Note: if you are running CloudGraph locally you can view the interactive, automatically generated documentation in either GraphQL Playground or Altair by clicking the docs button on the right-hand side of the screen. After reading the below information we highly suggest you use one of these tools to test your queries as they will autocomplete fields for you and let you know if your queries are valid before you even submit them.
Overview
You can currently query the following attributes and connections on a k8s Network Policy:
GraphQL
|
typek8sNetworkPolicy{id:String!context:String!apiVersion:Stringkind:Stringmetadata:{id:Stringannotations:{id:String!key:Stringvalue:String}clusterName:StringcreationTimestamp:StringdeletionGracePeriodSeconds:IntdeletionTimestamp:Stringfinalizers:[String]generateName:Stringgeneration:Intlabels:{id:String!key:Stringvalue:String}ownerReferences:{id:String!apiVersion:StringblockOwnerDeletion:Booleancontroller:Booleankind:Stringname:String}name:Stringnamespace:StringresourceVersion:StringselfLink:String}spec{egress{id:Stringports{id:StringendPort:Intport:Stringprotocol:String}to{id:StringipBlock{cidr:Stringexcept:[String]}namespaceSelector{matchExpressions{id:Stringkey:Stringoperator:Stringvalues:[String]}matchLabels{id:Stringkey:Stringvalue:String}}podSelector{matchExpressions{id:Stringkey:Stringoperator:Stringvalues:[String]}matchLabels{id:Stringkey:Stringvalue:String}}}}ingress{id:Stringports{id:StringendPort:Intport:Stringprotocol:String}from{id:StringipBlock{cidr:Stringexcept:[String]}namespaceSelector{matchExpressions{id:Stringkey:Stringoperator:Stringvalues:[String]}matchLabels{id:Stringkey:Stringvalue:String}}podSelector{matchExpressions{id:Stringkey:Stringoperator:Stringvalues:[String]}matchLabels{id:Stringkey:Stringvalue:String}}}}podSelector{matchExpressions{id:Stringkey:Stringoperator:Stringvalues:[String]}matchLabels{id:Stringkey:Stringvalue:String}}policyTypes:[String]}namespace{id# Other namespace fields}}
Filtering
Get data for a single network policy that you know the id for:
GraphQL
|
query{getk8sNetworkPolicy(id:"12345"){id# Other fields and connections here...}}
Get data for all of the network policies in a certain k8s Context:
GraphQL
|
query{queryk8sNetworkPolicy(filter:{context:{eq:"my-context-name"}}){id# Other fields and connections here...}}
Get data for all of the network policies NOT in a certain k8s Context:
GraphQL
|
query{queryk8sNetworkPolicy(filter:{not:{context:{eq:"my-context-name"}}}){id# Other fields and connections here...}}
Advanced Filtering
Get data for all of the network policies that have a namespace:
GraphQL
|
query{queryk8sNetworkPolicy(filter:{has:namespace}){id# Other fields and connections here...}}# Note that in addition to "namespace" you can filter# Using "has" based on any of the following attributes:# apiVersion# kind# spec
Use multiple filter selectors, (i.e. has, and, not, or) to get data for all of the network policies that have a namespace AND kind OR that do not have a spec. Note that you can use has, and, not, or completely independently of each other:
GraphQL
|
query{queryk8sNetworkPolicy(filter:{has:namespaceand:{has:kind}or:{not:{has:spec}}}){id# Other fields and connections here...}}
You may also filter using a regex when filtering on a string field like, context if you want to look for a value that matches say, some-value (case insensitive):
GraphQL
|
query{queryk8sNetworkPolicy(filter:{context:{regexp:"/.*some-value*./i"}}){id# Other fields and connections here...}}
Ordering
You can order the results you get back either asc or desc depending on your preference:
GraphQL
|
query{queryk8sNetworkPolicy(order:{desc:context}){context# Other fields and connections here...}}# Note that in addition to "context" you can filter# Using "asc" or "desc" based on any of the following attributes:# id# kind# apiVersion
Only select and return the first two network policies that are found:
GraphQL
|
query{queryk8sNetworkPolicy(first:2,order:{desc:apiVersion}){apiVersion# Other fields and connections here...}}
Only select and return the first two network policies that are found, but offset by one so network policies two & three are returned:
GraphQL
|
query{queryk8sNetworkPolicy(first:2,order:{desc:context},offset:1){idcontext# Other fields and connections here...}}
Aggregation
Count the number of network policies across all scanned K8s contexts:
GraphQL
|
query{aggregatek8sNetworkPolicy{count# Other fields and connections here...}}# Note that in addition to "count" you can request the# Following min and max values based on attributes of your Namespaces:# idMin# idMax# contextMin# contextMax# kindMin# kindMax# apiVersionMin# apiVersionMax
Count the number of network policies in a single context. Note that you can apply all of the same filters that are listed above to aggregate queries:
GraphQL
|
query{aggregatek8sNetworkPolicy(filter:{context:{eq:"my-context-name"}}){count# Other fields and connections here...}}
Kitchen Sink
Putting it all together; get all data for all network policies across all k8s contexts in a single query. For the purposes of this example we will only get direct children of the network policy but if you want to it's easy to go from say, networkPolicy -> namespace -> job ...etc:
GraphQL
|
query{queryk8sNetworkPolicy{idcontextapiVersionkindmetadata{idannotations{idkeyvalue}clusterNamecreationTimestampdeletionGracePeriodSecondsdeletionTimestampfinalizersgenerateNamegenerationlabels{idkeyvalue}ownerReferences{idapiVersionblockOwnerDeletioncontrollerkindname}namenamespaceresourceVersionselfLink}spec{egress{idports{idendPortportprotocol}to{idipBlock{cidrexcept}namespaceSelector{matchExpressions{idkeyoperatorvalues}matchLabels{idkeyvalue}}podSelector{matchExpressions{idkeyoperatorvalues}matchLabels{idkeyvalue}}}}ingress{idports{idendPortportprotocol}from{idipBlock{cidrexcept}namespaceSelector{matchExpressions{idkeyoperatorvalues}matchLabels{idkeyvalue}}podSelector{matchExpressions{idkeyoperatorvalues}matchLabels{idkeyvalue}}}}podSelector{matchExpressions{idkeyoperatorvalues}matchLabels{idkeyvalue}}policyTypes}namespace{idcontextapiVersionkindmetadata{idannotations{idkeyvalue}clusterNamecreationTimestampdeletionGracePeriodSecondsdeletionTimestampfinalizersgenerateNamegenerationlabels{idkeyvalue}ownerReferences{idapiVersionblockOwnerDeletioncontrollerkindname}namenamespaceresourceVersionselfLink}spec{finalizers}status{phaseconditions{idlastHeartbeatTimelastTransitionTimemessagereasonstatustype}}networkPolicies{id# any networkPolicy properties}nodes{id# any node properties}pods{id# any pod properties}deployments{id# any deployment properties}ingresses{id# any ingress properties}secrets{id# any secret properties}services{id# any service properties}serviceAccounts{id# any serviceAccount properties}storageClasses{id# any storageClass properties}persistentVolumes{id# any persistentVolume properties}persistentVolumeClaims{id# any persistentVolumeCalim properties}roles{id# any role properties}jobs{id# any job properties}cronJobs{id# any cronJob properties}}}}
