optional type: string imagePullPolicy: allOf: - $ref: '#/definitions/v1.PullPolicy' description: |- Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images +optional lifecycle: allOf: - $ref: '#/definitions/v1.Lifecycle' description: |- Actions that the management system should take in response to container lifecycle events. Cannot be updated. +optional livenessProbe: allOf: - $ref: '#/definitions/v1.Probe' description: |- Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +optional name: description: |- Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. type: string ports: description: |- List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. +optional +patchMergeKey=containerPort +patchStrategy=merge +listType=map +listMapKey=containerPort +listMapKey=protocol items: $ref: '#/definitions/v1.ContainerPort' type: array readinessProbe: allOf: - $ref: '#/definitions/v1.Probe' description: |- Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +optional resizePolicy: description: |- Resources resize policy for the container. This field cannot be set on ephemeral containers. +featureGate=InPlacePodVerticalScaling +optional +listType=atomic items: $ref: '#/definitions/v1.ContainerResizePolicy' type: array resources: allOf: - $ref: '#/definitions/v1.ResourceRequirements' description: |- Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +optional restartPolicy: allOf: - $ref: '#/definitions/v1.ContainerRestartPolicy' description: |- RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. +optional restartPolicyRules: description: |- Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy. +featureGate=ContainerRestartRules +optional +listType=atomic items: $ref: '#/definitions/v1.ContainerRestartRule' type: array securityContext: allOf: - $ref: '#/definitions/v1.SecurityContext' description: |- SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +optional startupProbe: allOf: - $ref: '#/definitions/v1.Probe' description: |- StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +optional stdin: description: |- Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. +optional type: boolean stdinOnce: description: |- Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false +optional type: boolean terminationMessagePath: description: |- Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. +optional type: string terminationMessagePolicy: allOf: - $ref: '#/definitions/v1.TerminationMessagePolicy' description: |- Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. +optional tty: description: |- Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. +optional type: boolean volumeDevices: description: |- volumeDevices is the list of block devices to be used by the container. +patchMergeKey=devicePath +patchStrategy=merge +listType=map +listMapKey=devicePath +optional items: $ref: '#/definitions/v1.VolumeDevice' type: array volumeMounts: description: |- Pod volumes to mount into the container's filesystem. Cannot be updated. +optional +patchMergeKey=mountPath +patchStrategy=merge +listType=map +listMapKey=mountPath items: $ref: '#/definitions/v1.VolumeMount' type: array workingDir: description: |- Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. +optional type: string type: object v1.ContainerPort: properties: containerPort: description: |- Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. type: integer hostIP: description: |- What host IP to bind the external port to. +optional type: string hostPort: description: |- Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. +optional type: integer name: description: |- If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. +optional type: string protocol: allOf: - $ref: '#/definitions/v1.Protocol' description: |- Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". +optional +default="TCP" type: object v1.ContainerResizePolicy: properties: resourceName: allOf: - $ref: '#/definitions/v1.ResourceName' description: |- Name of the resource to which this resource resize policy applies. Supported values: cpu, memory. restartPolicy: allOf: - $ref: '#/definitions/v1.ResourceResizeRestartPolicy' description: |- Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. type: object v1.ContainerRestartPolicy: enum: - Always - Never - OnFailure type: string x-enum-varnames: - ContainerRestartPolicyAlways - ContainerRestartPolicyNever - ContainerRestartPolicyOnFailure v1.ContainerRestartRule: properties: action: allOf: - $ref: '#/definitions/v1.ContainerRestartRuleAction' description: |- Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is "Restart" to restart the container. +required exitCodes: allOf: - $ref: '#/definitions/v1.ContainerRestartRuleOnExitCodes' description: |- Represents the exit codes to check on container exits. +optional +oneOf=when type: object v1.ContainerRestartRuleAction: enum: - Restart - RestartAllContainers type: string x-enum-varnames: - ContainerRestartRuleActionRestart - ContainerRestartRuleActionRestartAllContainers v1.ContainerRestartRuleOnExitCodes: properties: operator: allOf: - $ref: '#/definitions/v1.ContainerRestartRuleOnExitCodesOperator' description: |- Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the set of specified values. - NotIn: the requirement is satisfied if the container exit code is not in the set of specified values. +required values: description: |- Specifies the set of values to check for container exit codes. At most 255 elements are allowed. +optional +listType=set items: type: integer type: array type: object v1.ContainerRestartRuleOnExitCodesOperator: enum: - In - NotIn type: string x-enum-varnames: - ContainerRestartRuleOnExitCodesOpIn - ContainerRestartRuleOnExitCodesOpNotIn v1.Duration: properties: time.Duration: enum: - -9223372036854775808 - 9223372036854775807 - 1 - 1000 - 1000000 - 1000000000 - 60000000000 - 3600000000000 type: integer x-enum-varnames: - minDuration - maxDuration - Nanosecond - Microsecond - Millisecond - Second - Minute - Hour type: object v1.EnvFromSource: properties: configMapRef: allOf: - $ref: '#/definitions/v1.ConfigMapEnvSource' description: |- The ConfigMap to select from +optional prefix: description: |- Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='. +optional type: string secretRef: allOf: - $ref: '#/definitions/v1.SecretEnvSource' description: |- The Secret to select from +optional type: object v1.EnvVar: properties: name: description: |- Name of the environment variable. May consist of any printable ASCII characters except '='. type: string value: description: |- Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". +optional type: string valueFrom: allOf: - $ref: '#/definitions/v1.EnvVarSource' description: |- Source for the environment variable's value. Cannot be used if value is not empty. +optional type: object v1.EnvVarSource: properties: configMapKeyRef: allOf: - $ref: '#/definitions/v1.ConfigMapKeySelector' description: |- Selects a key of a ConfigMap. +optional fieldRef: allOf: - $ref: '#/definitions/v1.ObjectFieldSelector' description: |- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +optional fileKeyRef: allOf: - $ref: '#/definitions/v1.FileKeySelector' description: |- FileKeyRef selects a key of the env file. Requires the EnvFiles feature gate to be enabled. +featureGate=EnvFiles +optional resourceFieldRef: allOf: - $ref: '#/definitions/v1.ResourceFieldSelector' description: |- Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +optional secretKeyRef: allOf: - $ref: '#/definitions/v1.SecretKeySelector' description: |- Selects a key of a secret in the pod's namespace +optional type: object v1.ExecAction: properties: command: description: |- Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. +optional +listType=atomic items: type: string type: array type: object v1.FieldsV1: type: object v1.FileKeySelector: properties: key: description: |- The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. +required type: string optional: description: |- Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers. If optional is set to false and the specified key does not exist, an error will be returned during Pod creation. +optional +default=false type: boolean path: description: |- The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'. +required type: string volumeName: description: |- The name of the volume mount containing the env file. +required type: string type: object v1.GRPCAction: properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. type: integer service: description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. +optional +default="" type: string type: object v1.HTTPGetAction: properties: host: description: |- Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. +optional type: string httpHeaders: description: |- Custom headers to set in the request. HTTP allows repeated headers. +optional +listType=atomic items: $ref: '#/definitions/v1.HTTPHeader' type: array path: description: |- Path to access on the HTTP server. +optional type: string port: allOf: - $ref: '#/definitions/intstr.IntOrString' description: |- Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. scheme: allOf: - $ref: '#/definitions/v1.URIScheme' description: |- Scheme to use for connecting to the host. Defaults to HTTP. +optional type: object v1.HTTPHeader: properties: name: description: |- The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value type: string type: object v1.Lifecycle: properties: postStart: allOf: - $ref: '#/definitions/v1.LifecycleHandler' description: |- PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +optional preStop: allOf: - $ref: '#/definitions/v1.LifecycleHandler' description: |- PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +optional stopSignal: allOf: - $ref: '#/definitions/v1.Signal' description: |- StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name +optional type: object v1.LifecycleHandler: properties: exec: allOf: - $ref: '#/definitions/v1.ExecAction' description: |- Exec specifies a command to execute in the container. +optional httpGet: allOf: - $ref: '#/definitions/v1.HTTPGetAction' description: |- HTTPGet specifies an HTTP GET request to perform. +optional sleep: allOf: - $ref: '#/definitions/v1.SleepAction' description: |- Sleep represents a duration that the container should sleep. +optional tcpSocket: allOf: - $ref: '#/definitions/v1.TCPSocketAction' description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. +optional type: object v1.ListMeta: properties: continue: description: |- continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message. type: string remainingItemCount: description: |- remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is *estimating* the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact. +optional type: integer resourceVersion: description: |- String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency +optional type: string selfLink: description: |- Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. +optional type: string type: object v1.ManagedFieldsEntry: properties: apiVersion: description: |- APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. type: string fieldsType: description: |- FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1" type: string fieldsV1: allOf: - $ref: '#/definitions/v1.FieldsV1' description: |- FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. +optional manager: description: Manager is an identifier of the workflow managing these fields. type: string operation: allOf: - $ref: '#/definitions/v1.ManagedFieldsOperationType' description: |- Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. subresource: description: |- Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. type: string time: description: |- Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. +optional type: string type: object v1.ManagedFieldsOperationType: enum: - Apply - Update type: string x-enum-varnames: - ManagedFieldsOperationApply - ManagedFieldsOperationUpdate v1.MountPropagationMode: enum: - None - HostToContainer - Bidirectional type: string x-enum-varnames: - MountPropagationNone - MountPropagationHostToContainer - MountPropagationBidirectional v1.NamespaceCondition: properties: lastTransitionTime: description: |- Last time the condition transitioned from one status to another. +optional type: string message: description: |- Human-readable message indicating details about last transition. +optional type: string reason: description: |- Unique, one-word, CamelCase reason for the condition's last transition. +optional type: string status: allOf: - $ref: '#/definitions/k8s_io_api_core_v1.ConditionStatus' description: Status of the condition, one of True, False, Unknown. type: allOf: - $ref: '#/definitions/v1.NamespaceConditionType' description: Type of namespace controller condition. type: object v1.NamespaceConditionType: enum: - NamespaceDeletionDiscoveryFailure - NamespaceDeletionContentFailure - NamespaceDeletionGroupVersionParsingFailure - NamespaceContentRemaining - NamespaceFinalizersRemaining type: string x-enum-varnames: - NamespaceDeletionDiscoveryFailure - NamespaceDeletionContentFailure - NamespaceDeletionGVParsingFailure - NamespaceContentRemaining - NamespaceFinalizersRemaining v1.NamespacePhase: enum: - Active - Terminating type: string x-enum-varnames: - NamespaceActive - NamespaceTerminating v1.NamespaceStatus: properties: conditions: description: |- Represents the latest available observations of a namespace's current state. +optional +patchMergeKey=type +patchStrategy=merge +listType=map +listMapKey=type items: $ref: '#/definitions/v1.NamespaceCondition' type: array phase: allOf: - $ref: '#/definitions/v1.NamespacePhase' description: |- Phase is the current lifecycle phase of the namespace. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ +optional type: object v1.ObjectFieldSelector: properties: apiVersion: description: |- Version of the schema the FieldPath is written in terms of, defaults to "v1". +optional type: string fieldPath: description: Path of the field to select in the specified API version. type: string type: object v1.ObjectMeta: properties: annotations: additionalProperties: type: string description: |- Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations +optional type: object creationTimestamp: description: |- CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +optional type: string deletionGracePeriodSeconds: description: |- Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. +optional type: integer deletionTimestamp: description: |- DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +optional type: string finalizers: description: |- Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. +optional +patchStrategy=merge +listType=set items: type: string type: array generateName: description: |- GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. If this field is specified and the generated name exists, the server will return a 409. Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency +optional type: string generation: description: |- A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. +optional type: integer labels: additionalProperties: type: string description: |- Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels +optional type: object managedFields: description: |- ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. +optional +listType=atomic items: $ref: '#/definitions/v1.ManagedFieldsEntry' type: array name: description: |- Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names +optional type: string namespace: description: |- Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces +optional type: string ownerReferences: description: |- List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. +optional +patchMergeKey=uid +patchStrategy=merge +listType=map +listMapKey=uid items: $ref: '#/definitions/v1.OwnerReference' type: array resourceVersion: description: |- An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency +optional type: string selfLink: description: |- Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. +optional type: string uid: description: |- UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids +optional type: string type: object v1.ObjectReference: properties: apiVersion: description: |- API version of the referent. +optional type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future. +optional type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds +optional type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +optional type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ +optional type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency +optional type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids +optional type: string type: object v1.OwnerReference: properties: apiVersion: description: API version of the referent. type: string blockOwnerDeletion: description: |- If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. +optional type: boolean controller: description: |- If true, this reference points to the managing controller. +optional type: boolean kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids type: string type: object v1.PersistentVolumeAccessMode: enum: - ReadWriteOnce - ReadOnlyMany - ReadWriteMany - ReadWriteOncePod type: string x-enum-varnames: - ReadWriteOnce - ReadOnlyMany - ReadWriteMany - ReadWriteOncePod v1.PersistentVolumeClaimPhase: enum: - Pending - Bound - Lost type: string x-enum-varnames: - ClaimPending - ClaimBound - ClaimLost v1.PersistentVolumeMode: enum: - Block - Filesystem type: string x-enum-varnames: - PersistentVolumeBlock - PersistentVolumeFilesystem v1.PersistentVolumeReclaimPolicy: enum: - Recycle - Delete - Retain type: string x-enum-varnames: - PersistentVolumeReclaimRecycle - PersistentVolumeReclaimDelete - PersistentVolumeReclaimRetain v1.Probe: properties: exec: allOf: - $ref: '#/definitions/v1.ExecAction' description: |- Exec specifies a command to execute in the container. +optional failureThreshold: description: |- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. +optional type: integer grpc: allOf: - $ref: '#/definitions/v1.GRPCAction' description: |- GRPC specifies a GRPC HealthCheckRequest. +optional httpGet: allOf: - $ref: '#/definitions/v1.HTTPGetAction' description: |- HTTPGet specifies an HTTP GET request to perform. +optional initialDelaySeconds: description: |- Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +optional type: integer periodSeconds: description: |- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. +optional type: integer successThreshold: description: |- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. +optional type: integer tcpSocket: allOf: - $ref: '#/definitions/v1.TCPSocketAction' description: |- TCPSocket specifies a connection to a TCP port. +optional terminationGracePeriodSeconds: description: |- Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. +optional type: integer timeoutSeconds: description: |- Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +optional type: integer type: object v1.ProcMountType: enum: - Default - Unmasked type: string x-enum-varnames: - DefaultProcMount - UnmaskedProcMount v1.Protocol: enum: - TCP - UDP - SCTP type: string x-enum-varnames: - ProtocolTCP - ProtocolUDP - ProtocolSCTP v1.PullPolicy: enum: - Always - Never - IfNotPresent type: string x-enum-varnames: - PullAlways - PullNever - PullIfNotPresent v1.RecursiveReadOnlyMode: enum: - Disabled - IfPossible - Enabled type: string x-enum-varnames: - RecursiveReadOnlyDisabled - RecursiveReadOnlyIfPossible - RecursiveReadOnlyEnabled v1.ResourceFieldSelector: properties: containerName: description: |- Container name: required for volumes, optional for env vars +optional type: string divisor: allOf: - $ref: '#/definitions/resource.Quantity' description: |- Specifies the output format of the exposed resources, defaults to "1" +optional resource: description: 'Required: resource to select' type: string type: object v1.ResourceList: additionalProperties: $ref: '#/definitions/resource.Quantity' type: object v1.ResourceName: enum: - cpu - memory - storage - ephemeral-storage - pods - services - replicationcontrollers - resourcequotas - secrets - configmaps - persistentvolumeclaims - services.nodeports - services.loadbalancers - requests.cpu - requests.memory - requests.storage - requests.ephemeral-storage - limits.cpu - limits.memory - limits.ephemeral-storage type: string x-enum-varnames: - ResourceCPU - ResourceMemory - ResourceStorage - ResourceEphemeralStorage - ResourcePods - ResourceServices - ResourceReplicationControllers - ResourceQuotas - ResourceSecrets - ResourceConfigMaps - ResourcePersistentVolumeClaims - ResourceServicesNodePorts - ResourceServicesLoadBalancers - ResourceRequestsCPU - ResourceRequestsMemory - ResourceRequestsStorage - ResourceRequestsEphemeralStorage - ResourceLimitsCPU - ResourceLimitsMemory - ResourceLimitsEphemeralStorage v1.ResourceQuota: properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources +optional type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds +optional type: string metadata: allOf: - $ref: '#/definitions/v1.ObjectMeta' description: |- Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +optional spec: allOf: - $ref: '#/definitions/v1.ResourceQuotaSpec' description: |- Spec defines the desired quota. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +optional status: allOf: - $ref: '#/definitions/v1.ResourceQuotaStatus' description: |- Status defines the actual enforced quota and its current usage. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +optional type: object v1.ResourceQuotaScope: enum: - Terminating - NotTerminating - BestEffort - NotBestEffort - PriorityClass - CrossNamespacePodAffinity - VolumeAttributesClass type: string x-enum-varnames: - ResourceQuotaScopeTerminating - ResourceQuotaScopeNotTerminating - ResourceQuotaScopeBestEffort - ResourceQuotaScopeNotBestEffort - ResourceQuotaScopePriorityClass - ResourceQuotaScopeCrossNamespacePodAffinity - ResourceQuotaScopeVolumeAttributesClass v1.ResourceQuotaSpec: properties: hard: allOf: - $ref: '#/definitions/v1.ResourceList' description: |- hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ +optional scopeSelector: allOf: - $ref: '#/definitions/v1.ScopeSelector' description: |- scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. +optional scopes: description: |- A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects. +optional +listType=atomic items: $ref: '#/definitions/v1.ResourceQuotaScope' type: array type: object v1.ResourceQuotaStatus: properties: hard: allOf: - $ref: '#/definitions/v1.ResourceList' description: |- Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ +optional used: allOf: - $ref: '#/definitions/v1.ResourceList' description: |- Used is the current observed total usage of the resource in the namespace. +optional type: object v1.ResourceRequirements: properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. +listType=map +listMapKey=name +featureGate=DynamicResourceAllocation +optional items: $ref: '#/definitions/k8s_io_api_core_v1.ResourceClaim' type: array limits: allOf: - $ref: '#/definitions/v1.ResourceList' description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +optional requests: allOf: - $ref: '#/definitions/v1.ResourceList' description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +optional type: object v1.ResourceResizeRestartPolicy: enum: - NotRequired - RestartContainer type: string x-enum-varnames: - NotRequired - RestartContainer v1.RoleRef: properties: apiGroup: description: APIGroup is the group for the resource being referenced type: string kind: description: Kind is the type of resource being referenced type: string name: description: |- Name is the name of resource being referenced +required +k8s:required type: string type: object v1.SELinuxOptions: properties: level: description: |- Level is SELinux level label that applies to the container. +optional type: string role: description: |- Role is a SELinux role label that applies to the container. +optional type: string type: description: |- Type is a SELinux type label that applies to the container. +optional type: string user: description: |- User is a SELinux user label that applies to the container. +optional type: string type: object v1.ScopeSelector: properties: matchExpressions: description: |- A list of scope selector requirements by scope of the resources. +optional +listType=atomic items: $ref: '#/definitions/v1.ScopedResourceSelectorRequirement' type: array type: object v1.ScopeSelectorOperator: enum: - In - NotIn - Exists - DoesNotExist type: string x-enum-varnames: - ScopeSelectorOpIn - ScopeSelectorOpNotIn - ScopeSelectorOpExists - ScopeSelectorOpDoesNotExist v1.ScopedResourceSelectorRequirement: properties: operator: allOf: - $ref: '#/definitions/v1.ScopeSelectorOperator' description: |- Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. scopeName: allOf: - $ref: '#/definitions/v1.ResourceQuotaScope' description: The name of the scope that the selector applies to. values: description: |- An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +optional +listType=atomic items: type: string type: array type: object v1.SeccompProfile: properties: localhostProfile: description: |- localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. +optional type: string type: allOf: - $ref: '#/definitions/v1.SeccompProfileType' description: |- type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. +unionDiscriminator type: object v1.SeccompProfileType: enum: - Unconfined - RuntimeDefault - Localhost type: string x-enum-varnames: - SeccompProfileTypeUnconfined - SeccompProfileTypeRuntimeDefault - SeccompProfileTypeLocalhost v1.SecretEnvSource: properties: name: description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +optional +default="" +kubebuilder:default="" TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: |- Specify whether the Secret must be defined +optional type: boolean type: object v1.SecretKeySelector: properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +optional +default="" +kubebuilder:default="" TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: |- Specify whether the Secret or its key must be defined +optional type: boolean type: object v1.SecretReference: properties: name: description: |- name is unique within a namespace to reference a secret resource. +optional type: string namespace: description: |- namespace defines the space within which the secret name must be unique. +optional type: string type: object v1.SecurityContext: properties: allowPrivilegeEscalation: description: |- AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. +optional type: boolean appArmorProfile: allOf: - $ref: '#/definitions/v1.AppArmorProfile' description: |- appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. +optional capabilities: allOf: - $ref: '#/definitions/v1.Capabilities' description: |- The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. +optional privileged: description: |- Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. +optional type: boolean procMount: allOf: - $ref: '#/definitions/v1.ProcMountType' description: |- procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. +optional readOnlyRootFilesystem: description: |- Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. +optional type: boolean runAsGroup: description: |- The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +optional type: integer runAsNonRoot: description: |- Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +optional type: boolean runAsUser: description: |- The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +optional type: integer seLinuxOptions: allOf: - $ref: '#/definitions/v1.SELinuxOptions' description: |- The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. +optional seccompProfile: allOf: - $ref: '#/definitions/v1.SeccompProfile' description: |- The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. +optional windowsOptions: allOf: - $ref: '#/definitions/v1.WindowsSecurityContextOptions' description: |- The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. +optional type: object v1.Signal: enum: - SIGABRT - SIGALRM - SIGBUS - SIGCHLD - SIGCLD - SIGCONT - SIGFPE - SIGHUP - SIGILL - SIGINT - SIGIO - SIGIOT - SIGKILL - SIGPIPE - SIGPOLL - SIGPROF - SIGPWR - SIGQUIT - SIGSEGV - SIGSTKFLT - SIGSTOP - SIGSYS - SIGTERM - SIGTRAP - SIGTSTP - SIGTTIN - SIGTTOU - SIGURG - SIGUSR1 - SIGUSR2 - SIGVTALRM - SIGWINCH - SIGXCPU - SIGXFSZ - SIGRTMIN - SIGRTMIN+1 - SIGRTMIN+2 - SIGRTMIN+3 - SIGRTMIN+4 - SIGRTMIN+5 - SIGRTMIN+6 - SIGRTMIN+7 - SIGRTMIN+8 - SIGRTMIN+9 - SIGRTMIN+10 - SIGRTMIN+11 - SIGRTMIN+12 - SIGRTMIN+13 - SIGRTMIN+14 - SIGRTMIN+15 - SIGRTMAX-14 - SIGRTMAX-13 - SIGRTMAX-12 - SIGRTMAX-11 - SIGRTMAX-10 - SIGRTMAX-9 - SIGRTMAX-8 - SIGRTMAX-7 - SIGRTMAX-6 - SIGRTMAX-5 - SIGRTMAX-4 - SIGRTMAX-3 - SIGRTMAX-2 - SIGRTMAX-1 - SIGRTMAX type: string x-enum-varnames: - SIGABRT - SIGALRM - SIGBUS - SIGCHLD - SIGCLD - SIGCONT - SIGFPE - SIGHUP - SIGILL - SIGINT - SIGIO - SIGIOT - SIGKILL - SIGPIPE - SIGPOLL - SIGPROF - SIGPWR - SIGQUIT - SIGSEGV - SIGSTKFLT - SIGSTOP - SIGSYS - SIGTERM - SIGTRAP - SIGTSTP - SIGTTIN - SIGTTOU - SIGURG - SIGUSR1 - SIGUSR2 - SIGVTALRM - SIGWINCH - SIGXCPU - SIGXFSZ - SIGRTMIN - SIGRTMINPLUS1 - SIGRTMINPLUS2 - SIGRTMINPLUS3 - SIGRTMINPLUS4 - SIGRTMINPLUS5 - SIGRTMINPLUS6 - SIGRTMINPLUS7 - SIGRTMINPLUS8 - SIGRTMINPLUS9 - SIGRTMINPLUS10 - SIGRTMINPLUS11 - SIGRTMINPLUS12 - SIGRTMINPLUS13 - SIGRTMINPLUS14 - SIGRTMINPLUS15 - SIGRTMAXMINUS14 - SIGRTMAXMINUS13 - SIGRTMAXMINUS12 - SIGRTMAXMINUS11 - SIGRTMAXMINUS10 - SIGRTMAXMINUS9 - SIGRTMAXMINUS8 - SIGRTMAXMINUS7 - SIGRTMAXMINUS6 - SIGRTMAXMINUS5 - SIGRTMAXMINUS4 - SIGRTMAXMINUS3 - SIGRTMAXMINUS2 - SIGRTMAXMINUS1 - SIGRTMAX v1.SleepAction: properties: seconds: description: Seconds is the number of seconds to sleep. type: integer type: object v1.TCPSocketAction: properties: host: description: |- Optional: Host name to connect to, defaults to the pod IP. +optional type: string port: allOf: - $ref: '#/definitions/intstr.IntOrString' description: |- Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. type: object v1.TerminationMessagePolicy: enum: - File - FallbackToLogsOnError type: string x-enum-varnames: - TerminationMessageReadFile - TerminationMessageFallbackToLogsOnError v1.URIScheme: enum: - HTTP - HTTPS type: string x-enum-varnames: - URISchemeHTTP - URISchemeHTTPS v1.VolumeDevice: properties: devicePath: description: devicePath is the path inside of the container that the device will be mapped to. type: string name: description: name must match the name of a persistentVolumeClaim in the pod type: string type: object v1.VolumeMount: properties: mountPath: description: |- Path within the container at which the volume should be mounted. Must not contain ':'. type: string mountPropagation: allOf: - $ref: '#/definitions/v1.MountPropagationMode' description: |- mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). +optional name: description: This must match the Name of a Volume. type: string readOnly: description: |- Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. +optional type: boolean recursiveReadOnly: allOf: - $ref: '#/definitions/v1.RecursiveReadOnlyMode' description: |- RecursiveReadOnly specifies whether read-only mounts should be handled recursively. If ReadOnly is false, this field has no meaning and must be unspecified. If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). If this field is not specified, it is treated as an equivalent of Disabled. +optional subPath: description: |- Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). +optional type: string subPathExpr: description: |- Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. +optional type: string type: object v1.WindowsSecurityContextOptions: properties: gmsaCredentialSpec: description: |- GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. +optional type: string gmsaCredentialSpecName: description: |- GMSACredentialSpecName is the name of the GMSA credential spec to use. +optional type: string hostProcess: description: |- HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. +optional type: boolean runAsUserName: description: |- The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +optional type: string type: object v1beta1.ContainerMetrics: properties: name: description: Container name corresponding to the one from pod.spec.containers. type: string usage: allOf: - $ref: '#/definitions/v1.ResourceList' description: The memory usage is the memory working set. type: object v1beta1.NodeMetrics: properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources +optional type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds +optional type: string metadata: allOf: - $ref: '#/definitions/v1.ObjectMeta' description: |- Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +optional timestamp: description: |- The following fields define time interval from which metrics were collected from the interval [Timestamp-Window, Timestamp]. type: string usage: allOf: - $ref: '#/definitions/v1.ResourceList' description: The memory usage is the memory working set. window: $ref: '#/definitions/v1.Duration' type: object v1beta1.NodeMetricsList: properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources +optional type: string items: description: List of node metrics. items: $ref: '#/definitions/v1beta1.NodeMetrics' type: array kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds +optional type: string metadata: allOf: - $ref: '#/definitions/v1.ListMeta' description: |- Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: object v1beta1.PodMetrics: properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources +optional type: string containers: description: |- Metrics for all containers are collected within the same time window. +listType=atomic items: $ref: '#/definitions/v1beta1.ContainerMetrics' type: array kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds +optional type: string metadata: allOf: - $ref: '#/definitions/v1.ObjectMeta' description: |- Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +optional timestamp: description: |- The following fields define time interval from which metrics were collected from the interval [Timestamp-Window, Timestamp]. type: string window: $ref: '#/definitions/v1.Duration' type: object v1beta1.PodMetricsList: properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources +optional type: string items: description: List of pod metrics. items: $ref: '#/definitions/v1beta1.PodMetrics' type: array kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds +optional type: string metadata: allOf: - $ref: '#/definitions/v1.ListMeta' description: |- Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: object webhooks.webhookCreatePayload: properties: EndpointID: type: integer RegistryID: type: integer ResourceID: type: string WebhookType: allOf: - $ref: '#/definitions/portainer.WebhookType' description: Type of webhook (1 - service) type: object webhooks.webhookUpdatePayload: properties: RegistryID: type: integer type: object info: contact: email: info@portainer.io description: | Portainer API is an HTTP API served by Portainer. It is used by the Portainer UI and everything you can do with the UI can be done using the HTTP API. Examples are available at https://documentation.portainer.io/api/api-examples/ You can find out more about Portainer at [http://portainer.io](http://portainer.io) and get some support on [Slack](http://portainer.io/slack/). # Authentication Most of the API environments(endpoints) require to be authenticated as well as some level of authorization to be used. Portainer API uses JSON Web Token to manage authentication and thus requires you to provide a token in the **Authorization** header of each request with the **Bearer** authentication mechanism. Example: ``` Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE ``` # Security Each API environment(endpoint) has an associated access policy, it is documented in the description of each environment(endpoint). Different access policies are available: - Public access - Authenticated access - Restricted access - Administrator access ### Public access No authentication is required to access the environments(endpoints) with this access policy. ### Authenticated access Authentication is required to access the environments(endpoints) with this access policy. ### Restricted access Authentication is required to access the environments(endpoints) with this access policy. Extra-checks might be added to ensure access to the resource is granted. Returned data might also be filtered. ### Administrator access Authentication as well as an administrator role are required to access the environments(endpoints) with this access policy. # Execute Docker requests Portainer **DO NOT** expose specific environments(endpoints) to manage your Docker resources (create a container, remove a volume, etc...). Instead, it acts as a reverse-proxy to the Docker HTTP API. This means that you can execute Docker requests **via** the Portainer HTTP API. To do so, you can use the `/endpoints/{id}/docker` Portainer API environment(endpoint) (which is not documented below due to Swagger limitations). This environment(endpoint) has a restricted access policy so you still need to be authenticated to be able to query this environment(endpoint). Any query on this environment(endpoint) will be proxied to the Docker API of the associated environment(endpoint) (requests and responses objects are the same as documented in the Docker API). # Private Registry Using private registry, you will need to pass a based64 encoded JSON string ‘{"registryId":\}’ inside the Request Header. The parameter name is "X-Registry-Auth". \ - The registry ID where the repository was created. Example: ``` eyJyZWdpc3RyeUlkIjoxfQ== ``` **NOTE**: You can find more information on how to query the Docker API in the [Docker official documentation](https://docs.docker.com/engine/api/v1.30/) as well as in [this Portainer example](https://documentation.portainer.io/api/api-examples/). license: name: zlib url: https://github.com/portainer/portainer/blob/develop/LICENSE title: PortainerCE API version: 2.39.1 paths: /auth: post: consumes: - application/json description: |- **Access policy**: public Use this environment(endpoint) to authenticate against Portainer using a username and password. operationId: AuthenticateUser parameters: - description: Credentials used for authentication in: body name: body required: true schema: $ref: '#/definitions/auth.authenticatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/auth.authenticateResponse' "400": description: Invalid request "422": description: Invalid Credentials "500": description: Server error summary: Authenticate tags: - auth /auth/logout: post: description: '**Access policy**: public' operationId: Logout responses: "204": description: Success "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Logout tags: - auth /auth/oauth/validate: post: consumes: - application/json description: '**Access policy**: public' operationId: ValidateOAuth parameters: - description: OAuth Credentials used for authentication in: body name: body required: true schema: $ref: '#/definitions/auth.oauthPayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/auth.authenticateResponse' "400": description: Invalid request "422": description: Invalid Credentials "500": description: Server error summary: Authenticate with OAuth tags: - auth /backup: post: consumes: - application/json description: |- Creates an archive with a system data snapshot that could be used to restore the system. **Access policy**: admin operationId: Backup parameters: - description: An object contains the password to encrypt the backup with in: body name: body schema: $ref: '#/definitions/backup.backupPayload' produces: - application/octet-stream responses: "200": description: Success "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Creates an archive with a system data snapshot that could be used to restore the system. tags: - backup /custom_templates: get: description: |- List available custom templates. **Access policy**: authenticated operationId: CustomTemplateList parameters: - collectionFormat: csv description: Template types in: query items: enum: - 1 - 2 - 3 type: integer name: type required: true type: array - description: Filter by edge templates in: query name: edge type: boolean produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/portainer.CustomTemplate' type: array "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List available custom templates tags: - custom_templates /custom_templates/{id}: delete: description: |- Remove a template. **Access policy**: authenticated operationId: CustomTemplateDelete parameters: - description: Template identifier in: path name: id required: true type: integer responses: "204": description: Success "400": description: Invalid request "403": description: Access denied to resource "404": description: Template not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove a template tags: - custom_templates get: description: |- Retrieve details about a template. **Access policy**: authenticated operationId: CustomTemplateInspect parameters: - description: Template identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.CustomTemplate' "400": description: Invalid request "404": description: Template not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect a custom template tags: - custom_templates put: consumes: - application/json description: |- Update a template. **Access policy**: authenticated operationId: CustomTemplateUpdate parameters: - description: Template identifier in: path name: id required: true type: integer - description: Template details in: body name: body required: true schema: $ref: '#/definitions/customtemplates.customTemplateUpdatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.CustomTemplate' "400": description: Invalid request "403": description: Permission denied to access template "404": description: Template not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update a template tags: - custom_templates /custom_templates/{id}/file: get: description: |- Retrieve the content of the Stack file for the specified custom template **Access policy**: authenticated operationId: CustomTemplateFile parameters: - description: Template identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/customtemplates.fileResponse' "400": description: Invalid request "404": description: Custom template not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Get Template stack file content. tags: - custom_templates /custom_templates/{id}/git_fetch: put: description: |- Retrieve details about a template created from git repository method. **Access policy**: authenticated operationId: CustomTemplateGitFetch parameters: - description: Template identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/customtemplates.fileResponse' "400": description: Invalid request "404": description: Custom template not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Fetch the latest config file content based on custom template's git repository configuration tags: - custom_templates /custom_templates/create/file: post: consumes: - multipart/form-data description: |- Create a custom template. **Access policy**: authenticated operationId: CustomTemplateCreateFile parameters: - description: Title of the template in: formData name: Title required: true type: string - description: Description of the template in: formData name: Description required: true type: string - description: A note that will be displayed in the UI. Supports HTML content in: formData name: Note required: true type: string - description: Platform associated to the template (1 - 'linux', 2 - 'windows') enum: - 1 - 2 in: formData name: Platform required: true type: integer - description: Type of created stack (1 - swarm, 2 - compose, 3 - kubernetes) enum: - 1 - 2 - 3 in: formData name: Type required: true type: integer - description: File in: formData name: File required: true type: file - description: URL of the template's logo in: formData name: Logo type: string - description: A json array of variables definitions in: formData name: Variables type: string produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.CustomTemplate' "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a custom template tags: - custom_templates /custom_templates/create/repository: post: consumes: - application/json description: |- Create a custom template. **Access policy**: authenticated operationId: CustomTemplateCreateRepository parameters: - description: Required when using method=repository in: body name: body required: true schema: $ref: '#/definitions/customtemplates.customTemplateFromGitRepositoryPayload' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.CustomTemplate' "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a custom template tags: - custom_templates /custom_templates/create/string: post: consumes: - application/json description: |- Create a custom template. **Access policy**: authenticated operationId: CustomTemplateCreateString parameters: - description: body in: body name: body required: true schema: $ref: '#/definitions/customtemplates.customTemplateFromFileContentPayload' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.CustomTemplate' "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a custom template tags: - custom_templates /docker/{environmentId}/containers/{containerId}/gpus: get: consumes: - application/json description: '**Access policy**:' operationId: dockerContainerGpusInspect parameters: - description: Environment identifier in: path name: environmentId required: true type: integer - description: Container identifier in: path name: containerId required: true type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/containers.containerGpusResponse' "400": description: Bad request "404": description: Environment or container not found "500": description: Internal server error security: - jwt: [] summary: Fetch container gpus data tags: - docker /docker/{environmentId}/dashboard: get: consumes: - application/json description: '**Access policy**: restricted' operationId: dockerDashboard parameters: - description: Environment identifier in: path name: environmentId required: true type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/docker.dashboardResponse' "400": description: Bad request "500": description: Internal server error security: - jwt: [] summary: Get counters for the dashboard tags: - docker /docker/{environmentId}/images: get: description: '**Access policy**:' operationId: dockerImagesList parameters: - description: Environment identifier in: path name: environmentId required: true type: integer - description: Include image usage information in: query name: withUsage type: boolean produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/images.ImageResponse' type: array "400": description: Bad request "500": description: Internal server error security: - jwt: [] summary: Fetch images tags: - docker /edge_groups: get: description: '**Access policy**: administrator' operationId: EdgeGroupList produces: - application/json responses: "200": description: EdgeGroups schema: items: $ref: '#/definitions/edgegroups.decoratedEdgeGroup' type: array "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: list EdgeGroups tags: - edge_groups post: consumes: - application/json description: '**Access policy**: administrator' operationId: EdgeGroupCreate parameters: - description: EdgeGroup data in: body name: body required: true schema: $ref: '#/definitions/edgegroups.edgeGroupCreatePayload' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.EdgeGroup' "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Create an EdgeGroup tags: - edge_groups /edge_groups/{id}: delete: description: '**Access policy**: administrator' operationId: EdgeGroupDelete parameters: - description: EdgeGroup Id in: path name: id required: true type: integer responses: "204": description: No Content "409": description: Edge group is in use by an Edge stack or Edge job "500": description: Server error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Deletes an EdgeGroup tags: - edge_groups get: description: '**Access policy**: administrator' operationId: EdgeGroupInspect parameters: - description: EdgeGroup Id in: path name: id required: true type: integer produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.EdgeGroup' "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Inspects an EdgeGroup tags: - edge_groups put: consumes: - application/json description: '**Access policy**: administrator' operationId: EdgeGroupUpdate parameters: - description: EdgeGroup Id in: path name: id required: true type: integer - description: EdgeGroup data in: body name: body required: true schema: $ref: '#/definitions/edgegroups.edgeGroupUpdatePayload' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.EdgeGroup' "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Updates an EdgeGroup tags: - edge_groups /edge_jobs: get: description: '**Access policy**: administrator' operationId: EdgeJobList produces: - application/json responses: "200": description: OK schema: items: $ref: '#/definitions/portainer.EdgeJob' type: array "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Fetch EdgeJobs list tags: - edge_jobs /edge_jobs/{id}: delete: description: '**Access policy**: administrator' operationId: EdgeJobDelete parameters: - description: EdgeJob Id in: path name: id required: true type: integer responses: "204": description: No Content "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Delete an EdgeJob tags: - edge_jobs get: description: '**Access policy**: administrator' operationId: EdgeJobInspect parameters: - description: EdgeJob Id in: path name: id required: true type: integer produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.EdgeJob' "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Inspect an EdgeJob tags: - edge_jobs put: consumes: - application/json description: '**Access policy**: administrator' operationId: EdgeJobUpdate parameters: - description: EdgeJob Id in: path name: id required: true type: integer - description: EdgeGroup data in: body name: body required: true schema: $ref: '#/definitions/edgejobs.edgeJobUpdatePayload' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.EdgeJob' "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Update an EdgeJob tags: - edge_jobs /edge_jobs/{id}/file: get: description: '**Access policy**: administrator' operationId: EdgeJobFile parameters: - description: EdgeJob Id in: path name: id required: true type: integer produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/edgejobs.edgeJobFileResponse' "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Fetch a file of an EdgeJob tags: - edge_jobs /edge_jobs/{id}/tasks: get: description: '**Access policy**: administrator' operationId: EdgeJobTasksList parameters: - description: EdgeJob Id in: path name: id required: true type: integer produces: - application/json responses: "200": description: OK schema: items: $ref: '#/definitions/edgejobs.taskContainer' type: array "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Fetch the list of tasks on an EdgeJob tags: - edge_jobs /edge_jobs/{id}/tasks/{taskID}/logs: delete: description: '**Access policy**: administrator' operationId: EdgeJobTasksClear parameters: - description: EdgeJob Id in: path name: id required: true type: integer - description: Task Id in: path name: taskID required: true type: integer produces: - application/json responses: "204": description: No Content "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Clear the log for a specifc task on an EdgeJob tags: - edge_jobs get: description: '**Access policy**: administrator' operationId: EdgeJobTaskLogsInspect parameters: - description: EdgeJob Id in: path name: id required: true type: integer - description: Task Id in: path name: taskID required: true type: integer produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/edgejobs.fileResponse' "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Fetch the log for a specifc task on an EdgeJob tags: - edge_jobs post: description: '**Access policy**: administrator' operationId: EdgeJobTasksCollect parameters: - description: EdgeJob Id in: path name: id required: true type: integer - description: Task Id in: path name: taskID required: true type: integer produces: - application/json responses: "204": description: No Content "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Collect the log for a specifc task on an EdgeJob tags: - edge_jobs /edge_jobs/create/file: post: consumes: - multipart/form-data description: '**Access policy**: administrator' operationId: EdgeJobCreateFile parameters: - description: Content of the Stack file in: formData name: file required: true type: file - description: Name of the stack in: formData name: Name required: true type: string - description: A cron expression to schedule this job in: formData name: CronExpression required: true type: string - description: JSON stringified array of Edge Groups ids in: formData name: EdgeGroups required: true type: string - description: JSON stringified array of Environment ids in: formData name: Endpoints required: true type: string - description: If recurring in: formData name: Recurring type: boolean produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.EdgeGroup' "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Create an EdgeJob from a file tags: - edge_jobs /edge_jobs/create/string: post: description: '**Access policy**: administrator' operationId: EdgeJobCreateString parameters: - description: EdgeGroup data when method is string in: body name: body required: true schema: $ref: '#/definitions/edgejobs.edgeJobCreateFromFileContentPayload' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.EdgeGroup' "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Create an EdgeJob from a text tags: - edge_jobs /edge_stacks: get: description: '**Access policy**: administrator' operationId: EdgeStackList parameters: - description: will summarize the statuses in: query name: summarizeStatuses type: boolean produces: - application/json responses: "200": description: OK schema: items: $ref: '#/definitions/portainer.EdgeStack' type: array "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Fetches the list of EdgeStacks tags: - edge_stacks /edge_stacks/{id}: delete: description: '**Access policy**: administrator' operationId: EdgeStackDelete parameters: - description: EdgeStack Id in: path name: id required: true type: integer responses: "204": description: No Content "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Delete an EdgeStack tags: - edge_stacks get: description: '**Access policy**: administrator' operationId: EdgeStackInspect parameters: - description: EdgeStack Id in: path name: id required: true type: integer produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.EdgeStack' "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Inspect an EdgeStack tags: - edge_stacks put: consumes: - application/json description: '**Access policy**: administrator' operationId: EdgeStackUpdate parameters: - description: EdgeStack Id in: path name: id required: true type: integer - description: EdgeStack data in: body name: body required: true schema: $ref: '#/definitions/edgestacks.updateEdgeStackPayload' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.EdgeStack' "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Update an EdgeStack tags: - edge_stacks /edge_stacks/{id}/file: get: description: '**Access policy**: administrator' operationId: EdgeStackFile parameters: - description: EdgeStack Id in: path name: id required: true type: integer produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/edgestacks.stackFileResponse' "400": description: Bad Request "500": description: Internal Server Error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Fetches the stack file for an EdgeStack tags: - edge_stacks /edge_stacks/{id}/status: put: consumes: - application/json description: Authorized only if the request is done by an Edge Environment(Endpoint) operationId: EdgeStackStatusUpdate parameters: - description: EdgeStack Id in: path name: id required: true type: integer - description: EdgeStack status payload in: body name: body required: true schema: $ref: '#/definitions/edgestacks.updateStatusPayload' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.EdgeStack' "400": description: Bad Request "403": description: Forbidden "404": description: Not Found "500": description: Internal Server Error summary: Update an EdgeStack status tags: - edge_stacks /edge_stacks/create/file: post: consumes: - multipart/form-data description: '**Access policy**: administrator' operationId: EdgeStackCreateFile parameters: - description: Name of the stack. it must only consist of lowercase alphanumeric characters, hyphens, or underscores as well as start with a letter or number in: formData name: Name required: true type: string - description: Content of the Stack file in: formData name: file required: true type: file - description: JSON stringified array of Edge Groups ids in: formData name: EdgeGroups required: true type: string - description: deploy type 0 - 'compose', 1 - 'kubernetes' in: formData name: DeploymentType required: true type: integer - description: JSON stringified array of Registry ids to use for this stack in: formData name: Registries type: string - description: Uses the manifest's namespaces instead of the default one, relevant only for kube environments in: formData name: UseManifestNamespaces type: boolean - description: Pre Pull image in: formData name: PrePullImage type: boolean - description: Retry deploy in: formData name: RetryDeploy type: boolean - description: if true, will not create an edge stack, but just will check the settings and return a non-persisted edge stack object in: query name: dryrun type: string produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.EdgeStack' "400": description: Bad request "500": description: Internal server error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Create an EdgeStack from file tags: - edge_stacks /edge_stacks/create/repository: post: description: '**Access policy**: administrator' operationId: EdgeStackCreateRepository parameters: - description: stack config in: body name: body required: true schema: $ref: '#/definitions/edgestacks.edgeStackFromGitRepositoryPayload' - description: if true, will not create an edge stack, but just will check the settings and return a non-persisted edge stack object in: query name: dryrun type: string produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.EdgeStack' "400": description: Bad request "500": description: Internal server error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Create an EdgeStack from a git repository tags: - edge_stacks /edge_stacks/create/string: post: description: '**Access policy**: administrator' operationId: EdgeStackCreateString parameters: - description: stack config in: body name: body required: true schema: $ref: '#/definitions/edgestacks.edgeStackFromStringPayload' - description: if true, will not create an edge stack, but just will check the settings and return a non-persisted edge stack object in: query name: dryrun type: string produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.EdgeStack' "400": description: Bad request "500": description: Internal server error "503": description: Edge compute features are disabled security: - ApiKeyAuth: [] - jwt: [] summary: Create an EdgeStack from a text tags: - edge_stacks /endpoint_groups: get: description: |- List all environment(endpoint) groups based on the current user authorizations. Will return all environment(endpoint) groups if using an administrator account otherwise it will only return authorized environment(endpoint) groups. **Access policy**: restricted operationId: EndpointGroupList produces: - application/json responses: "200": description: Environment(Endpoint) group schema: items: $ref: '#/definitions/portainer.EndpointGroup' type: array "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List Environment(Endpoint) groups tags: - endpoint_groups post: consumes: - application/json description: |- Create a new environment(endpoint) group. **Access policy**: administrator parameters: - description: Environment(Endpoint) Group details in: body name: body required: true schema: $ref: '#/definitions/endpointgroups.endpointGroupCreatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.EndpointGroup' "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create an Environment(Endpoint) Group tags: - endpoint_groups /endpoint_groups/{id}: delete: description: |- Remove an environment(endpoint) group. **Access policy**: administrator operationId: EndpointGroupDelete parameters: - description: EndpointGroup identifier in: path name: id required: true type: integer responses: "204": description: Success "400": description: Invalid request "404": description: EndpointGroup not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove an environment(endpoint) group tags: - endpoint_groups get: consumes: - application/json description: |- Retrieve details abont an environment(endpoint) group. **Access policy**: administrator parameters: - description: Environment(Endpoint) group identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.EndpointGroup' "400": description: Invalid request "404": description: EndpointGroup not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect an Environment(Endpoint) group tags: - endpoint_groups put: consumes: - application/json description: |- Update an environment(endpoint) group. **Access policy**: administrator operationId: EndpointGroupUpdate parameters: - description: EndpointGroup identifier in: path name: id required: true type: integer - description: EndpointGroup details in: body name: body required: true schema: $ref: '#/definitions/endpointgroups.endpointGroupUpdatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.EndpointGroup' "400": description: Invalid request "404": description: EndpointGroup not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update an environment(endpoint) group tags: - endpoint_groups /endpoint_groups/{id}/endpoints/{endpointId}: delete: description: '**Access policy**: administrator' operationId: EndpointGroupDeleteEndpoint parameters: - description: EndpointGroup identifier in: path name: id required: true type: integer - description: Environment(Endpoint) identifier in: path name: endpointId required: true type: integer responses: "204": description: Success "400": description: Invalid request "404": description: EndpointGroup not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Removes environment(endpoint) from an environment(endpoint) group tags: - endpoint_groups put: description: |- Add an environment(endpoint) to an environment(endpoint) group **Access policy**: administrator operationId: EndpointGroupAddEndpoint parameters: - description: EndpointGroup identifier in: path name: id required: true type: integer - description: Environment(Endpoint) identifier in: path name: endpointId required: true type: integer responses: "204": description: Success "400": description: Invalid request "404": description: EndpointGroup not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Add an environment(endpoint) to an environment(endpoint) group tags: - endpoint_groups /endpoints: delete: consumes: - application/json deprecated: true description: |- Deprecated: use the `POST` endpoint instead. Remove multiple environments and optionally clean-up associated resources. **Access policy**: Administrator only. operationId: EndpointDeleteBatchDeprecated parameters: - description: List of environments to delete, with optional deleteCluster flag to clean-up associated resources (cloud environments only) in: body name: body required: true schema: $ref: '#/definitions/endpoints.endpointDeleteBatchPayload' produces: - application/json responses: "204": description: Environment(s) successfully deleted. "207": description: Partial success. Some environments were deleted successfully, while others failed. schema: $ref: '#/definitions/endpoints.endpointDeleteBatchPartialResponse' "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to delete the specified environments. security: - ApiKeyAuth: [] jwt: [] summary: Remove multiple environments tags: - endpoints get: description: |- List all environments(endpoints) based on the current user authorizations. Will return all environments(endpoints) if using an administrator or team leader account otherwise it will only return authorized environments(endpoints). **Access policy**: restricted operationId: EndpointList parameters: - description: Start searching from in: query name: start type: integer - description: Limit results to this value in: query name: limit type: integer - description: Sort results by this value enum: - Name - Group - Status - LastCheckIn - EdgeID in: query name: sort type: string - description: Order sorted results by desc/asc in: query name: order type: integer - description: Search query in: query name: search type: string - collectionFormat: csv description: List environments(endpoints) of these groups in: query items: type: integer name: groupIds type: array - collectionFormat: csv description: List environments(endpoints) by this status in: query items: type: integer name: status type: array - collectionFormat: csv description: List environments(endpoints) of this type in: query items: type: integer name: types type: array - collectionFormat: csv description: search environments(endpoints) with these tags (depends on tagsPartialMatch) in: query items: type: integer name: tagIds type: array - description: If true, will return environment(endpoint) which has one of tagIds, if false (or missing) will return only environments(endpoints) that has all the tags in: query name: tagsPartialMatch type: boolean - collectionFormat: csv description: will return only these environments(endpoints) in: query items: type: integer name: endpointIds type: array - collectionFormat: csv description: will exclude these environments(endpoints) in: query items: type: integer name: excludeIds type: array - collectionFormat: csv description: will exclude environments(endpoints) belonging to these endpoint groups in: query items: type: integer name: excludeGroupIds type: array - description: If true, will return environment(endpoint) that were provisioned in: query name: provisioned type: boolean - collectionFormat: csv description: will return only environments with on of these agent versions in: query items: type: string name: agentVersions type: array - description: if exists true show only edge async agents, false show only standard edge agents. if missing, will show both types (relevant only for edge agents) in: query name: edgeAsync type: boolean - description: if true, show only untrusted edge agents, if false show only trusted edge agents (relevant only for edge agents) in: query name: edgeDeviceUntrusted type: boolean - description: if bigger then zero, show only edge agents that checked-in in the last provided seconds (relevant only for edge agents) in: query name: edgeCheckInPassedSeconds type: number - description: if true, the snapshot data won't be retrieved in: query name: excludeSnapshots type: boolean - description: will return only environments(endpoints) with this name in: query name: name type: string - description: only applied when edgeStackId exists. Filter the returned environments based on their deployment status in the stack (not the environment status!) in: query name: edgeStackStatus type: string - collectionFormat: csv description: List environments(endpoints) of these edge groups in: query items: type: integer name: edgeGroupIds type: array - collectionFormat: csv description: Exclude environments(endpoints) of these edge groups in: query items: type: integer name: excludeEdgeGroupIds type: array produces: - application/json responses: "200": description: Endpoints schema: items: $ref: '#/definitions/portainer.Endpoint' type: array "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List environments(endpoints) tags: - endpoints post: consumes: - multipart/form-data description: |- Create a new environment(endpoint) that will be used to manage an environment(endpoint). **Access policy**: administrator operationId: EndpointCreate parameters: - description: 'Name that will be used to identify this environment(endpoint) (example: my-environment)' in: formData name: Name required: true type: string - description: 'Environment(Endpoint) type. Value must be one of: 1 (Local Docker environment), 2 (Agent environment), 3 (Azure environment), 4 (Edge agent environment) or 5 (Local Kubernetes Environment)' in: formData name: EndpointCreationType required: true type: integer - description: 'Container engine used by the environment(endpoint). Value must be one of: ''docker'' or ''podman''' in: formData name: ContainerEngine type: string - description: 'URL or IP address of a Docker host (example: docker.mydomain.tld:2375). Defaults to local if not specified (Linux: /var/run/docker.sock, Windows: //./pipe/docker_engine). Cannot be empty if EndpointCreationType is set to 4 (Edge agent environment)' in: formData name: URL type: string - description: 'URL or IP address where exposed containers will be reachable. Defaults to URL if not specified (example: docker.mydomain.tld:2375)' in: formData name: PublicURL type: string - description: Environment(Endpoint) group identifier. If not specified will default to 1 (unassigned). in: formData name: GroupID type: integer - description: Require TLS to connect against this environment(endpoint). Must be true if EndpointCreationType is set to 2 (Agent environment) in: formData name: TLS type: boolean - description: Skip server verification when using TLS. Must be true if EndpointCreationType is set to 2 (Agent environment) in: formData name: TLSSkipVerify type: boolean - description: Skip client verification when using TLS. Must be true if EndpointCreationType is set to 2 (Agent environment) in: formData name: TLSSkipClientVerify type: boolean - description: TLS CA certificate file in: formData name: TLSCACertFile type: file - description: TLS client certificate file in: formData name: TLSCertFile type: file - description: TLS client key file in: formData name: TLSKeyFile type: file - description: Azure application ID. Required if environment(endpoint) type is set to 3 in: formData name: AzureApplicationID type: string - description: Azure tenant ID. Required if environment(endpoint) type is set to 3 in: formData name: AzureTenantID type: string - description: Azure authentication key. Required if environment(endpoint) type is set to 3 in: formData name: AzureAuthenticationKey type: string - collectionFormat: csv description: List of tag identifiers to which this environment(endpoint) is associated in: formData items: type: integer name: TagIds type: array - description: The check in interval for edge agent (in seconds) in: formData name: EdgeCheckinInterval type: integer - description: URL or IP address that will be used to establish a reverse tunnel in: formData name: EdgeTunnelServerAddress required: true type: string - description: List of GPUs - json stringified array of {name, value} structs in: formData name: Gpus type: string produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Endpoint' "400": description: Invalid request "409": description: Name is not unique "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a new environment(endpoint) tags: - endpoints /endpoints/{id}: delete: description: |- Remove the environment associated to the specified identifier and optionally clean-up associated resources. **Access policy**: Administrator only. operationId: EndpointDelete parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer responses: "204": description: Environment successfully deleted. "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "403": description: Unauthorized access or operation not allowed. "404": description: Unable to find the environment with the specified identifier inside the database. "500": description: Server error occurred while attempting to delete the environment. security: - ApiKeyAuth: [] jwt: [] summary: Remove an environment tags: - endpoints get: description: |- Retrieve details about an environment(endpoint). **Access policy**: restricted operationId: EndpointInspect parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer - description: if true, the snapshot data won't be retrieved in: query name: excludeSnapshot type: boolean produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Endpoint' "400": description: Invalid request "404": description: Environment(Endpoint) not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect an environment(endpoint) tags: - endpoints put: consumes: - application/json description: |- Update an environment(endpoint). **Access policy**: authenticated operationId: EndpointUpdate parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer - description: Environment(Endpoint) details in: body name: body required: true schema: $ref: '#/definitions/endpoints.endpointUpdatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Endpoint' "400": description: Invalid request "404": description: Environment(Endpoint) not found "409": description: Name is not unique "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update an environment(endpoint) tags: - endpoints /endpoints/{id}/association: put: description: |- De-association an edge environment(endpoint). **Access policy**: administrator operationId: EndpointAssociationDelete parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer produces: - application/json responses: "204": description: Success "400": description: Invalid request "404": description: Environment(Endpoint) not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: De-association an edge environment(endpoint) tags: - endpoints /endpoints/{id}/docker/v2/browse/put: post: consumes: - multipart/form-data description: |- Use this environment(endpoint) to upload TLS files. **Access policy**: administrator parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer - description: Optional volume identifier to upload the file in: query name: volumeID type: string - description: The destination path to upload the file to in: formData name: Path required: true type: string - description: The file to upload in: formData name: file required: true type: file produces: - application/json responses: "204": description: Success "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Upload a file under a specific path on the file system of an environment (endpoint) tags: - endpoints /endpoints/{id}/dockerhub/{registryId}: get: description: |- get docker pull limits for a docker hub registry in the environment **Access policy**: operationId: endpointDockerhubStatus parameters: - description: endpoint ID in: path name: id required: true type: integer - description: registry ID in: path name: registryId required: true type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/endpoints.dockerhubStatusResponse' "400": description: Invalid request "403": description: Permission denied "404": description: registry or endpoint not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: fetch docker pull limits tags: - endpoints /endpoints/{id}/edge/jobs/{jobID}/logs: post: consumes: - application/json description: Authorized only if the request is done by an Edge Environment(Endpoint) parameters: - description: environment(endpoint) Id in: path name: id required: true type: integer - description: Job Id in: path name: jobID required: true type: integer produces: - application/json responses: "200": description: OK "400": description: Bad Request "403": description: Forbidden "500": description: Internal Server Error summary: Update the logs collected from an Edge Job tags: - edge - endpoints /endpoints/{id}/edge/stacks/{stackId}: get: consumes: - application/json description: '**Access policy**: public' parameters: - description: environment(endpoint) Id in: path name: id required: true type: integer - description: EdgeStack Id in: path name: stackId required: true type: integer produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/edge.StackPayload' "400": description: Bad Request "404": description: Not Found "500": description: Internal Server Error summary: Inspect an Edge Stack for an Environment(Endpoint) tags: - edge - endpoints - edge_stacks /endpoints/{id}/edge/status: get: description: |- environment(endpoint) for edge agent to check status of environment(endpoint) **Access policy**: restricted only to Edge environments(endpoints) operationId: EndpointEdgeStatusInspect parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer responses: "200": description: Success schema: $ref: '#/definitions/endpointedge.endpointEdgeStatusInspectResponse' "400": description: Invalid request "403": description: Permission denied to access environment(endpoint) "404": description: Environment(Endpoint) not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Get environment(endpoint) status tags: - endpoints /endpoints/{id}/forceupdateservice: put: consumes: - application/json description: |- force update a docker service **Access policy**: authenticated operationId: endpointForceUpdateService parameters: - description: endpoint identifier in: path name: id required: true type: integer - description: details in: body name: body required: true schema: $ref: '#/definitions/endpoints.forceUpdateServicePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/swarm.ServiceUpdateResponse' "400": description: Invalid request "403": description: Permission denied "404": description: endpoint not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: force update a docker service tags: - endpoints /endpoints/{id}/kubernetes/helm: get: consumes: - application/json description: '**Access policy**: authenticated' operationId: HelmList parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer - description: specify an optional namespace in: query name: namespace type: string - description: specify an optional filter in: query name: filter type: string - description: specify an optional selector in: query name: selector type: string produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/release.ReleaseElement' type: array "400": description: Invalid environment(endpoint) identifier "401": description: Unauthorized "404": description: Environment(Endpoint) or ServiceAccount not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List Helm Releases tags: - helm post: consumes: - application/json description: '**Access policy**: authenticated' operationId: HelmInstall parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer - description: Chart details in: body name: payload required: true schema: $ref: '#/definitions/helm.installChartPayload' - description: Dry run in: query name: dryRun type: boolean produces: - application/json responses: "201": description: Created schema: $ref: '#/definitions/github_com_portainer_portainer_pkg_libhelm_release.Release' "401": description: Unauthorized "404": description: Environment(Endpoint) or ServiceAccount not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Install Helm Chart tags: - helm /endpoints/{id}/kubernetes/helm/{name}: get: description: |- Get details of a helm release by release name **Access policy**: authenticated operationId: HelmGet parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer - description: Helm release name in: path name: name required: true type: string - description: specify an optional namespace in: query name: namespace type: string - description: show resources of the release in: query name: showResources type: boolean - description: specify an optional revision in: query name: revision type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/github_com_portainer_portainer_pkg_libhelm_release.Release' "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the release. security: - ApiKeyAuth: [] jwt: [] summary: Get a helm release tags: - helm /endpoints/{id}/kubernetes/helm/{release}: delete: description: '**Access policy**: authenticated' operationId: HelmDelete parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer - description: The name of the release/application to uninstall in: path name: release required: true type: string - description: An optional namespace in: query name: namespace type: string responses: "204": description: Success "400": description: Invalid environment(endpoint) id or bad request "401": description: Unauthorized "404": description: Environment(Endpoint) or ServiceAccount not found "500": description: Server error or helm error security: - ApiKeyAuth: [] - jwt: [] summary: Delete Helm Release tags: - helm /endpoints/{id}/kubernetes/helm/{release}/history: get: description: |- Get a historical list of releases by release name **Access policy**: authenticated operationId: HelmGetHistory parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer - description: Helm release name in: path name: name required: true type: string - description: specify an optional namespace in: query name: namespace type: string produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/github_com_portainer_portainer_pkg_libhelm_release.Release' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the historical list of releases. security: - ApiKeyAuth: [] jwt: [] summary: Get a historical list of releases tags: - helm /endpoints/{id}/kubernetes/helm/{release}/rollback: post: description: |- Rollback a helm release to a previous revision **Access policy**: authenticated operationId: HelmRollback parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer - description: Helm release name in: path name: release required: true type: string - description: specify an optional namespace in: query name: namespace type: string - description: specify the revision to rollback to (defaults to previous revision if not specified) in: query name: revision type: integer - description: 'wait for resources to be ready (default: false)' in: query name: wait type: boolean - description: 'wait for jobs to complete before marking the release as successful (default: false)' in: query name: waitForJobs type: boolean - description: 'performs pods restart for the resource if applicable (default: true)' in: query name: recreate type: boolean - description: 'force resource update through delete/recreate if needed (default: false)' in: query name: force type: boolean - description: 'time to wait for any individual Kubernetes operation in seconds (default: 300)' in: query name: timeout type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/github_com_portainer_portainer_pkg_libhelm_release.Release' "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or release name. "500": description: Server error occurred while attempting to rollback the release. security: - ApiKeyAuth: [] jwt: [] summary: Rollback a helm release tags: - helm /endpoints/{id}/registries: get: description: |- List all registries based on the current user authorizations in current environment. **Access policy**: authenticated operationId: endpointRegistriesList parameters: - description: required if kubernetes environment, will show registries by namespace in: query name: namespace type: string - description: Environment(Endpoint) identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/portainer.Registry' type: array "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List Registries on environment tags: - endpoints /endpoints/{id}/registries/{registryId}: put: consumes: - application/json description: '**Access policy**: authenticated' operationId: endpointRegistryAccess parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer - description: Registry identifier in: path name: registryId required: true type: integer - description: details in: body name: body required: true schema: $ref: '#/definitions/endpoints.registryAccessPayload' produces: - application/json responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: Endpoint not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: update registry access for environment tags: - endpoints /endpoints/{id}/settings: put: consumes: - application/json description: |- Update settings for an environment(endpoint). **Access policy**: authenticated operationId: EndpointSettingsUpdate parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer - description: Environment(Endpoint) details in: body name: body required: true schema: $ref: '#/definitions/endpoints.endpointSettingsUpdatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Endpoint' "400": description: Invalid request "404": description: Environment(Endpoint) not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update settings for an environment(endpoint) tags: - endpoints /endpoints/{id}/snapshot: post: description: |- Snapshots an environment(endpoint) **Access policy**: administrator operationId: EndpointSnapshot parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer responses: "204": description: Success "400": description: Invalid request "404": description: Environment(Endpoint) not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Snapshots an environment(endpoint) tags: - endpoints /endpoints/delete: post: consumes: - application/json description: |- Remove multiple environments and optionally clean-up associated resources. **Access policy**: Administrator only. operationId: EndpointDeleteBatch parameters: - description: List of environments to delete, with optional deleteCluster flag to clean-up associated resources (cloud environments only) in: body name: body required: true schema: $ref: '#/definitions/endpoints.endpointDeleteBatchPayload' produces: - application/json responses: "204": description: Environment(s) successfully deleted. "207": description: Partial success. Some environments were deleted successfully, while others failed. schema: $ref: '#/definitions/endpoints.endpointDeleteBatchPartialResponse' "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to delete the specified environments. security: - ApiKeyAuth: [] jwt: [] summary: Remove multiple environments tags: - endpoints /endpoints/global-key: post: operationId: EndpointCreateGlobalKey responses: "200": description: Success schema: $ref: '#/definitions/endpoints.endpointCreateGlobalKeyResponse' "400": description: Invalid request "500": description: Server error summary: Create or retrieve the endpoint for an EdgeID tags: - endpoints /endpoints/relations: put: consumes: - application/json description: |- Update relations for a list of environments Edge groups, tags and environment group can be updated. **Access policy**: administrator operationId: EndpointUpdateRelations parameters: - description: Environment relations data in: body name: body required: true schema: $ref: '#/definitions/endpoints.endpointUpdateRelationsPayload' responses: "204": description: Success "400": description: Invalid request "401": description: Unauthorized "404": description: Not found "500": description: Server error security: - jwt: [] summary: Update relations for a list of environments tags: - endpoints /endpoints/snapshot: post: description: |- Snapshot all environments(endpoints) **Access policy**: administrator operationId: EndpointSnapshots responses: "204": description: Success "500": description: Server Error security: - ApiKeyAuth: [] - jwt: [] summary: Snapshot all environments(endpoints) tags: - endpoints /gitops/repo/file/preview: post: description: |- Retrieve the compose file content based on git repository configuration **Access policy**: authenticated operationId: GitOperationRepoFilePreview parameters: - description: Template details in: body name: body required: true schema: $ref: '#/definitions/gitops.repositoryFilePreviewPayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/gitops.fileResponse' "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: preview the content of target file in the git repository tags: - gitops /kubernetes/{id}/applications: get: description: |- Get a list of applications across all namespaces in the cluster. If the nodeName is provided, it will return the applications running on that node. **Access policy**: authenticated operationId: GetAllKubernetesApplications parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer - description: Namespace name in: query name: namespace required: true type: string - description: Node name in: query name: nodeName required: true type: string produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sApplication' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the list of applications from the cluster. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of applications across all namespaces in the cluster. If the nodeName is provided, it will return the applications running on that node. tags: - kubernetes /kubernetes/{id}/applications/count: get: description: |- Get the count of Applications across all namespaces in the cluster. If the nodeName is provided, it will return the count of applications running on that node. **Access policy**: Authenticated user. operationId: GetAllKubernetesApplicationsCount parameters: - description: Environment identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: type: integer "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the count of all applications from the cluster. security: - ApiKeyAuth: [] jwt: [] summary: Get Applications count tags: - kubernetes /kubernetes/{id}/cluster_role_bindings/delete: post: consumes: - application/json description: |- Delete the provided list of cluster role bindings. **Access policy**: Authenticated user. operationId: DeleteClusterRoleBindings parameters: - description: Environment identifier in: path name: id required: true type: integer - description: A list of cluster role bindings to delete in: body name: payload required: true schema: items: type: string type: array responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific cluster role binding. "500": description: Server error occurred while attempting to delete cluster role bindings. security: - ApiKeyAuth: [] jwt: [] summary: Delete cluster role bindings tags: - kubernetes /kubernetes/{id}/cluster_roles/delete: post: consumes: - application/json description: |- Delete the provided list of cluster roles. **Access policy**: Authenticated user. operationId: DeleteClusterRoles parameters: - description: Environment identifier in: path name: id required: true type: integer - description: A list of cluster roles to delete in: body name: payload required: true schema: items: type: string type: array responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific cluster role. "500": description: Server error occurred while attempting to delete cluster roles. security: - ApiKeyAuth: [] jwt: [] summary: Delete cluster roles tags: - kubernetes /kubernetes/{id}/clusterrolebindings: get: description: |- Get a list of kubernetes cluster role bindings within the given environment at the cluster level. **Access policy**: Authenticated user. operationId: GetAllKubernetesClusterRoleBindings parameters: - description: Environment identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sClusterRoleBinding' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the list of cluster role bindings. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of kubernetes cluster role bindings tags: - kubernetes /kubernetes/{id}/clusterroles: get: description: |- Get a list of kubernetes cluster roles within the given environment at the cluster level. **Access policy**: Authenticated user. operationId: GetAllKubernetesClusterRoles parameters: - description: Environment identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sClusterRole' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the list of cluster roles. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of kubernetes cluster roles tags: - kubernetes /kubernetes/{id}/configmaps: get: description: |- Get a list of ConfigMaps across all namespaces in the cluster. For non-admin users, it will only return ConfigMaps based on the namespaces that they have access to. **Access policy**: Authenticated user. operationId: GetAllKubernetesConfigMaps parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Set to true to include information about applications that use the ConfigMaps in the response in: query name: isUsed required: true type: boolean produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sConfigMap' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve all configmaps from the cluster. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of ConfigMaps tags: - kubernetes /kubernetes/{id}/configmaps/count: get: description: |- Get the count of ConfigMaps across all namespaces in the cluster. For non-admin users, it will only return the count of ConfigMaps based on the namespaces that they have access to. **Access policy**: Authenticated user. operationId: GetAllKubernetesConfigMapsCount parameters: - description: Environment identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: type: integer "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the count of all configmaps from the cluster. security: - ApiKeyAuth: [] jwt: [] summary: Get ConfigMaps count tags: - kubernetes /kubernetes/{id}/cron_jobs: get: description: |- Get a list of kubernetes Cron Jobs that the user has access to. **Access policy**: Authenticated user. operationId: GetKubernetesCronJobs parameters: - description: Environment identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sCronJob' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the list of Cron Jobs. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of kubernetes Cron Jobs tags: - kubernetes /kubernetes/{id}/cron_jobs/delete: post: consumes: - application/json description: |- Delete the provided list of Cron Jobs. **Access policy**: Authenticated user. operationId: DeleteCronJobs parameters: - description: Environment identifier in: path name: id required: true type: integer - description: A map where the key is the namespace and the value is an array of Cron Jobs to delete in: body name: payload required: true schema: $ref: '#/definitions/kubernetes.K8sCronJobDeleteRequests' responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific service account. "500": description: Server error occurred while attempting to delete Cron Jobs. security: - ApiKeyAuth: [] jwt: [] summary: Delete Cron Jobs tags: - kubernetes /kubernetes/{id}/dashboard: get: consumes: - application/json description: |- Get the dashboard summary data which is simply a count of a range of different commonly used kubernetes resources. **Access policy**: Authenticated user. operationId: GetKubernetesDashboard parameters: - description: Environment (Endpoint) identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sDashboard' type: array "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] jwt: [] summary: Get the dashboard summary data tags: - kubernetes /kubernetes/{id}/describe: get: description: |- Get a description of a kubernetes resource. **Access policy**: Authenticated user. operationId: DescribeResource parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Resource name in: query name: name required: true type: string - description: Resource kind in: query name: kind required: true type: string - description: Namespace in: query name: namespace type: string produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/kubernetes.describeResourceResponse' "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve resource description security: - ApiKeyAuth: [] jwt: [] summary: Get a description of a kubernetes resource tags: - kubernetes /kubernetes/{id}/events: get: description: |- Get events by query param resourceId **Access policy**: Authenticated user. operationId: getAllKubernetesEvents parameters: - description: Environment identifier in: path name: id required: true type: integer - description: The resource id of the involved kubernetes object in: query name: resourceId type: string produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sEvent' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "500": description: Server error occurred while attempting to retrieve the events. security: - ApiKeyAuth: [] jwt: [] summary: Gets kubernetes events tags: - kubernetes /kubernetes/{id}/ingresscontrollers: get: description: |- Get a list of ingress controllers for the given environment. If the allowedOnly query parameter is set, only ingress controllers that are allowed by the environment's ingress configuration will be returned. **Access policy**: Authenticated user. operationId: GetAllKubernetesIngressControllers parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Only return allowed ingress controllers in: query name: allowedOnly type: boolean produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sIngressController' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve ingress controllers security: - ApiKeyAuth: [] jwt: [] summary: Get a list of ingress controllers tags: - kubernetes put: consumes: - application/json description: |- Update (block/unblock) ingress controllers for the provided environment. **Access policy**: Authenticated user. operationId: UpdateKubernetesIngressControllers parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Ingress controllers in: body name: body required: true schema: items: $ref: '#/definitions/kubernetes.K8sIngressController' type: array produces: - application/json responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find the ingress controllers to update. "500": description: Server error occurred while attempting to update ingress controllers. security: - ApiKeyAuth: [] jwt: [] summary: Update (block/unblock) ingress controllers tags: - kubernetes /kubernetes/{id}/ingresses: get: description: |- Get kubernetes ingresses at the cluster level for the provided environment. **Access policy**: Authenticated user. operationId: GetAllKubernetesClusterIngresses parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Lookup services associated with each ingress in: query name: withServices type: boolean produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sIngressInfo' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve ingresses. security: - ApiKeyAuth: [] jwt: [] summary: Get kubernetes ingresses at the cluster level tags: - kubernetes /kubernetes/{id}/ingresses/count: get: description: |- Get the number of kubernetes ingresses within the given environment. **Access policy**: Authenticated user. operationId: GetAllKubernetesClusterIngressesCount parameters: - description: Environment identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: type: integer "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve ingresses count. security: - ApiKeyAuth: [] jwt: [] summary: Get Ingresses count tags: - kubernetes /kubernetes/{id}/ingresses/delete: post: consumes: - application/json description: |- Delete one or more Ingresses in the provided environment. **Access policy**: Authenticated user. operationId: DeleteKubernetesIngresses parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Ingress details in: body name: body required: true schema: $ref: '#/definitions/kubernetes.K8sIngressDeleteRequests' produces: - application/json responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific ingress. "500": description: Server error occurred while attempting to delete specified ingresses. security: - ApiKeyAuth: [] jwt: [] summary: Delete one or more Ingresses tags: - kubernetes /kubernetes/{id}/jobs: get: description: |- Get a list of kubernetes Jobs that the user has access to. **Access policy**: Authenticated user. operationId: GetKubernetesJobs parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Whether to include Jobs that have a cronjob owner in: query name: includeCronJobChildren type: boolean produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sJob' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the list of Jobs. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of kubernetes Jobs tags: - kubernetes /kubernetes/{id}/jobs/delete: post: consumes: - application/json description: |- Delete the provided list of Jobs. **Access policy**: Authenticated user. operationId: DeleteJobs parameters: - description: Environment identifier in: path name: id required: true type: integer - description: A map where the key is the namespace and the value is an array of Jobs to delete in: body name: payload required: true schema: $ref: '#/definitions/kubernetes.K8sJobDeleteRequests' responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific service account. "500": description: Server error occurred while attempting to delete Jobs. security: - ApiKeyAuth: [] jwt: [] summary: Delete Jobs tags: - kubernetes /kubernetes/{id}/max_resource_limits: get: description: |- Get max CPU and memory limits (unused resources) of all nodes within k8s cluster. **Access policy**: Authenticated user. operationId: GetKubernetesMaxResourceLimits parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.K8sNodesLimits' "400": description: Invalid request "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve nodes limits. security: - ApiKeyAuth: [] jwt: [] summary: Get max CPU and memory limits of all nodes within k8s cluster tags: - kubernetes /kubernetes/{id}/metrics/applications_resources: get: description: |- Get the total CPU (cores) and memory (bytes) requests and limits of all applications across all namespaces. **Access policy**: Authenticated user. operationId: GetApplicationsResources parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer - description: Node name in: query name: node required: true type: string produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/kubernetes.K8sApplicationResource' "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the total resource requests and limits for all applications from the cluster. security: - ApiKeyAuth: [] jwt: [] summary: Get the total resource requests and limits of all applications tags: - kubernetes /kubernetes/{id}/metrics/nodes: get: description: |- Get a list of metrics associated with all nodes of a cluster. **Access policy**: Authenticated user. operationId: GetKubernetesMetricsForAllNodes parameters: - description: Environment identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/v1beta1.NodeMetricsList' "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "500": description: Server error occurred while attempting to retrieve the list of nodes with their live metrics. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of nodes with their live metrics tags: - kubernetes /kubernetes/{id}/metrics/nodes/{name}: get: description: |- Get live metrics for the specified node. **Access policy**: Authenticated user. operationId: GetKubernetesMetricsForNode parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Node identifier in: path name: name required: true type: string produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/v1beta1.NodeMetrics' "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "500": description: Server error occurred while attempting to retrieve the live metrics for the specified node. security: - ApiKeyAuth: [] jwt: [] summary: Get live metrics for a node tags: - kubernetes /kubernetes/{id}/metrics/pods/{namespace}: get: description: |- Get a list of pods with their live metrics for the specified namespace. **Access policy**: Authenticated user. operationId: GetKubernetesMetricsForAllPods parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Namespace in: path name: namespace required: true type: string produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/v1beta1.PodMetricsList' "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "500": description: Server error occurred while attempting to retrieve the list of pods with their live metrics. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of pods with their live metrics tags: - kubernetes /kubernetes/{id}/metrics/pods/{namespace}/{name}: get: description: |- Get live metrics for the specified pod. **Access policy**: Authenticated user. operationId: GetKubernetesMetricsForPod parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Namespace in: path name: namespace required: true type: string - description: Pod identifier in: path name: name required: true type: string produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/v1beta1.PodMetrics' "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "500": description: Server error occurred while attempting to retrieve the live metrics for the specified pod. security: - ApiKeyAuth: [] jwt: [] summary: Get live metrics for a pod tags: - kubernetes /kubernetes/{id}/namespaces: delete: description: |- Delete a kubernetes namespace within the given environment. **Access policy**: Authenticated user. operationId: DeleteKubernetesNamespace parameters: - description: Environment identifier in: path name: id required: true type: integer responses: "200": description: Success schema: type: string "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to delete the namespace. security: - ApiKeyAuth: [] jwt: [] summary: Delete a kubernetes namespace tags: - kubernetes get: description: |- Get a list of all namespaces within the given environment based on the user role and permissions. If the user is an admin, they can access all namespaces. If the user is not an admin, they can only access namespaces that they have access to. **Access policy**: Authenticated user. operationId: GetKubernetesNamespaces parameters: - description: Environment identifier in: path name: id required: true type: integer - description: When set to true, include the resource quota information as part of the Namespace information. Default is false in: query name: withResourceQuota required: true type: boolean - description: When set to true, include the unhealthy events information as part of the Namespace information. Default is false in: query name: withUnhealthyEvents required: true type: boolean produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/portainer.K8sNamespaceInfo' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the list of namespaces. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of namespaces tags: - kubernetes post: consumes: - application/json description: |- Create a namespace within the given environment. **Access policy**: Authenticated user. operationId: CreateKubernetesNamespace parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Namespace configuration details in: body name: body required: true schema: $ref: '#/definitions/kubernetes.K8sNamespaceDetails' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.K8sNamespaceInfo' "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "409": description: Conflict - the namespace already exists. "500": description: Server error occurred while attempting to create the namespace. security: - ApiKeyAuth: [] jwt: [] summary: Create a namespace tags: - kubernetes put: consumes: - application/json description: |- Update a namespace within the given environment. **Access policy**: Authenticated user. operationId: UpdateKubernetesNamespaceDeprecated parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Namespace in: path name: namespace required: true type: string - description: Namespace details in: body name: body required: true schema: $ref: '#/definitions/kubernetes.K8sNamespaceDetails' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.K8sNamespaceInfo' "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific namespace. "500": description: Server error occurred while attempting to update the namespace. security: - ApiKeyAuth: [] jwt: [] summary: Update a namespace tags: - kubernetes /kubernetes/{id}/namespaces/{namespace}: get: description: |- Get namespace details for the provided namespace within the given environment. **Access policy**: Authenticated user. operationId: GetKubernetesNamespace parameters: - description: Environment identifier in: path name: id required: true type: integer - description: The namespace name to get details for in: path name: namespace required: true type: string - description: When set to true, include the resource quota information as part of the Namespace information. Default is false in: query name: withResourceQuota required: true type: boolean produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.K8sNamespaceInfo' "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific namespace. "500": description: Server error occurred while attempting to retrieve specified namespace information. security: - ApiKeyAuth: [] jwt: [] summary: Get namespace details tags: - kubernetes put: consumes: - application/json description: |- Update a namespace within the given environment. **Access policy**: Authenticated user. operationId: UpdateKubernetesNamespace parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Namespace in: path name: namespace required: true type: string - description: Namespace details in: body name: body required: true schema: $ref: '#/definitions/kubernetes.K8sNamespaceDetails' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.K8sNamespaceInfo' "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific namespace. "500": description: Server error occurred while attempting to update the namespace. security: - ApiKeyAuth: [] jwt: [] summary: Update a namespace tags: - kubernetes /kubernetes/{id}/namespaces/{namespace}/configmaps/{configmap}: get: description: |- Get a ConfigMap by name for a given namespace. **Access policy**: Authenticated user. operationId: GetKubernetesConfigMap parameters: - description: Environment identifier in: path name: id required: true type: integer - description: The namespace name where the configmap is located in: path name: namespace required: true type: string - description: The configmap name to get details for in: path name: configmap required: true type: string produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/kubernetes.K8sConfigMap' "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or a configmap with the specified name in the given namespace. "500": description: Server error occurred while attempting to retrieve a configmap by name within the specified namespace. security: - ApiKeyAuth: [] jwt: [] summary: Get a ConfigMap tags: - kubernetes /kubernetes/{id}/namespaces/{namespace}/events: get: description: |- Get events by optional query param resourceId for a given namespace. **Access policy**: Authenticated user. operationId: getKubernetesEventsForNamespace parameters: - description: Environment identifier in: path name: id required: true type: integer - description: The namespace name the events are associated to in: path name: namespace required: true type: string - description: The resource id of the involved kubernetes object in: query name: resourceId type: string produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sEvent' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "500": description: Server error occurred while attempting to retrieve the events within the specified namespace. security: - ApiKeyAuth: [] jwt: [] summary: Gets kubernetes events for namespace tags: - kubernetes /kubernetes/{id}/namespaces/{namespace}/ingresscontrollers: get: description: |- Get a list of ingress controllers for the given environment in the provided namespace. **Access policy**: Authenticated user. operationId: GetKubernetesIngressControllersByNamespace parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Namespace in: path name: namespace required: true type: string produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sIngressController' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or a namespace with the specified name. "500": description: Server error occurred while attempting to retrieve ingress controllers by a namespace security: - ApiKeyAuth: [] jwt: [] summary: Get a list ingress controllers by namespace tags: - kubernetes put: consumes: - application/json description: |- Update (block/unblock) ingress controllers by namespace for the provided environment. **Access policy**: Authenticated user. operationId: UpdateKubernetesIngressControllersByNamespace parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Namespace name in: path name: namespace required: true type: string - description: Ingress controllers in: body name: body required: true schema: items: $ref: '#/definitions/kubernetes.K8sIngressController' type: array produces: - application/json responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to update ingress controllers by namespace. security: - ApiKeyAuth: [] jwt: [] summary: Update (block/unblock) ingress controllers by namespace tags: - kubernetes /kubernetes/{id}/namespaces/{namespace}/ingresses: get: description: |- Get a list of Ingresses. If namespace is provided, it will return the list of Ingresses in that namespace. **Access policy**: Authenticated user. operationId: GetAllKubernetesIngresses parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Namespace name in: path name: namespace required: true type: string produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sIngressInfo' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve ingresses security: - ApiKeyAuth: [] jwt: [] summary: Get a list of Ingresses tags: - kubernetes post: consumes: - application/json description: |- Create an Ingress for the provided environment. **Access policy**: Authenticated user. operationId: CreateKubernetesIngress parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Namespace name in: path name: namespace required: true type: string - description: Ingress details in: body name: body required: true schema: $ref: '#/definitions/kubernetes.K8sIngressInfo' produces: - application/json responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "409": description: Conflict - an ingress with the same name already exists in the specified namespace. "500": description: Server error occurred while attempting to create an ingress. security: - ApiKeyAuth: [] jwt: [] summary: Create an Ingress tags: - kubernetes put: consumes: - application/json description: |- Update an Ingress for the provided environment. **Access policy**: Authenticated user. operationId: UpdateKubernetesIngress parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Namespace name in: path name: namespace required: true type: string - description: Ingress details in: body name: body required: true schema: $ref: '#/definitions/kubernetes.K8sIngressInfo' produces: - application/json responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find the specified ingress. "500": description: Server error occurred while attempting to update the specified ingress. security: - ApiKeyAuth: [] jwt: [] summary: Update an Ingress tags: - kubernetes /kubernetes/{id}/namespaces/{namespace}/ingresses/{ingress}: get: description: |- Get an Ingress by name for the provided environment. **Access policy**: Authenticated user. operationId: GetKubernetesIngress parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Namespace name in: path name: namespace required: true type: string - description: Ingress name in: path name: ingress required: true type: string produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/kubernetes.K8sIngressInfo' "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find an ingress with the specified name. "500": description: Server error occurred while attempting to retrieve an ingress. security: - ApiKeyAuth: [] jwt: [] summary: Get an Ingress by name tags: - kubernetes /kubernetes/{id}/namespaces/{namespace}/secrets/{secret}: get: description: |- Get a Secret by name for a given namespace. **Access policy**: Authenticated user. operationId: GetKubernetesSecret parameters: - description: Environment identifier in: path name: id required: true type: integer - description: The namespace name where the secret is located in: path name: namespace required: true type: string - description: The secret name to get details for in: path name: secret required: true type: string produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/kubernetes.K8sSecret' "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve a secret by name belong in a namespace. security: - ApiKeyAuth: [] jwt: [] summary: Get a Secret tags: - kubernetes /kubernetes/{id}/namespaces/{namespace}/services: get: description: |- Get a list of services for a given namespace. **Access policy**: Authenticated user. operationId: GetKubernetesServicesByNamespace parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Namespace name in: path name: namespace required: true type: string produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sServiceInfo' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve all services for a namespace. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of services for a given namespace tags: - kubernetes post: consumes: - application/json description: |- Create a service within a given namespace **Access policy**: Authenticated user. operationId: CreateKubernetesService parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Namespace name in: path name: namespace required: true type: string - description: Service definition in: body name: body required: true schema: $ref: '#/definitions/kubernetes.K8sServiceInfo' produces: - application/json responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to create a service. security: - ApiKeyAuth: [] jwt: [] summary: Create a service tags: - kubernetes put: consumes: - application/json description: |- Update a service within a given namespace. **Access policy**: Authenticated user. operationId: UpdateKubernetesService parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Namespace name in: path name: namespace required: true type: string - description: Service definition in: body name: body required: true schema: $ref: '#/definitions/kubernetes.K8sServiceInfo' produces: - application/json responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find the service to update. "500": description: Server error occurred while attempting to update a service. security: - ApiKeyAuth: [] jwt: [] summary: Update a service tags: - kubernetes /kubernetes/{id}/namespaces/{namespace}/system: put: consumes: - application/json description: |- Toggle the system state for a namespace **Access policy**: Administrator or environment administrator. operationId: KubernetesNamespacesToggleSystem parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Namespace name in: path name: namespace required: true type: string - description: Update details in: body name: body required: true schema: $ref: '#/definitions/kubernetes.namespacesToggleSystemPayload' responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find the namespace to update. "500": description: Server error occurred while attempting to update the system state of the namespace. security: - ApiKeyAuth: [] jwt: [] summary: Toggle the system state for a namespace tags: - kubernetes /kubernetes/{id}/namespaces/{namespace}/volumes: get: description: |- Get a list of kubernetes volumes within the specified namespace in the given environment (Endpoint). The Endpoint ID must be a valid Portainer environment identifier. **Access policy**: Authenticated user. operationId: GetKubernetesVolumesInNamespace parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Namespace identifier in: path name: namespace required: true type: string - description: When set to True, include the applications that are using the volumes. It is set to false by default in: query name: withApplications type: boolean produces: - application/json responses: "200": description: Success schema: additionalProperties: $ref: '#/definitions/kubernetes.K8sVolumeInfo' type: object "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to retrieve kubernetes volumes in the namespace. security: - ApiKeyAuth: [] jwt: [] summary: Get Kubernetes volumes within a namespace in the given Portainer environment tags: - kubernetes /kubernetes/{id}/namespaces/count: get: description: |- Get the total number of kubernetes namespaces within the given environment, including the system namespaces. The total count depends on the user's role and permissions. **Access policy**: Authenticated user. operationId: GetKubernetesNamespacesCount parameters: - description: Environment identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: type: integer "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to compute the namespace count. security: - ApiKeyAuth: [] jwt: [] summary: Get the total number of kubernetes namespaces within the given Portainer environment. tags: - kubernetes /kubernetes/{id}/nodes/{name}/drain: post: consumes: - application/json description: |- Drain a Kubernetes node by safely evicting all pods from the node, preparing it for maintenance or removal **Access policy**: authenticated operationId: drainNode parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer - description: Name of the node to drain in: path name: name required: true type: string responses: "204": description: Success "400": description: Invalid request, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find the specified node. "500": description: Server error occurred while attempting to drain node. security: - ApiKeyAuth: [] jwt: [] summary: Drain a Kubernetes node tags: - kubernetes /kubernetes/{id}/nodes_limits: get: description: |- Get CPU and memory limits of all nodes within k8s cluster. **Access policy**: Authenticated user. operationId: GetKubernetesNodesLimits parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.K8sNodesLimits' "400": description: Invalid request "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve nodes limits. security: - ApiKeyAuth: [] jwt: [] summary: Get CPU and memory limits of all nodes within k8s cluster tags: - kubernetes /kubernetes/{id}/rbac_enabled: get: description: |- Check if RBAC is enabled in the specified Kubernetes cluster. **Access policy**: Authenticated user. operationId: GetKubernetesRBACStatus parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: RBAC status schema: type: boolean "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the RBAC status. security: - ApiKeyAuth: [] jwt: [] summary: Check if RBAC is enabled tags: - kubernetes /kubernetes/{id}/role_bindings/delete: post: consumes: - application/json description: |- Delete the provided list of role bindings. **Access policy**: Authenticated user. operationId: DeleteRoleBindings parameters: - description: Environment identifier in: path name: id required: true type: integer - description: A map where the key is the namespace and the value is an array of role bindings to delete in: body name: payload required: true schema: $ref: '#/definitions/kubernetes.K8sRoleBindingDeleteRequests' responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific role binding. "500": description: Server error occurred while attempting to delete role bindings. security: - ApiKeyAuth: [] jwt: [] summary: Delete role bindings tags: - kubernetes /kubernetes/{id}/rolebindings: get: description: |- Get a list of kubernetes role bindings that the user has access to. **Access policy**: Authenticated user. operationId: GetKubernetesRoleBindings parameters: - description: Environment identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sRoleBinding' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the list of role bindings. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of kubernetes role bindings tags: - kubernetes /kubernetes/{id}/roles: get: description: |- Get a list of kubernetes roles that the user has access to. **Access policy**: Authenticated user. operationId: GetKubernetesRoles parameters: - description: Environment identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sRole' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the list of roles. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of kubernetes roles tags: - kubernetes /kubernetes/{id}/roles/delete: post: consumes: - application/json description: |- Delete the provided list of roles. **Access policy**: Authenticated user. operationId: DeleteRoles parameters: - description: Environment identifier in: path name: id required: true type: integer - description: A map where the key is the namespace and the value is an array of roles to delete in: body name: payload required: true schema: $ref: '#/definitions/kubernetes.K8sRoleDeleteRequests' responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific role. "500": description: Server error occurred while attempting to delete roles. security: - ApiKeyAuth: [] jwt: [] summary: Delete roles tags: - kubernetes /kubernetes/{id}/secrets: get: description: |- Get a list of Secrets for a given namespace. If isUsed is set to true, information about the applications that use the secrets is also returned. **Access policy**: Authenticated user. operationId: GetKubernetesSecrets parameters: - description: Environment identifier in: path name: id required: true type: integer - description: When set to true, associate the Secrets with the applications that use them in: query name: isUsed required: true type: boolean produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sSecret' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve all secrets from the cluster. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of Secrets tags: - kubernetes /kubernetes/{id}/secrets/count: get: description: |- Get the count of Secrets across all namespaces that the user has access to. **Access policy**: Authenticated user. operationId: GetKubernetesSecretsCount parameters: - description: Environment identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: type: integer "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the count of all secrets from the cluster. security: - ApiKeyAuth: [] jwt: [] summary: Get Secrets count tags: - kubernetes /kubernetes/{id}/service_accounts/delete: post: consumes: - application/json description: |- Delete the provided list of service accounts. **Access policy**: Authenticated user. operationId: DeleteServiceAccounts parameters: - description: Environment identifier in: path name: id required: true type: integer - description: A map where the key is the namespace and the value is an array of service accounts to delete in: body name: payload required: true schema: $ref: '#/definitions/kubernetes.K8sServiceAccountDeleteRequests' responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific service account. "500": description: Server error occurred while attempting to delete service accounts. security: - ApiKeyAuth: [] jwt: [] summary: Delete service accounts tags: - kubernetes /kubernetes/{id}/serviceaccounts: get: description: |- Get a list of kubernetes service accounts that the user has access to. **Access policy**: Authenticated user. operationId: GetKubernetesServiceAccounts parameters: - description: Environment identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sServiceAccount' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the list of service accounts. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of kubernetes service accounts tags: - kubernetes /kubernetes/{id}/services: get: description: |- Get a list of services that the user has access to. **Access policy**: Authenticated user. operationId: GetKubernetesServices parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Lookup applications associated with each service in: query name: withApplications type: boolean produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/kubernetes.K8sServiceInfo' type: array "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve all services. security: - ApiKeyAuth: [] jwt: [] summary: Get a list of services tags: - kubernetes /kubernetes/{id}/services/count: get: description: |- Get the count of services that the user has access to. **Access policy**: Authenticated user. operationId: GetAllKubernetesServicesCount parameters: - description: Environment identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: type: integer "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to retrieve the total count of all services. security: - ApiKeyAuth: [] jwt: [] summary: Get services count tags: - kubernetes /kubernetes/{id}/services/delete: post: consumes: - application/json description: |- Delete the provided list of services. **Access policy**: Authenticated user. operationId: DeleteKubernetesServices parameters: - description: Environment identifier in: path name: id required: true type: integer - description: A map where the key is the namespace and the value is an array of services to delete in: body name: body required: true schema: $ref: '#/definitions/kubernetes.K8sServiceDeleteRequests' produces: - application/json responses: "204": description: Success "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier or unable to find a specific service. "500": description: Server error occurred while attempting to delete services. security: - ApiKeyAuth: [] jwt: [] summary: Delete services tags: - kubernetes /kubernetes/{id}/volumes: get: description: |- Get a list of all kubernetes volumes within the given environment (Endpoint). The Endpoint ID must be a valid Portainer environment identifier. **Access policy**: Authenticated user. operationId: GetAllKubernetesVolumes parameters: - description: Environment identifier in: path name: id required: true type: integer - description: When set to True, include the applications that are using the volumes. It is set to false by default in: query name: withApplications type: boolean produces: - application/json responses: "200": description: Success schema: additionalProperties: $ref: '#/definitions/kubernetes.K8sVolumeInfo' type: object "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to retrieve kubernetes volumes. security: - ApiKeyAuth: [] jwt: [] summary: Get Kubernetes volumes within the given Portainer environment tags: - kubernetes /kubernetes/{id}/volumes/{namespace}/{volume}: get: description: |- Get a Kubernetes volume within the given environment (Endpoint). The Endpoint ID must be a valid Portainer environment identifier. **Access policy**: Authenticated user. operationId: GetKubernetesVolume parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Namespace identifier in: path name: namespace required: true type: string - description: Volume name in: path name: volume required: true type: string produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/kubernetes.K8sVolumeInfo' "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] jwt: [] summary: Get a Kubernetes volume within the given Portainer environment tags: - kubernetes /kubernetes/{id}/volumes/count: get: description: |- Get the total number of kubernetes volumes within the given environment (Endpoint). The total count depends on the user's role and permissions. The Endpoint ID must be a valid Portainer environment identifier. **Access policy**: Authenticated user. operationId: getAllKubernetesVolumesCount parameters: - description: Environment identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: type: integer "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "403": description: Unauthorized access or operation not allowed. "500": description: Server error occurred while attempting to retrieve kubernetes volumes count. security: - ApiKeyAuth: [] jwt: [] summary: Get the total number of kubernetes volumes within the given Portainer environment. tags: - kubernetes /kubernetes/config: get: description: |- Generate a kubeconfig file that allows a client to communicate with the Kubernetes API server **Access policy**: Authenticated user. operationId: GetKubernetesConfig parameters: - collectionFormat: csv description: will include only these environments(endpoints) in: query items: type: integer name: ids type: array - collectionFormat: csv description: will exclude these environments(endpoints) in: query items: type: integer name: excludeIds type: array produces: - application/json - ' application/yaml' responses: "200": description: Success schema: type: object "400": description: Invalid request payload, such as missing required fields or fields not meeting validation criteria. "401": description: Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions. "403": description: Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions. "404": description: Unable to find an environment with the specified identifier. "500": description: Server error occurred while attempting to generate the kubeconfig file. security: - ApiKeyAuth: [] jwt: [] summary: Generate a kubeconfig file tags: - kubernetes /ldap/check: post: consumes: - application/json description: |- Test LDAP connectivity using LDAP details **Access policy**: administrator operationId: LDAPCheck parameters: - description: details in: body name: body required: true schema: $ref: '#/definitions/ldap.checkPayload' responses: "204": description: Success "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Test LDAP connectivity tags: - ldap /motd: get: description: '**Access policy**: restricted' operationId: MOTD produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/motd.motdResponse' security: - ApiKeyAuth: [] - jwt: [] summary: fetches the message of the day tags: - motd /open_amt: post: consumes: - application/json deprecated: true description: |- Enable Portainer's OpenAMT capabilities **Access policy**: administrator operationId: OpenAMTConfigure parameters: - description: OpenAMT Settings in: body name: body required: true schema: $ref: '#/definitions/openamt.openAMTConfigurePayload' produces: - application/json responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied to access settings "500": description: Server error security: - jwt: [] summary: Enable Portainer's OpenAMT capabilities tags: - intel /open_amt/{id}/activate: post: deprecated: true description: |- Activate OpenAMT device and associate to agent endpoint **Access policy**: administrator operationId: openAMTActivate parameters: - description: Environment identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success "400": description: Invalid request "403": description: Permission denied to access settings "500": description: Server error security: - jwt: [] summary: Activate OpenAMT device and associate to agent endpoint tags: - intel /open_amt/{id}/devices: get: deprecated: true description: |- Fetch OpenAMT managed devices information for endpoint **Access policy**: administrator operationId: OpenAMTDevices parameters: - description: Environment(Endpoint) identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success "400": description: Invalid request "403": description: Permission denied to access settings "500": description: Server error security: - jwt: [] summary: Fetch OpenAMT managed devices information for endpoint tags: - intel /open_amt/{id}/devices/{deviceId}/action: post: consumes: - application/json deprecated: true description: |- Execute out of band action on an AMT managed device **Access policy**: administrator operationId: DeviceAction parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Device identifier in: path name: deviceId required: true type: integer - description: Device Action in: body name: body required: true schema: $ref: '#/definitions/openamt.deviceActionPayload' produces: - application/json responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied to access settings "500": description: Server error security: - jwt: [] summary: Execute out of band action on an AMT managed device tags: - intel /open_amt/{id}/devices_features/{deviceId}: post: consumes: - application/json deprecated: true description: |- Enable features on an AMT managed device **Access policy**: administrator operationId: DeviceFeatures parameters: - description: Environment identifier in: path name: id required: true type: integer - description: Device identifier in: path name: deviceId required: true type: integer - description: Device Features in: body name: body required: true schema: $ref: '#/definitions/openamt.deviceFeaturesPayload' produces: - application/json responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied to access settings "500": description: Server error security: - jwt: [] summary: Enable features on an AMT managed device tags: - intel /open_amt/{id}/info: get: deprecated: true description: |- Request OpenAMT info from a node **Access policy**: administrator operationId: OpenAMTHostInfo parameters: - description: Environment identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success "400": description: Invalid request "403": description: Permission denied to access settings "500": description: Server error security: - jwt: [] summary: Request OpenAMT info from a node tags: - intel /registries: get: description: |- List all registries based on the current user authorizations. Will return all registries if using an administrator account otherwise it will only return authorized registries. **Access policy**: restricted operationId: RegistryList produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/portainer.Registry' type: array "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List Registries tags: - registries post: consumes: - application/json description: |- Create a new registry. **Access policy**: restricted operationId: RegistryCreate parameters: - description: Registry details in: body name: body required: true schema: $ref: '#/definitions/registries.registryCreatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Registry' "400": description: Invalid request "409": description: Another registry with the same name or same URL & credentials already exists "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a new registry tags: - registries /registries/{id}: delete: description: |- Remove a registry **Access policy**: restricted operationId: RegistryDelete parameters: - description: Registry identifier in: path name: id required: true type: integer responses: "204": description: Success "400": description: Invalid request "404": description: Registry not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove a registry tags: - registries get: description: |- Retrieve details about a registry. **Access policy**: restricted operationId: RegistryInspect parameters: - description: Registry identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Registry' "400": description: Invalid request "403": description: Permission denied to access registry "404": description: Registry not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect a registry tags: - registries put: consumes: - application/json description: |- Update a registry **Access policy**: restricted operationId: RegistryUpdate parameters: - description: Registry identifier in: path name: id required: true type: integer - description: Registry details in: body name: body required: true schema: $ref: '#/definitions/registries.registryUpdatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Registry' "400": description: Invalid request "404": description: Registry not found "409": description: Another registry with the same name or same URL & credentials already exists "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update a registry tags: - registries /registries/{id}/configure: post: consumes: - application/json description: |- Configures a registry. **Access policy**: restricted operationId: RegistryConfigure parameters: - description: Registry identifier in: path name: id required: true type: integer - description: Registry configuration in: body name: body required: true schema: $ref: '#/definitions/registries.registryConfigurePayload' produces: - application/json responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: Registry not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Configures a registry tags: - registries /registries/ping: post: consumes: - application/json description: |- Test connection to a registry with provided credentials **Access policy**: authenticated operationId: RegistryPing parameters: - description: Registry credentials to test in: body name: body required: true schema: $ref: '#/definitions/registries.registryPingPayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/registries.registryPingResponse' "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Test registry connection tags: - registries /resource_controls: post: consumes: - application/json description: |- Create a new resource control to restrict access to a Docker resource. **Access policy**: administrator operationId: ResourceControlCreate parameters: - description: Resource control details in: body name: body required: true schema: $ref: '#/definitions/resourcecontrols.resourceControlCreatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.ResourceControl' "400": description: Invalid request "409": description: A resource control is already associated to this resource "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a new resource control tags: - resource_controls /resource_controls/{id}: delete: description: |- Remove a resource control. **Access policy**: administrator operationId: ResourceControlDelete parameters: - description: Resource control identifier in: path name: id required: true type: integer responses: "204": description: Success "400": description: Invalid request "404": description: Resource control not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove a resource control tags: - resource_controls put: consumes: - application/json description: |- Update a resource control **Access policy**: authenticated operationId: ResourceControlUpdate parameters: - description: Resource control identifier in: path name: id required: true type: integer - description: Resource control details in: body name: body required: true schema: $ref: '#/definitions/resourcecontrols.resourceControlUpdatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.ResourceControl' "400": description: Invalid request "403": description: Unauthorized "404": description: Resource control not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update a resource control tags: - resource_controls /restore: post: consumes: - application/json description: |- Triggers a system restore using provided backup file **Access policy**: public operationId: Restore parameters: - description: Restore request payload in: body name: restorePayload required: true schema: $ref: '#/definitions/backup.restorePayload' responses: "200": description: Success "400": description: Invalid request "500": description: Server error summary: Triggers a system restore using provided backup file tags: - backup /roles: get: description: |- List all roles available for use **Access policy**: administrator operationId: RoleList produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/portainer.Role' type: array "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List roles tags: - roles /settings: get: description: |- Retrieve Portainer settings. **Access policy**: administrator operationId: SettingsInspect produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Settings' "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Retrieve Portainer settings tags: - settings put: consumes: - application/json description: |- Update Portainer settings. **Access policy**: administrator operationId: SettingsUpdate parameters: - description: New settings in: body name: body required: true schema: $ref: '#/definitions/settings.settingsUpdatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Settings' "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update Portainer settings tags: - settings /settings/public: get: description: |- Retrieve public settings. Returns a small set of settings that are not reserved to administrators only. **Access policy**: public operationId: SettingsPublic produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/settings.publicSettingsResponse' "500": description: Server error summary: Retrieve Portainer public settings tags: - settings /ssl: get: description: |- Retrieve the ssl settings. **Access policy**: administrator operationId: SSLInspect produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.SSLSettings' "400": description: Invalid request "403": description: Permission denied to access settings "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect the ssl settings tags: - ssl put: consumes: - application/json description: |- Update the ssl settings. **Access policy**: administrator operationId: SSLUpdate parameters: - description: SSL Settings in: body name: body required: true schema: $ref: '#/definitions/ssl.sslUpdatePayload' produces: - application/json responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied to access settings "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update the ssl settings tags: - ssl /stacks: get: description: |- List all stacks based on the current user authorizations. Will return all stacks if using an administrator account otherwise it will only return the list of stacks the user have access to. Limited stacks will not be returned by this endpoint. **Access policy**: authenticated operationId: StackList parameters: - description: 'Filters to process on the stack list. Encoded as JSON (a map[string]string). For example, {''SwarmID'': ''jpofkc0i9uo9wtx1zesuk649w''} will only return stacks that are part of the specified Swarm cluster. Available filters: EndpointID, SwarmID.' in: query name: filters type: string responses: "200": description: Success schema: items: $ref: '#/definitions/portainer.Stack' type: array "204": description: Success "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List stacks tags: - stacks /stacks/{id}: delete: description: |- Remove a stack. **Access policy**: restricted operationId: StackDelete parameters: - description: Stack identifier in: path name: id required: true type: integer - description: Set to true to delete an external stack. Only external Swarm stacks are supported in: query name: external type: boolean - description: Environment identifier in: query name: endpointId required: true type: integer responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: Not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove a stack tags: - stacks get: description: |- Retrieve details about a stack. **Access policy**: restricted operationId: StackInspect parameters: - description: Stack identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Stack' "400": description: Invalid request "403": description: Permission denied "404": description: Stack not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect a stack tags: - stacks put: consumes: - application/json description: |- Update a stack, only for file based stacks. **Access policy**: authenticated operationId: StackUpdate parameters: - description: Stack identifier in: path name: id required: true type: integer - description: Environment identifier in: query name: endpointId required: true type: integer - description: Stack details in: body name: body required: true schema: $ref: '#/definitions/stacks.updateSwarmStackPayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Stack' "400": description: Invalid request "403": description: Permission denied "404": description: Not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update a stack tags: - stacks /stacks/{id}/associate: put: description: '**Access policy**: administrator' operationId: StackAssociate parameters: - description: Stack identifier in: path name: id required: true type: integer - description: Environment identifier in: query name: endpointId required: true type: integer - description: Swarm identifier in: query name: swarmId required: true type: integer - description: Indicates whether the stack is orphaned in: query name: orphanedRunning required: true type: boolean produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Stack' "400": description: Invalid request "403": description: Permission denied "404": description: Stack not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Associate an orphaned stack to a new environment(endpoint) tags: - stacks /stacks/{id}/file: get: description: |- Get Stack file content. **Access policy**: restricted operationId: StackFileInspect parameters: - description: Stack identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/stacks.stackFileResponse' "400": description: Invalid request "403": description: Permission denied "404": description: Stack not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Retrieve the content of the Stack file for the specified stack tags: - stacks /stacks/{id}/git: post: consumes: - application/json description: |- Update the Git settings in a stack, e.g., RepositoryReferenceName and AutoUpdate **Access policy**: authenticated operationId: StackUpdateGit parameters: - description: Stack identifier in: path name: id required: true type: integer - description: Stacks created before version 1.18.0 might not have an associated environment(endpoint) identifier. Use this optional parameter to set the environment(endpoint) identifier used by the stack. in: query name: endpointId type: integer - description: Git configs for pull and redeploy a stack in: body name: body required: true schema: $ref: '#/definitions/stacks.stackGitUpdatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Stack' "400": description: Invalid request "403": description: Permission denied "404": description: Not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update a stack's Git configs tags: - stacks /stacks/{id}/git/redeploy: put: consumes: - application/json description: |- Pull and redeploy a stack via Git **Access policy**: authenticated operationId: StackGitRedeploy parameters: - description: Stack identifier in: path name: id required: true type: integer - description: Stacks created before version 1.18.0 might not have an associated environment(endpoint) identifier. Use this optional parameter to set the environment(endpoint) identifier used by the stack. in: query name: endpointId type: integer - description: Git configs for pull and redeploy of a stack. **StackName** may only be populated for Kuberenetes stacks, and if specified with a blank string, it will be set to blank in: body name: body required: true schema: $ref: '#/definitions/stacks.stackGitRedployPayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Stack' "400": description: Invalid request "403": description: Permission denied "404": description: Not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Redeploy a stack tags: - stacks /stacks/{id}/migrate: post: description: |- Migrate a stack from an environment(endpoint) to another environment(endpoint). It will re-create the stack inside the target environment(endpoint) before removing the original stack. **Access policy**: authenticated operationId: StackMigrate parameters: - description: Stack identifier in: path name: id required: true type: integer - description: Stacks created before version 1.18.0 might not have an associated environment(endpoint) identifier. Use this optional parameter to set the environment(endpoint) identifier used by the stack. in: query name: endpointId type: integer - description: Stack migration details in: body name: body required: true schema: $ref: '#/definitions/stacks.stackMigratePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Stack' "400": description: Invalid request "403": description: Permission denied "404": description: Stack not found "409": description: A stack with the same name is already running on the target environment(endpoint) "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Migrate a stack to another environment(endpoint) tags: - stacks /stacks/{id}/start: post: description: |- Starts a stopped Stack. **Access policy**: authenticated operationId: StackStart parameters: - description: Stack identifier in: path name: id required: true type: integer - description: Environment identifier in: query name: endpointId required: true type: integer responses: "200": description: Success schema: $ref: '#/definitions/portainer.Stack' "400": description: Invalid request "403": description: Permission denied "404": description: Not found "409": description: Stack name is not unique "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Starts a stopped Stack tags: - stacks /stacks/{id}/stop: post: description: |- Stops a stopped Stack. **Access policy**: authenticated operationId: StackStop parameters: - description: Stack identifier in: path name: id required: true type: integer - description: Environment identifier in: query name: endpointId required: true type: integer responses: "200": description: Success schema: $ref: '#/definitions/portainer.Stack' "400": description: Invalid request "403": description: Permission denied "404": description: Not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Stops a stopped Stack tags: - stacks /stacks/create/kubernetes/repository: post: description: |- Deploy a new stack into a Docker environment specified via the environment identifier. **Access policy**: authenticated operationId: StackCreateKubernetesGit parameters: - description: stack config in: body name: body required: true schema: $ref: '#/definitions/stacks.kubernetesGitDeploymentPayload' - description: Identifier of the environment that will be used to deploy the stack in: query name: endpointId required: true type: integer produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.Stack' "400": description: Invalid request "409": description: Stack name or webhook ID already exists "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Deploy a new kubernetes stack from a git repository tags: - stacks /stacks/create/kubernetes/string: post: description: |- Deploy a new stack into a Docker environment specified via the environment identifier. **Access policy**: authenticated operationId: StackCreateKubernetesFile parameters: - description: stack config in: body name: body required: true schema: $ref: '#/definitions/stacks.kubernetesStringDeploymentPayload' - description: Identifier of the environment that will be used to deploy the stack in: query name: endpointId required: true type: integer produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.Stack' "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Deploy a new kubernetes stack from a file tags: - stacks /stacks/create/kubernetes/url: post: description: |- Deploy a new stack into a Docker environment specified via the environment identifier. **Access policy**: authenticated operationId: StackCreateKubernetesUrl parameters: - description: stack config in: body name: body required: true schema: $ref: '#/definitions/stacks.kubernetesManifestURLDeploymentPayload' - description: Identifier of the environment that will be used to deploy the stack in: query name: endpointId required: true type: integer produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.Stack' "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Deploy a new kubernetes stack from a url tags: - stacks /stacks/create/standalone/file: post: consumes: - multipart/form-data description: |- Deploy a new stack into a Docker environment specified via the environment identifier. **Access policy**: authenticated operationId: StackCreateDockerStandaloneFile parameters: - description: Name of the stack in: formData name: Name required: true type: string - description: 'Environment variables passed during deployment, represented as a JSON array [{''name'': ''name'', ''value'': ''value''}].' in: formData name: Env type: string - description: Stack file in: formData name: file type: file - description: Identifier of the environment that will be used to deploy the stack in: query name: endpointId required: true type: integer produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.Stack' "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Deploy a new compose stack from a file tags: - stacks /stacks/create/standalone/repository: post: consumes: - application/json description: |- Deploy a new stack into a Docker environment specified via the environment identifier. **Access policy**: authenticated operationId: StackCreateDockerStandaloneRepository parameters: - description: Identifier of the environment that will be used to deploy the stack in: query name: endpointId required: true type: integer - description: stack config in: body name: body required: true schema: $ref: '#/definitions/stacks.composeStackFromGitRepositoryPayload' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.Stack' "400": description: Invalid request "409": description: Stack name or webhook ID already exists "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Deploy a new compose stack from repository tags: - stacks /stacks/create/standalone/string: post: consumes: - application/json description: |- Deploy a new stack into a Docker environment specified via the environment identifier. **Access policy**: authenticated operationId: StackCreateDockerStandaloneString parameters: - description: stack config in: body name: body required: true schema: $ref: '#/definitions/stacks.composeStackFromFileContentPayload' - description: Identifier of the environment that will be used to deploy the stack in: query name: endpointId required: true type: integer produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.Stack' "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Deploy a new compose stack from a text tags: - stacks /stacks/create/swarm/file: post: consumes: - multipart/form-data description: |- Deploy a new stack into a Docker environment specified via the environment identifier. **Access policy**: authenticated operationId: StackCreateDockerSwarmFile parameters: - description: Name of the stack in: formData name: Name type: string - description: Swarm cluster identifier. in: formData name: SwarmID type: string - description: 'Environment variables passed during deployment, represented as a JSON array [{''name'': ''name'', ''value'': ''value''}]. Optional' in: formData name: Env type: string - description: Stack file in: formData name: file type: file - description: Identifier of the environment that will be used to deploy the stack in: query name: endpointId required: true type: integer produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.Stack' "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Deploy a new swarm stack from a file tags: - stacks /stacks/create/swarm/repository: post: consumes: - application/json description: |- Deploy a new stack into a Docker environment specified via the environment identifier. **Access policy**: authenticated operationId: StackCreateDockerSwarmRepository parameters: - description: Identifier of the environment that will be used to deploy the stack in: query name: endpointId required: true type: integer - description: stack config in: body name: body required: true schema: $ref: '#/definitions/stacks.swarmStackFromGitRepositoryPayload' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.Stack' "400": description: Invalid request "409": description: Stack name or webhook ID already exists "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Deploy a new swarm stack from a git repository tags: - stacks /stacks/create/swarm/string: post: consumes: - application/json description: |- Deploy a new stack into a Docker environment specified via the environment identifier. **Access policy**: authenticated operationId: StackCreateDockerSwarmString parameters: - description: stack config in: body name: body required: true schema: $ref: '#/definitions/stacks.swarmStackFromFileContentPayload' - description: Identifier of the environment that will be used to deploy the stack in: query name: endpointId required: true type: integer produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.Stack' "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Deploy a new swarm stack from a text tags: - stacks /stacks/name/{name}: delete: description: |- Remove a stack. **Access policy**: restricted operationId: StackDeleteKubernetesByName parameters: - description: Stack name in: path name: name required: true type: string - description: Set to true to delete an external stack. Only external Swarm stacks are supported in: query name: external type: boolean - description: Environment identifier in: query name: endpointId required: true type: integer responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: Not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove Kubernetes stacks by name tags: - stacks /stacks/webhooks/{webhookID}: post: description: '**Access policy**: public' operationId: WebhookInvoke parameters: - description: Stack identifier in: path name: webhookID required: true type: string responses: "200": description: Success "400": description: Invalid request "409": description: Autoupdate for the stack isn't available "500": description: Server error summary: Webhook for triggering stack updates from git tags: - stacks /status: get: deprecated: true description: |- Deprecated: use the `/system/status` endpoint instead. Retrieve Portainer status **Access policy**: public operationId: StatusInspect produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/system.status' summary: Check Portainer status tags: - status /system/info: get: description: '**Access policy**: authenticated' operationId: systemInfo produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/system.systemInfoResponse' "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Retrieve system info tags: - system /system/nodes: get: description: '**Access policy**: authenticated' operationId: systemNodesCount produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/system.nodesCountResponse' "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Retrieve the count of nodes tags: - system /system/status: get: description: |- Retrieve Portainer status **Access policy**: public operationId: systemStatus produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/system.status' summary: Check Portainer status tags: - system /system/upgrade: post: description: |- Upgrade Portainer to BE **Access policy**: administrator operationId: systemUpgrade produces: - application/json responses: "204": description: Success schema: $ref: '#/definitions/system.status' summary: Upgrade Portainer to BE tags: - system /system/version: get: description: |- Check if portainer has an update available **Access policy**: authenticated operationId: systemVersion produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/system.versionResponse' security: - ApiKeyAuth: [] - jwt: [] summary: Check for portainer updates tags: - system /tags: get: description: |- List tags. **Access policy**: authenticated operationId: TagList produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/portainer.Tag' type: array "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List tags tags: - tags post: consumes: - application/json description: |- Create a new tag. **Access policy**: administrator operationId: TagCreate parameters: - description: Tag details in: body name: body required: true schema: $ref: '#/definitions/tags.tagCreatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Tag' "409": description: This name is already associated to a tag "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a new tag tags: - tags /tags/{id}: delete: description: |- Remove a tag. **Access policy**: administrator operationId: TagDelete parameters: - description: Tag identifier in: path name: id required: true type: integer responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: Tag not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove a tag tags: - tags /team_memberships: get: description: |- List team memberships. Access is only available to administrators and team leaders. **Access policy**: administrator operationId: TeamMembershipList produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/portainer.TeamMembership' type: array "400": description: Invalid request "403": description: Permission denied "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List team memberships tags: - team_memberships post: consumes: - application/json description: |- Create a new team memberships. Access is only available to administrators leaders of the associated team. **Access policy**: administrator operationId: TeamMembershipCreate parameters: - description: Team membership details in: body name: body required: true schema: $ref: '#/definitions/teammemberships.teamMembershipCreatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.TeamMembership' "400": description: Invalid request "403": description: Permission denied to manage memberships "409": description: Team membership already registered "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a new team membership tags: - team_memberships /team_memberships/{id}: delete: description: |- Remove a team membership. Access is only available to administrators leaders of the associated team. **Access policy**: administrator operationId: TeamMembershipDelete parameters: - description: TeamMembership identifier in: path name: id required: true type: integer responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: TeamMembership not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove a team membership tags: - team_memberships put: consumes: - application/json description: |- Update a team membership. Access is only available to administrators or leaders of the associated team. **Access policy**: administrator or leaders of the associated team operationId: TeamMembershipUpdate parameters: - description: Team membership identifier in: path name: id required: true type: integer - description: Team membership details in: body name: body required: true schema: $ref: '#/definitions/teammemberships.teamMembershipUpdatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.TeamMembership' "400": description: Invalid request "403": description: Permission denied "404": description: TeamMembership not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update a team membership tags: - team_memberships /teams: get: description: |- List teams. For non-administrator users, will only list the teams they are member of. **Access policy**: restricted operationId: TeamList parameters: - description: Only list teams that the user is leader of in: query name: onlyLedTeams type: boolean - description: Identifier of the environment(endpoint) that will be used to filter the authorized teams in: query name: environmentId type: integer produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/portainer.Team' type: array "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List teams tags: - teams post: consumes: - application/json description: |- Create a new team. **Access policy**: administrator operationId: TeamCreate parameters: - description: details in: body name: body required: true schema: $ref: '#/definitions/teams.teamCreatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Team' "400": description: Invalid request "409": description: A team with the same name already exists "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a new team tags: - teams /teams/{id}: delete: description: |- Remove a team. **Access policy**: administrator operationId: TeamDelete parameters: - description: Team Id in: path name: id required: true type: integer responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: Team not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove a team tags: - teams get: description: |- Retrieve details about a team. Access is only available for administrator and leaders of that team. **Access policy**: administrator operationId: TeamInspect parameters: - description: Team identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Team' "400": description: Invalid request "403": description: Permission denied "404": description: Team not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect a team tags: - teams put: consumes: - application/json description: |- Update a team. **Access policy**: administrator operationId: TeamUpdate parameters: - description: Team identifier in: path name: id required: true type: integer - description: Team details in: body name: body required: true schema: $ref: '#/definitions/teams.teamUpdatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.Team' "400": description: Invalid request "403": description: Permission denied "404": description: Team not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update a team tags: - teams /teams/{id}/memberships: get: description: |- List team memberships. Access is only available to administrators and team leaders. **Access policy**: restricted operationId: TeamMemberships parameters: - description: Team Id in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/portainer.TeamMembership' type: array "400": description: Invalid request "403": description: Permission denied "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List team memberships tags: - team_memberships /templates: get: description: |- List available templates. **Access policy**: authenticated operationId: TemplateList produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/templates.listResponse' "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List available templates tags: - templates /templates/{id}/file: post: consumes: - application/json description: |- Get a template's file **Access policy**: authenticated operationId: TemplateFile parameters: - description: Template identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/templates.fileResponse' "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Get a template's file tags: - templates /templates/helm: get: description: '**Access policy**: authenticated' operationId: HelmRepoSearch parameters: - description: Helm repository URL in: query name: repo required: true type: string - description: Helm chart name in: query name: chart type: string - description: If true will use cache to search in: query name: useCache type: string produces: - application/json responses: "200": description: Success schema: type: string "400": description: Bad request "401": description: Unauthorized "404": description: Not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Search Helm Charts tags: - helm /templates/helm/{command}: get: consumes: - application/json description: '**Access policy**: authenticated' operationId: HelmShow parameters: - description: Helm repository URL in: query name: repo required: true type: string - description: Chart name in: query name: chart required: true type: string - description: Chart version in: query name: version required: true type: string - description: chart/values/readme in: path name: command required: true type: string produces: - text/plain responses: "200": description: Success schema: type: string "401": description: Unauthorized "404": description: Environment(Endpoint) or ServiceAccount not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Show Helm Chart Information tags: - helm /upload/tls/{certificate}: post: consumes: - multipart/form-data description: |- Use this environment(endpoint) to upload TLS files. **Access policy**: administrator operationId: UploadTLS parameters: - description: TLS file type. Valid values are 'ca', 'cert' or 'key'. enum: - ca - cert - key in: path name: certificate required: true type: string - description: Folder where the TLS file will be stored. Will be created if not existing in: formData name: folder required: true type: string - description: The file to upload in: formData name: file required: true type: file produces: - application/json responses: "204": description: Success "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Upload TLS files tags: - upload /users: get: description: |- List Portainer users. Non-administrator users will only be able to list other non-administrator user accounts. User passwords are filtered out, and should never be accessible. **Access policy**: restricted operationId: UserList parameters: - description: Identifier of the environment(endpoint) that will be used to filter the authorized users in: query name: environmentId type: integer produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/portainer.User' type: array "400": description: Invalid request "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List users tags: - users post: consumes: - application/json description: |- Create a new Portainer user. Only administrators can create users. **Access policy**: restricted operationId: UserCreate parameters: - description: User details in: body name: body required: true schema: $ref: '#/definitions/users.userCreatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.User' "400": description: Invalid request "403": description: Permission denied "409": description: User already exists "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a new user tags: - users /users/{id}: delete: description: |- Remove a user. **Access policy**: administrator operationId: UserDelete parameters: - description: User identifier in: path name: id required: true type: integer produces: - application/json responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: User not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove a user tags: - users get: description: |- Retrieve details about a user. User passwords are filtered out, and should never be accessible. **Access policy**: authenticated operationId: UserInspect parameters: - description: User identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.User' "400": description: Invalid request "403": description: Permission denied "404": description: User not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect a user tags: - users put: consumes: - application/json description: |- Update user details. A regular user account can only update his details. A regular user account cannot change their username or role. **Access policy**: authenticated operationId: UserUpdate parameters: - description: User identifier in: path name: id required: true type: integer - description: User details in: body name: body required: true schema: $ref: '#/definitions/users.userUpdatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.User' "400": description: Invalid request "403": description: Permission denied "404": description: User not found "409": description: Username already exist "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update a user tags: - users /users/{id}/helm/repositories: get: description: |- Inspect a user helm repositories. **Access policy**: authenticated operationId: HelmUserRepositoriesList parameters: - description: User identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/users.helmUserRepositoryResponse' "400": description: Invalid request "403": description: Permission denied "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: List a users helm repositories tags: - helm post: consumes: - application/json description: |- Create a user helm repository. **Access policy**: authenticated operationId: HelmUserRepositoryCreate parameters: - description: User identifier in: path name: id required: true type: integer - description: Helm Repository in: body name: payload required: true schema: $ref: '#/definitions/users.addHelmRepoUrlPayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.HelmUserRepository' "400": description: Invalid request "403": description: Permission denied "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a user helm repository tags: - helm /users/{id}/helm/repositories/{repositoryID}: delete: description: '**Access policy**: authenticated' operationId: HelmUserRepositoryDelete parameters: - description: User identifier in: path name: id required: true type: integer - description: Repository identifier in: path name: repositoryID required: true type: integer produces: - application/json responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Delete a users helm repositoryies tags: - helm /users/{id}/memberships: get: description: |- Inspect a user memberships. **Access policy**: restricted operationId: UserMembershipsInspect parameters: - description: User identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.TeamMembership' "400": description: Invalid request "403": description: Permission denied "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect a user memberships tags: - users /users/{id}/passwd: put: consumes: - application/json description: |- Update password for the specified user. **Access policy**: authenticated operationId: UserUpdatePassword parameters: - description: identifier in: path name: id required: true type: integer - description: details in: body name: body required: true schema: $ref: '#/definitions/users.userUpdatePasswordPayload' produces: - application/json responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: User not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Update password for a user tags: - users /users/{id}/tokens: get: description: |- Gets all API keys for a user. Only the calling user or admin can retrieve api-keys. **Access policy**: authenticated operationId: UserGetAPIKeys parameters: - description: User identifier in: path name: id required: true type: integer produces: - application/json responses: "200": description: Success schema: items: $ref: '#/definitions/portainer.APIKey' type: array "400": description: Invalid request "403": description: Permission denied "404": description: User not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Get all API keys for a user tags: - users post: consumes: - application/json description: |- Generates an API key for a user. Only the calling user can generate a token for themselves. Password is required only for internal authentication. **Access policy**: restricted operationId: UserGenerateAPIKey parameters: - description: User identifier in: path name: id required: true type: integer - description: details in: body name: body required: true schema: $ref: '#/definitions/users.userAccessTokenCreatePayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/users.accessTokenResponse' "400": description: Invalid request "401": description: Unauthorized "403": description: Permission denied "404": description: User not found "500": description: Server error security: - jwt: [] summary: Generate an API key for a user tags: - users /users/{id}/tokens/{keyID}: delete: description: |- Remove an api-key associated to a user.. Only the calling user or admin can remove api-key. **Access policy**: authenticated operationId: UserRemoveAPIKey parameters: - description: User identifier in: path name: id required: true type: integer - description: Api Key identifier in: path name: keyID required: true type: integer responses: "204": description: Success "400": description: Invalid request "403": description: Permission denied "404": description: Not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Remove an api-key associated to a user tags: - users /users/admin/check: get: description: |- Check if an administrator account exists in the database. **Access policy**: public operationId: UserAdminCheck responses: "204": description: Success "404": description: User not found summary: Check administrator account existence tags: - users /users/admin/init: post: consumes: - application/json description: |- Initialize the 'admin' user account. **Access policy**: public operationId: UserAdminInit parameters: - description: User details in: body name: body required: true schema: $ref: '#/definitions/users.adminInitPayload' produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.User' "400": description: Invalid request "409": description: Admin user already initialized "500": description: Server error summary: Initialize administrator account tags: - users /users/me: get: description: |- Retrieve details about the current user. User passwords are filtered out, and should never be accessible. **Access policy**: authenticated operationId: CurrentUserInspect produces: - application/json responses: "200": description: Success schema: $ref: '#/definitions/portainer.User' "400": description: Invalid request "403": description: Permission denied "404": description: User not found "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Inspect the current user user tags: - users /webhooks: get: consumes: - application/json description: '**Access policy**: authenticated' parameters: - description: Filters (json-string) example: '{"EndpointID":1,"ResourceID":"abc12345-abcd-2345-ab12-58005b4a0260"}' in: query name: filters type: string produces: - application/json responses: "200": description: OK schema: items: $ref: '#/definitions/portainer.Webhook' type: array "400": description: Bad Request "500": description: Internal Server Error security: - ApiKeyAuth: [] - jwt: [] summary: List webhooks tags: - webhooks post: consumes: - application/json description: '**Access policy**: authenticated' parameters: - description: Webhook data in: body name: body required: true schema: $ref: '#/definitions/webhooks.webhookCreatePayload' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.Webhook' "400": description: Invalid request "409": description: A webhook for this resource already exists "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Create a webhook tags: - webhooks /webhooks/{id}: delete: description: '**Access policy**: authenticated' parameters: - description: Webhook id in: path name: id required: true type: integer responses: "202": description: Webhook deleted "400": description: Bad Request "500": description: Internal Server Error security: - ApiKeyAuth: [] - jwt: [] summary: Delete a webhook tags: - webhooks post: description: |- Acts on a passed in token UUID to restart the docker service **Access policy**: public parameters: - description: Webhook token in: path name: id required: true type: string responses: "202": description: Webhook executed "400": description: Bad Request "500": description: Internal Server Error summary: Execute a webhook tags: - webhooks put: consumes: - application/json description: '**Access policy**: authenticated' parameters: - description: Webhook id in: path name: id required: true type: integer - description: Webhook data in: body name: body required: true schema: $ref: '#/definitions/webhooks.webhookUpdatePayload' produces: - application/json responses: "200": description: OK schema: $ref: '#/definitions/portainer.Webhook' "400": description: Bad Request "409": description: Conflict "500": description: Internal Server Error security: - ApiKeyAuth: [] - jwt: [] summary: Update a webhook tags: - webhooks /websocket/attach: get: consumes: - application/json description: |- If the nodeName query parameter is present, the request will be proxied to the underlying agent environment(endpoint). If the nodeName query parameter is not specified, the request will be upgraded to the websocket protocol and an AttachStart operation HTTP request will be created and hijacked. **Access policy**: authenticated parameters: - description: environment(endpoint) ID of the environment(endpoint) where the resource is located in: query name: endpointId required: true type: integer - description: node name in: query name: nodeName type: string - description: JWT token used for authentication against this environment(endpoint) in: query name: token required: true type: string produces: - application/json responses: "200": description: OK "400": description: Bad Request "403": description: Forbidden "404": description: Not Found "500": description: Internal Server Error security: - ApiKeyAuth: [] - jwt: [] summary: Attach a websocket tags: - websocket /websocket/exec: get: consumes: - application/json description: |- If the nodeName query parameter is present, the request will be proxied to the underlying agent environment(endpoint). If the nodeName query parameter is not specified, the request will be upgraded to the websocket protocol and an ExecStart operation HTTP request will be created and hijacked. parameters: - description: environment(endpoint) ID of the environment(endpoint) where the resource is located in: query name: endpointId required: true type: integer - description: node name in: query name: nodeName type: string - description: JWT token used for authentication against this environment(endpoint) in: query name: token required: true type: string produces: - application/json responses: "200": description: OK "400": description: Bad Request "409": description: Conflict "500": description: Internal Server Error security: - ApiKeyAuth: [] - jwt: [] summary: Execute a websocket tags: - websocket /websocket/kubernetes-shell: get: consumes: - application/json description: |- The request will be upgraded to the websocket protocol. The request will proxy input from the client to the pod via long-lived websocket connection. **Access policy**: authenticated parameters: - description: environment(endpoint) ID of the environment(endpoint) where the resource is located in: query name: endpointId required: true type: integer - description: JWT token used for authentication against this environment(endpoint) in: query name: token required: true type: string produces: - application/json responses: "200": description: Success "400": description: Invalid request "403": description: Permission denied "500": description: Server error security: - ApiKeyAuth: [] - jwt: [] summary: Execute a websocket on kubectl shell pod tags: - websocket /websocket/pod: get: consumes: - application/json description: |- The request will be upgraded to the websocket protocol. **Access policy**: authenticated parameters: - description: environment(endpoint) ID of the environment(endpoint) where the resource is located in: query name: endpointId required: true type: integer - description: namespace where the container is located in: query name: namespace required: true type: string - description: name of the pod containing the container in: query name: podName required: true type: string - description: name of the container in: query name: containerName required: true type: string - description: command to execute in the container in: query name: command required: true type: string - description: JWT token used for authentication against this environment(endpoint) in: query name: token required: true type: string produces: - application/json responses: "200": description: OK "400": description: Bad Request "403": description: Forbidden "404": description: Not Found "500": description: Internal Server Error security: - ApiKeyAuth: [] - jwt: [] summary: Execute a websocket on pod tags: - websocket schemes: - http - https securityDefinitions: ApiKeyAuth: in: header name: X-API-KEY type: apiKey jwt: in: header name: Authorization type: apiKey swagger: "2.0" tags: - description: Authenticate against Portainer HTTP API name: auth - description: Manage backups name: backup - description: Manage Custom Templates name: custom_templates - description: Manage Docker resources name: docker - description: Manage Edge related environment(endpoint) settings name: edge - description: Manage Edge Groups name: edge_groups - description: Manage Edge Jobs name: edge_jobs - description: Manage Edge Stacks name: edge_stacks - description: Manage Edge Templates name: edge_templates - description: Manage environment(endpoint) groups name: endpoint_groups - description: Manage Docker environments(endpoints) name: endpoints - description: Operate git repository name: gitops - description: Manage Helm charts name: helm - description: Manage Intel AMT settings name: intel - description: Manage Kubernetes cluster name: kubernetes - description: Manage LDAP settings name: ldap - description: Fetch the message of the day name: motd - description: Manage Docker registries name: registries - description: Manage access control on Docker resources name: resource_controls - description: Manage roles name: roles - description: Manage Portainer settings name: settings - description: Manage ssl settings name: ssl - description: Manage stacks name: stacks - description: Information about the Portainer instance name: status - description: Manage Portainer system name: system - description: Manage tags name: tags - description: Manage team memberships name: team_memberships - description: Manage teams name: teams - description: Manage App Templates name: templates - description: Upload files name: upload - description: Manage users name: users - description: Manage webhooks name: webhooks - description: Create exec sessions using websockets name: websocket