Google Kubernetes Engine
LAST UPDATED: 06/13/2024
Overview
Google Kubernetes Engine (GKE) provides a managed environment for deploying, managing, and scaling organizations' containerized applications using Google infrastructure. The GKE environment consists of multiple machines (specifically, Compute Engine instances) grouped together to form a cluster. This integration enables organizations to manage their Kubernetes environment on Google Cloud Platform.
D3 SOAR is providing REST operations to function with Google Kubernetes Engine.
Google Kubernetes Engine is available for use in:
READER NOTE
To connect this integration, the Google Cloud SDK must be installed in D3 SOAR’s hosting server and D3 proxy server (if any) under the file directory C:\Program Files (x86)\Google
Please refer to the FAQ for the frequent connection error.
Known Limitations
The limits per GKE project are:
Maximum of 100 clusters per zone, plus 100 regional clusters per region.
The limits per GKE cluster are:
Limits | GKE Standard cluster | GKE Autopilot cluster |
Nodes per cluster |
Note: To run more than 5,000 nodes requires lifting a cluster size quota. Contact support for assistance. | 400 To lift this quota, contact support for assistance. |
Nodes per node pool zone | 1,000 | N/A |
Nodes in a zone |
| N/A |
Pods per node | 110 | 32 |
Pods per cluster | 150,000 | 12,800 (32 Pods/node * 400 nodes) |
Containers per cluster | 300,000 | 25,600 |
Endpoints per service | 1,000 for GKE 1.19 and later. 250 for older versions. |
To get more information about the quotas and limits for Google Kubernetes Engine (GKE) clusters, nodes, and GKE API requests, please refer to https://cloud.google.com/kubernetes-engine/quotas.
Connection
To connect Google Kubernetes Engine from D3 SOAR, please follow this part to collect the required information below:
Parameter | Description | Example |
Service Account JSON | The content of the service account JSON file. To get the service account JSON file, please refer to Obtaining the Service Account JSON section in this document. Also, you can refer to the online documents about Access to Google APIs for Service Accounts: https://developers.google.com/identity/protocols/oauth2/service-account . Please assign OAuth Scope https://www.googleapis.com/auth/cloud-platform. Please note that the service account should have one of the following roles:
| { "type": "service_account", "project_id": "nimble-cortex-******", "private_key_id": "*****", "private_key": "-----BEGIN PRIVATE KEY-----\n*****\n-----END PRIVATE KEY-----\n", "client_email": "*****@*****.***", "client_id": "*****", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/*****" } |
Cluster | Specifies the cluster for kubernetes configuration.You can get cluster name from Kubernetes Engine in the Google Cloud Platform Console. | cluster-1 |
Permission Requirements
Each endpoint in the Google Kubernetes Engine API requires a certain permission scope. The following scopes are required scopes for each command in this integration:
Command | Required Permission | |
Google Kubernetes Engine API permissions | Kubernetes API permissions | |
Create Deployment | - | container.deployments.create |
Create Node Pool | container.clusters.update on the requested cluster. | - |
Create Pod | - | container.pods.create |
Create Service | - | container.services.create |
Delete Deployment | - | container.deployments.delete |
Delete Node Pool | container.clusters.update on the requested cluster. | - |
Delete Pods | - | container.pods.delete |
Delete Services | - | container.services.delete |
Describe Pod | - | container.pods.get |
Get Deployment Scale | - | container.deployments.getScale OR container.deployments.get |
Get Pod Log | - | container.pods.getLogs |
Get Pod Status | - | container.pods.getStatus OR container.pods.get |
List All Namespace Deployments | - | container.deployments.list |
List All Namespace Pods | - | container.pods.list |
List All Namespace Services | - | container.services.list |
List Namespace Pods | - | container.pods.list |
List Namespaces | - | container.namespaces.list |
List Node Pools | container.clusters.get on the requested cluster. | - |
List Nodes | - | container.nodes.list |
Replace Deployment Scale Replicas | - | container.deployments.updateScale OR container.deployments.update |
Restart Deployment | - | container.deployments.update |
Set Node Pool Size | container.clusters.update on the requested cluster. | - |
Update Deployment | - | container.deployments.update |
Test Connection | container.clusters.list on the requested Cloud project, | container.pods.list |
READER NOTE
To get more information about Required Permissions, please refer to Google Kubernetes Engine API permission.
Configuring Google Kubernetes Engine to Work with D3 SOAR
Creating custom roles (Optional)
READER NOTE
It is best practice to grant only the necessary permissions when creating roles. You can do so by configuring a custom role with essential permissions.
A custom role, with essential permissions, is suggested if you are planning to use the google cloud default kubernetes roles. Please skip this section and start from step 7 of Obtaining the Service Account JSON.
Log in to the Google Cloud Platform (GCP) console with admin credentials.
Click the Hamburger Menu in the top left corner to show the slider sidebar menu. Navigation to IAM and admin, in its submenu, select Roles and click it.
Click + CREATE ROLE on the top.
Input Title, and click the button ADD PERMISSIONS. Search and select the desired permissions, then click ADD. Click CREATE.
READER NOTE
To execute all provided commands in D3 SOAR, the following 18 permissions must be included.
Please refer to the Permission Requirements for the different commands in the D3 SOAR Google Kubernetes Engine Integration.
Obtaining the Service Account JSON
To connect Google Kubernetes Engine with D3 SOAR, we need to configure the Service Account JSON file. First, log in to the Google Cloud Platform (GCP) console with admin credentials.
Click the Hamburger Menu in the top left corner to reveal the sidebar menu. Navigate to APIs and services. In its submenu, select Credentials.
Click + CREATE CREDENTIALS, and select Service account.
Input the Service account name and description, and click CREATE AND CONTINUE.
Assign a role to the service account (e.g. owner), then click CONTINUE.
READER NOTE
You can narrow down the service account’s access permissions by assigning the following roles according to your request:
Google Cloud Roles with prefixed permissions:
Kubernetes Engine Admin, Kubernetes Engine Cluster Admin, Kubernetes Engine Cluster Viewer, Kubernetes Engine Developer, Kubernetes Engine Host Service Agent User, Kubernetes Engine Viewer.Customer Roles. Refer to Creating custom roles (Optional).
You can opt to grant users access to this service account. Click DONE to confirm your configurations.
You will find the service account you have just created on the credentials page. Click and open the service account.
In the KEYS tab, click ADD KEY, then select Create new key.
Choose JSON as the key type, then click CREATE.
The Service Account JSON file (Private key) will automatically be downloaded to your computer.
If this is your first time using Google Kubernetes Engine API, you will need to enable it in Google API Library. First, click the Google Cloud Platform navigation menu, in the slide-out side menu, find API and Services, hover over it, and then in its submenu, select Library.
Search and select Kubernetes Engine API.
Click the ENABLE button. You will see the Kubernetes Engine API enabled.
Configuring the Service Account Domain-wide Delegation
You will also need to enable the Google Workspace domain-wide delegation for your created service account. Please follow the steps below.
Log in to the Google Workspace Admin Console with admin credentials. Click Security > Access and data control > API controls. Scroll down and click MANAGE DOMAIN-WIDE DELEGATION.
Click Add new to add a new API client.
Find your Client ID in the service account you created and paste it into the Client ID field. Input https://www.googleapis.com/auth/cloud-platform into the OAuth scopes field, then click AUTHORISE.
The service account domain-wide delegation can now be found on the API controls page. Your created service account is now ready to use.
Assign Permissions to Service Account
Log in to your GCP portal, click IAM & Admin then IAM in the Navigation menu on the left side. In the PERMISSION tab, choose your service account, then click Edit.
Make sure to add one of the following roles then click SAVE.
Kubernetes Engine Admin
Kubernetes Engine Cluster Admin
Kubernetes Engine Cluster Viewer
Kubernetes Engine Developer
Kubernetes Engine Service Agent
Kubernetes Engine Viewer
Custom role for Google Kubernetes access. Refer to Creating custom roles (Optional) for role creation. Check Permission Requirements for the minimum permission of each command).
Obtaining the Cluster name
Select the correct project
Click the Hamburger Menu in the top left corner to reveal the slider sidebar menu. Navigation to Kubernetes Engine, in its submenu, select Clusters and click it.
You can find the cluster name under the Name tab.
Configuring D3 SOAR to work with Google Kubernetes Engine
Log in to D3 SOAR.
Find the Google Kubernetes Engine integration.
Navigate to Configuration on the top header menu.
Click on the Integration icon on the left sidebar.
Type Google Kubernetes Engine in the search box to find the integration, then click it to select it.
Click + Connection, on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to Google Kubernetes Engine.
Connection Name: The desired name for the connection.
Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.
Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
Description (Optional): Add your desired description for the connection.
Configure User Permissions: Defines which users have access to the connection.
Active: Check the tick box to ensure the connection is available for use.
System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
1. Input your downloaded Server Account JSON. Please refer to step 10 of Obtaining the Service Account JSON to download your Server Account JSON.
2. Input your Cluster name. Please refer to Obtaining the Cluster name to get your Cluster name.Connection Health Check: Updates the connection status you have created. A connection health check is done by scheduling the Test Connection command of this integration. This can only be done when the connection is active.
To set up a connection health check, check the Connection Health Check tickbox. You can customize the interval (minutes) for scheduling the health check. An email notification can be set up after a specified number of failed connection attempts.Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Please refer to the password vault connection guide if needed.
Test the connection.
Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green checkmark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.
Click OK to close the alert window.
Click + Add to create and add the configured connection.
Commands
Google Kubernetes Engine includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.
Integration API Note
For more information about the Google Kubernetes Engine API, please refer to the Google Kubernetes Engine API reference.
READER NOTE
Certain permissions are required for each command. Please refer to the Permission Requirements and Configuring Google Kubernetes Engine to Work with D3 SOAR for details.
Create Deployment
Creates a deployment with the specified configuration in the specified namespace.
READER NOTE
NameSpace is an optional parameter to run this command.
Run the List NameSpaces command to obtain the NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.name.
Input
Input Parameter | Required/Optional | Description | Example |
NameSpace | Optional | The namespace in which the deployment will be created. Namespace can be obtained using the List Namespaces command. If not specified, the default value of NameSpace, which is "default", will be used. | default |
Configuration | Required | The configuration of the deployment. The format is YAML or JSON. | apiVersion: apps/v1 |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Create Deployment failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 409. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Deployment Already Exists. |
Error Sample Data Create Deployment failed. Status Code: 409. Message: Deployment Already Exists. |
Create Node Pool
Creates a node pool for a cluster.
Input
Input Parameter | Required/Optional | Description | Example |
Node Pool Name | Required | The name of the node pool. | nodepool-api-***** |
Initial Node Count | Optional | The initial node count for the pool. You must ensure that your Compute Engine resource quota is sufficient for this number of instances. You must also have an available firewall and route quota. | 1 |
Locations | Optional | The list of Google Compute Engine zones in which the NodePool's nodes should be located. If this value is unspecified during node pool creation, the Cluster. Locations value will be used instead. Warning: changing node pool locations will result in nodes being added and/or removed. | [ us-west1-b ] |
Autoscaling | Optional | Autoscaler configuration for this NodePool. Autoscaler is enabled only if a valid configuration is present. | false |
Minimum number of nodes | Optional | Minimum number of nodes for one location in the NodePool. Must be >= 1 and <= Maximum number of nodes. | 1 |
Maximum number of nodes | Optional | Maximum number of nodes for one location in the NodePool. Must be >= Minimum number of nodes. There has to be enough quota to scale up the cluster. | 1 |
AutoProvisioned | Optional | If this node pool can be deleted automatically. Can't mark node-pool as autoProvisioned if node autoProvisioning is not enabled in the cluster. | false |
AutoUpgrade | Optional | A flag that specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes. | True |
AutoRepair | Optional | A flag that specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered. | True |
Max Surge | Optional | The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process. | 1 |
Max Unavailable | Optional | The maximum number of nodes that can be simultaneously unavailable during the upgrade process. A node is considered available if its status is Ready. | 1 |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Create Node Pool failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Permission denied. |
Error Sample Data Create Node Pool failed. Failed to load gcloud. Status Code: 403. Message: Permission denied. |
Create Pod
Creates a pod with the specified configuration in the specified namespace.
READER NOTE
NameSpace is an optional parameter to run this command.
Run the List NameSpaces command to obtain the NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.name.
Input
Input Parameter | Required/Optional | Description | Example |
NameSpace | Optional | The namespace in which the pod will be created. Namespace can be obtained using the List Namespaces command. If not specified, the default value of NameSpace, which is "default", will be used. | default |
Configuration | Required | The configuration of the pod. The format is YAML or JSON. | apiVersion: v1 kind: Pod metadata: name: pod-***** spec: containers: - name: ***** image: nginx:***.***.*** ports: - containerPort: ***** |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Create Pod failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Bad Request. |
Error Sample Data Create Pod failed. Status Code: 400. Message: Bad Request. |
Create Service
Creates a service with the specified configuration in the specified namespace.
READER NOTE
NameSpace is an optional parameter to run this command.
Run the List NameSpaces command to obtain the NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.name.
Input
Input Parameter | Required/Optional | Description | Example |
NameSpace | Optional | The namespace in which the service will be created. Namespace can be obtained using the List Namespaces command. If not specified, the default value of NameSpace, which is "default", will be used. | default |
Configuration | Required | The configuration of the service. The format is YAML or JSON. | apiVersion: v1 kind: Pod metadata: name: pod-***** spec: containers: - name: ***** image: nginx:***.***.*** ports: - containerPort: ***** |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Create Service failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 409. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Service already exists. |
Error Sample Data Create Service failed. Status Code: 409. Message: Service already exists. |
Delete Deployment
Deletes one or more deployments with the specified names in the specified namespace.
READER NOTE
The parameter Deployment Names is required to run this command.
Run the List All Namespace Deployments command to obtain Deployment Names. Deployment Names can be found in the raw data at the path $.items[*].metadata.name.
NameSpace is an optional parameter to run this command.
Run the List All NameSpace Deployments command to obtain NameSpace. NameSpace can be found in the raw data at the path $.items[*].metadata.namespace.
WARNING
Please note that your input deployment names must match your input namespace. Otherwise, an error (deployments \"your input deployment name\" not found) will be returned. It is recommended to run the List All Namespace Deployments command and find your desired pair of “name”(deployment name) with “namespace” in the response raw data. Use that pair to run this command.
The default value of NameSpace field is default. If you choose to leave this optional field empty, the default value will be used. Please make sure the default value matches your input deployment name. Otherwise, please change your namespace to your desired value.
Input
Input Parameter | Required/Optional | Description | Example |
Deployment Names | Required | The names of the deployments to be deleted. Deployment Names can be obtained using the List All Namespace Deployments command. | [ "deployment-*****" ] |
NameSpace | Optional | The namespace in which the deployment will be deleted. NameSpace can be obtained using the List All Namespace Deployments command. If not specified, the default value of NameSpace, which is "default", will be used. | default |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Delete Deployment failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Deployment Not Found. |
Error Sample Data Delete Deployment failed. Status Code: 404. Message: Deployment Not Found. |
Delete Node Pool
Deletes a node pool from a cluster.
READER NOTE
Node Pool Name is a required parameter to run this command.
Run the List Node Pools command to obtain the Node Pool Name. Node Pool Names can be found in the raw data at the path $.nodePools.name.
Input
Input Parameter | Required/Optional | Description | Example |
Node Pool Name | Required | The name of the node pool to be deleted. Node Pool Name can be obtained using the List Node Pools command. | nodepool-api-***** |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Delete Node Pool failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code Listt for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Node Pool Not Found. |
Error Sample Data Delete Node Pool failed. Status Code: 404. Message: Node Pool Not Found. |
Delete Pods
Deletes pod(s) in the specified namespace.
READER NOTE
The parameter Pod Names is required to run this command.
Run the List All Namespace Pods command to obtain Pod Names. Pod Names can be found in the raw data at the path $.items[*].metadata.name.
NameSpace is an optional parameter to run this command.
Run the List All NameSpace Pods command to obtain NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.namespace.
WARNING
Please note that your input pod names must match your input namespace. Otherwise, an error (pods \"your input pod name\" not found) will be returned. It is recommended that you run the List All Namespace Pods command and find your desired pair of “name”(pod name) with “namespace” in the response raw data. Use that pair to run this command.
The default value of NameSpace field is default. If you choose to leave this optional field empty, the default value will be used. Please make sure the default value matches your input pod name, otherwise, please change your namespace to your desired value.
Input
Input Parameter | Required/Optional | Description | Example |
NameSpace | Optional | The namespace in which the pod(s) will be deleted. NameSpace can be obtained using the List All Namespace Pods command. If not specified, the default value of NameSpace, which is "default", will be used. | default |
Pod Names | Required | The names of the pods to be deleted. Pod Names can be obtained using the List All Namespace Pods command. | [ "busybox-test***" ] |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Delete Pods failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Pod Not Found. |
Error Sample Data Delete Pods failed. Status Code: 404. Message: Pod Not Found. |
Delete Services
Deletes one or more services with the specified name in the specified namespace.
READER NOTE
The parameter Service Names is required to run this command.
Run the List All Namespace Services command to obtain Service Names. Service Names can be found in the raw data at the path $.items[*].metadata.name.
NameSpace is an optional parameter to run this command.
Run the List All NameSpace Services command to obtain NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.namespace.
WARNING
Please note that your input service names must match your input namespace. Otherwise, an error (services \"your input service name\" not found) will be returned. It is recommended that you run the List All Namespace Services command and find your desired pair of “name”(service name) with “namespace” in the response raw data. Use that pair to run this command.
The default value of NameSpace field is default. If you choose to leave this optional field empty, the default value will be used. Please make sure the default value matches your input deployment name. Otherwise, please change your namespace to your desired value.
Input
Input Parameter | Required/Optional | Description | Example |
Service Names | Required | The names of the services to be deleted. Service Names can be obtained using the List All Namespace Services command. | [ "*****" ] |
NameSpace | Optional | The namespace in which the service will be deleted. NameSpace can be obtained using the List All Namespace Services command. If not specified, the default value of NameSpace, which is "default", will be used. | default |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Delete Services failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Service Not Found. |
Error Sample Data Delete Services failed. Status Code: 404. Message: Service Not Found. |
Describe Pods
Retrieves detailed information of the specified pod in the specific namespace.
READER NOTE
The parameter Pod Names is required to run this command.
Run the List All Namespace Pods command to obtain Pod Names. Pod Names can be found in the raw data at the path $.items[*].metadata.name.
NameSpace is an optional parameter to run this command.
Run the List All NameSpace Pods command to obtain NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.namespace.
WARNING
Please note that your input pod names must match your input namespace. Otherwise, an error (pods \"your input pod name\" not found) will be returned. It is recommended that you run the List All Namespace Pods command and find your desired pair of “name”(pod name) with “namespace” in the response raw data. Use that pair to run this command.
The default value of NameSpace field is default. If you choose to leave this optional field empty, the default value will be used. Please make sure the default value matches your input pod name Otherwise, please change your namespace to your desired value.
Input
Input Parameter | Required/Optional | Description | Example |
NameSpace | Optional | The namespace in which the pod(s) will be described. NameSpace can be obtained using the List All Namespace Pods command. If not specified, the default value of NameSpace, which is "default", will be used. | default |
Pod Names | Required | The names of the pods to be described. Pod Names can be obtained using the List All Namespace Pods command. | ["pod-0***a"] |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Describe Pod failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Permission denied. |
Error Sample Data Describe Pod failed. Status Code: 403. Message: Permission denied. |
Get Deployment Scale
Retrieves the scale information of the specified deployments.
READER NOTE
The parameter Deployment Names is required to run this command.
Run the List All Namespace Deployments command to obtain Deployment Names. Deployment Names can be found in the raw data at the path $.items[*].metadata.name.
NameSpace is an optional parameter to run this command.
Run the List All NameSpace Deployments command to obtain NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.namespace.
WARNING
Please note that your input deployment names must match your input namespace. Otherwise, an error (deployments \"your input deployment name\" not found) will be returned. It is recommended that you run the List All Namespace Deployments command and find your desired pair of “name”(deployment name) with “namespace” in the response raw data. Use that pair to run this command.
The default value of NameSpace field is default. If you choose to leave this optional field empty, the default value will be used. Please make sure the default value matches your input deployment name. Otherwise, please change your namespace to your desired value.
Input
Input Parameter | Required/Optional | Description | Example |
Deployment Names | Required | The names of the deployments. Deployment Names can be obtained using the List All Namespace Deployments command. | [ "nginx-*" ] |
NameSpace | Required | The namespace of the deployment. NameSpace can be obtained using the List All Namespace Deployments command. If not specified, the default value of NameSpace, which is "default", will be used. | default |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Deployment Scale failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Deployment Not Found. |
Error Sample Data Get Deployment Scale failed. Status Code: 404. Message: Deployment Not Found. |
Get Pod Log
Retrieves the log of the specified pods.
READER NOTE
The parameter Pod Names is required to run this command.
Run the List All Namespace Pods command to obtain Pod Names. Pod Names can be found in the raw data at the path $.items[*].metadata.name.
NameSpace and Container are optional parameters to run this command.
Run the List All NameSpace Pods command to obtain NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.namespace.
Run the List Namespace Pods command to obtain the Container. Containers can be found in the raw data at the path $.items[*].spec.containers[*].name.
WARNING
Please note that your input pod names must match your input namespace. Otherwise, an error (pods \"your input pod name\" not found) will be returned. It is recommended that you run the List All Namespace Pods command and find your desired pair of “name”(pod name) with “namespace” in the response raw data. Use that pair to run this command.
The default value of NameSpace field is default. If you choose to leave this optional field empty, the default value will be used. Please make sure the default value matches your input pod name. Otherwise, please change your namespace to your desired value.
Input
Input Parameter | Required/Optional | Description | Example |
Pod Names | Required | The names of the pods. Pod Names can be obtained using the List All Namespace Pods command. | [ "mypod" ] |
Namespace | Optional | The namespace of the pods. Namespace can be obtained using the List All Namespace Pods command. If not specified, the default value of NameSpace, which is "default", will be used. | default |
Container | Optional | The name of the container of the pods. Container can be obtained using the List Namespace Pods command. If there is only one container in the pod, specifying the container name is not necessary. | "test-container" |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Pod Log failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Pod Not Found. |
Error Sample Data Get Pod Log failed. Status Code: 404. Message: Pod Not Found. |
Get Pod Status
Retrieves the status of specified pods.
READER NOTE
Pod Names and Namespace are required parameters to run this command.
Run the List All Namespace Pods command to obtain Pod Names. Pod Names can be found in the raw data at the path $.items[*].metadata.name.
Run the List All Namespace Pods command to obtain Namespace. Namespaces can be found in the raw data at the path $.items[*].metadata.namespace.
WARNING
Please note that your input pod names must match your input namespace, otherwise, an error (pods \"your input pod name\" not found) will be returned. It is recommended that you run the List All Namespace Pods command and find your desired pair of “name”(pod name) with “namespace” in the reponse raw data. Use that pair to run this command.
Input
Input Parameter | Required/Optional | Description | Example |
Pod Names | Required | The names of the pods. Pod Names can be obtained using the List All Namespace Pods command. | [ "d3-pod-test***" ] |
Namespace | Required | The namespace of the pods. Namespace can be obtained using the List All Namespace Pods command. If not specified, the default value of NameSpace, which is "default", will be used. | default |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Pod Status failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Pod Not Found. |
Error Sample Data Get Pod Status failed. Status Code: 404. Message: Pod Not Found. |
List All Namespace Deployments
Returns a list of all namespace deployments.
Input
N/A
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List All Namespace Deployments failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Permission denied. |
Error Sample Data List All Namespace Deployments failed. Status Code: 403. Message: Permission denied. |
List All Namespace Pods
Returns a list of all namespace pods.
Input
N/A
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List All Namespace Pods failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Permission denied. |
Error Sample Data List All Namespace Pods failed. Status Code: 403. Message: Permission denied. |
List All Namespace Services
Lists all services in all namespaces.
Input
N/A
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List All Namespace Services failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Permission denied. |
Error Sample Data List All Namespace Services failed. Status Code: 403. Message: Permission denied. |
List Namespace Pods
Lists the pods of the specified namespace.
READER NOTE
NameSpace is an optional parameter to run this command.
Run the List Namespaces command to obtain NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.name.
Input
Input Parameter | Required/Optional | Description | Example |
NameSpace | Optional | The namespace of the pods. NameSpace can be obtained using the List Namespaces command. | default |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Namespace Pods failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Permission denied. |
Error Sample Data List Namespace Pods failed. Status Code: 403. Message: Permission denied. |
List Namespaces
Lists all namespaces
Input
N/A
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Namespaces failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Permission denied. |
Error Sample Data List Namespaces failed. Status Code: 403. Message: Permission denied. |
List Node Pools
Lists the node pools for a cluster.
Input
N/A
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Node Pools failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Permission denied. |
Error Sample Data List Nodes failed. Failed to load gcloud. Status Code: 403. Message: Permission denied. |
List Nodes
Lists all nodes.
Input
N/A
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | List Nodes failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Permission denied. |
Error Sample Data List Nodes failed. Failed to load gcloud. Status Code: 403. Message: Permission denied. |
Replace Deployment Scale Replicas
Replaces the number of replicas for the specified deployments.
READER NOTE
The parameter Deployment Names is required to run this command.
Run the List All Namespace Deployments command to obtain Deployment Names. Deployment Names can be found in the raw data at the path $.items[*].metadata.name.
NameSpace is an optional parameter to run this command.
Run the List All NameSpace Deployments command to obtain NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.namespace.
WARNING
Please note that your input deployment names must match your input namespace, otherwise, an error (deployments \"your input deployment name\" not found) will be returned. It is recommended that you run the List All Namespace Deployments command and find your desired pair of “name”(deployment name) with “namespace” in the response raw data. Use that pair to run this command.
The default value of NameSpace field is default. If you choose to leave this optional field empty, the default value will be used. Please make sure the default value matches your input deployment name. Otherwise, please change your namespace to your desired value.
Input
Input Parameter | Required/Optional | Description | Example |
Deployment Names | Required | The names of the deployments. Deployment Names can be obtained using the List All Namespace Deployments command. | [ "nginx-*" ] |
NameSpace | Optional | The namespace of the deployment. NameSpace can be obtained using the List All Namespace Deployments command. If not specified, the default value of NameSpace, which is "default", will be used. | default |
Number of Replicas | Required | The number of replicas. | 2 |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Replace Deployment Scale Replicas failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Deployment Not Found. |
Error Sample Data Replace Deployment Scale Replicas failed. Status Code: 404. Message: Deployment Not Found. |
Restart Deployment
Restarts the specified deployment.
READER NOTE
The parameter Deployment Names is required to run this command.
Run the List All Namespace Deployments command to obtain Deployment Names. Deployment Names can be found in the raw data at the path $.items[*].metadata.name.
NameSpace is an optional parameter to run this command.
Run the List All NameSpace Deployments command to obtain NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.namespace.
WARNING
Please note that your input deployment names must match your input namespace Otherwise, an error (deployments \"your input deployment name\" not found) will be returned. It is recommended to run the List All Namespace Deployments command, and find your desired pair of “name”(deployment name) with “namespace” in the response raw data. Use that pair to run this command.
The default value of NameSpace field is default. If you choose to leave this optional field empty, the default value will be used. Please make sure the default value matches your input deployment name. Otherwise, please change your namespace to your desired value.
Input
Input Parameter | Required/Optional | Description | Example |
Deployment Names | Required | The names of the deployments. Deployment Names can be obtained using the List All Namespace Deployments command. | [ "nginx-*" ] |
NameSpace | Optional | The namespace of the deployment. NameSpace can be obtained using the List All Namespace Deployments command. If not specified, the default value of NameSpace, which is "default", will be used. | default |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Restart Deployment failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Deployment Not Found. |
Error Sample Data Restart Deployment failed. Status Code: 404. Message: Deployment Not Found. |
Set Node Pool Size
Sets the size for a specific node pool.
READER NOTE
Node Pool Name is a required parameter to run this command.
Run the List Node Pool command to obtain the Node Pool Name. Node Pool Name can be found in the raw data at the path $.nodePools.name.
Input
Input Parameter | Required/Optional | Description | Example |
Node Pool Name | Required | The name of the node pool to set size. Node Pool Name can be obtained using the List Node Pool command. | nodepool-api-***** |
Node Count | Required | The desired node count for the pool. | 2 |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Update Ticket failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Permission denied. |
Error Sample Data Node Pool Size failed. Failed to load gcloud. Status Code: 403. Message: Permission denied. |
Update Deployment
Updates a deployment with the specified configuration in the specified namespace.
READER NOTE
Deployment Name is a required parameter to run this command.
Run the List All Namespace Deployments command to obtain Deployment Names. Deployment Names can be found in the raw data at the path $.items[*].metadata.name.
NameSpace is an optional parameter to run this command.
Run the List All NameSpace Deployments command to obtain NameSpace. NameSpaces can be found in the raw data at the path $.items[*].metadata.namespace.
WARNING
Please note that your input deployment names must match your input namespace. Otherwise, an error (deployments \"your input deployment name\" not found) will be returned. It is recommended that you run the List All Namespace Deployments command and find your desired pair of “name”(deployment name) with “namespace” in the response raw data. Use that pair to run this command.
The default value of NameSpace field is default. If you choose to leave this optional field empty, the default value will be used. Please make sure the default value matches your input deployment name. Otherwise, please change your namespace to your desired value.
Input
Input Parameter | Required/Optional | Description | Example |
Deployment Name | Required | The name of the deployment that will be updated. Deployment Name can be obtained using the List All Namespace Deployments command. | deployment-***** |
NameSpace | Optional | The namespace in which the deployment will be updated. NameSpace can be obtained using the List All Namespace Deployments command. If not specified, the default value of NameSpace, which is "default", will be used. | default |
Configuration | Required | The configuration update of the deployment. The format is YAML or JSON. | apiVersion: apps/v1 |
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Update Deployment failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Permission denied. |
Error Sample Data Update Deployment failed. Failed to load gcloud. Status Code: 403. Message: Permission denied. |
Test Connection
Allows you to perform a health check on an integration connection. You can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.
Input
N/A
Output
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Test Connection failed. Failed to check the connector. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Google Cloud Platform(GCP) portal. Refer to the Google Kubernetes Engine Error Code List for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: ‘gcloud’ is not recognized as an internal or external command, operable program or batch file. |
Error Sample Data Test Connection failed. Failed to check the connector. Status Code: 400. Message: ‘gcloud’ is not recognized as an internal or external command, operable program or batch file. |
FAQ
Connection Error: ‘gcloud’ is not recognized as an internal or external command, operable program or batch file
Make sure the Google Cloud SDK have to be installed in D3 SOAR hosting server and D3 proxy server (if any).
Make sure the installed Google Cloud SDK is under the file directory C:\Program Files (x86)\Google.
Connection Error: Permission denied. Please verify that you have permissions to write to the parent directory.
Make sure the D3 SOAR has a local system right on the hosting server.
Deploying to Google Kubernetes Engine Permission
By default, GKE uses the Compute Engine service account as the identity for nodes. This default service account has read-only access to Artifact Registry repositories in the same Google Cloud project.
If your repositories are in a different project or if you use a user-managed service account as the identity for your nodes, you must grant the Artifact Registry Reader role to the service account. To upload to repositories from nodes, grant the Artifact Registry Writer role.