k8s

Supported platform

• kubernetes

Description

Kubernetes cluster

Fields

ID	TYPE	DESCRIPTION
serverVersion	dict	Cluster version
apiResources	[]k8s.apiresource	Available resource types
namespaces	[]k8s.namespace	Cluster namespaces
nodes	[]k8s.node	Cluster nodes
pods	[]k8s.pod	Cluster Pods
deployments	[]k8s.deployment	Cluster deployments
daemonsets	[]k8s.daemonset	Cluster DaemonSets
statefulsets	[]k8s.statefulset	Cluster StatefulSets
replicasets	[]k8s.replicaset	Cluster ReplicaSets
jobs	[]k8s.job	Cluster Jobs
cronjobs	[]k8s.cronjob	Cluster CronJobs
secrets	[]k8s.secret	Cluster Secrets
configmaps	[]k8s.configmap	ConfigMaps
services	[]k8s.service	Kubernetes Services
ingresses	[]k8s.ingress	Kubernetes Ingresses
serviceaccounts	[]k8s.serviceaccount	Kubernetes service accounts
clusterroles	[]k8s.rbac.clusterrole	Kubernetes RBAC ClusterRoles
clusterrolebindings	[]k8s.rbac.clusterrolebinding	Kubernetes RBAC ClusterRoleBindings
roles	[]k8s.rbac.role	Kubernetes RBAC roles
rolebindings	[]k8s.rbac.rolebinding	Kubernetes RBAC RoleBindings
podSecurityPolicies	[]k8s.podsecuritypolicy	Kubernetes PodSecurityPolicies, Deprecated: This was removed in Kubernetes v1.25
networkPolicies	[]k8s.networkpolicy	Kubernetes network policies
customresources	[]k8s.customresource	Kubernetes custom resources

Examples

List kubernetes pods with privileged containers

k8s.pods { containers.where(securityContext["privileged"] == true) name }

Check if the default namespace is used

k8s.pods.all( namespace != "default")

Query services accounts

k8s.serviceaccounts { name namespace secrets  }

Query RBAC cluster roles

k8s.roles { name namespace rules  }

Query RBAC role bindings

k8s.rolebindings { name namespace subjects  }

Query RBAC cluster role bindings

k8s.clusterrolebindings { name subjects  }

Query pod security policies

k8s.podSecurityPolicies { name manifest }

Query network policies

k8s.networkPolicies { name manifest }

References

• Kubernetes Documentation