Skip to main content

k8s

Open source container management platform.

Provider Summary
total services: 5
total methods: 267
total resources: 33
selectable resources: 24

See also:
[SHOW] [DESCRIBE] [REGISTRY]


Installation

REGISTRY PULL k8s v23.01.00104;

Authentication


{
"k8s": {
"type": string, // authentication type to use, suported values include: bearer, null_auth
"credentialsenvvar": string, // env var name containing the api key or credentials
}
}

note

cluster_addr is a required paramter for all operations using the k8s provider, for example:

SELECT name, namespace, uid, creationTimestamp 
FROM k8s.core_v1.service_account
WHERE cluster_addr = '35.244.65.136' AND namespace = 'kube-system'
ORDER BY name ASC;

Example using kubectl proxy

AUTH='{ "k8s": { "type": "null_auth" } }'
./stackql shell --auth="${AUTH}"
note

The protocol parameter is required when accessing a Kubernetes cluster via kubectl proxy, see the example below:

select name, namespace, uid, creationTimestamp 
from k8s.core_v1.pod
where protocol = 'http'
and cluster_addr = 'localhost:8080'
order by name asc limit 3;

Example using direct cluster access

export K8S_TOKEN='eyJhbGciOiJ...'
AUTH='{ "k8s": { "type": "bearer", "credentialsenvvar": "K8S_TOKEN" } }'
stackql shell --auth="${AUTH}" --tls.CABundle k8s_cert_bundle.pem
note

You will need to generate a certificate bundle for your cluster (k8s_cert_bundle.pem in the preceeding example), you can use the following code to generate this (for MacOS or Linux):

kubectl get secret -o jsonpath="{.items[?(@.type==\"kubernetes.io/service-account-token\")].data['ca\.crt']}" | base64 -i --decode > k8s_cert_bundle.pem

Alternatively, you could add the --tls.allowInsecure=true argument to the stackql command, it is not recommended however.

Services