k8s
Open source container management platform.
Provider Summary
total services: 5
total methods: 267
total methods: 267
total resources: 33
selectable resources: 24
selectable resources: 24
See also:
[SHOW
] [DESCRIBE
] [REGISTRY
]
Installation
REGISTRY PULL k8s v23.01.00104;
Authentication
{
"k8s": {
"type": string, // authentication type to use, suported values include: bearer, null_auth
"credentialsenvvar": string, // env var name containing the api key or credentials
}
}
note
cluster_addr
is a required paramter for all operations using the k8s
provider, for example:
SELECT name, namespace, uid, creationTimestamp
FROM k8s.core_v1.service_account
WHERE cluster_addr = '35.244.65.136' AND namespace = 'kube-system'
ORDER BY name ASC;
Example using kubectl proxy
AUTH='{ "k8s": { "type": "null_auth" } }'
./stackql shell --auth="${AUTH}"
note
The protocol
parameter is required when accessing a Kubernetes cluster via kubectl proxy
, see the example below:
select name, namespace, uid, creationTimestamp
from k8s.core_v1.pod
where protocol = 'http'
and cluster_addr = 'localhost:8080'
order by name asc limit 3;
Example using direct cluster access
export K8S_TOKEN='eyJhbGciOiJ...'
AUTH='{ "k8s": { "type": "bearer", "credentialsenvvar": "K8S_TOKEN" } }'
stackql shell --auth="${AUTH}" --tls.CABundle k8s_cert_bundle.pem
note
You will need to generate a certificate bundle for your cluster (k8s_cert_bundle.pem
in the preceeding example), you can use the following code to generate this (for MacOS or Linux):
kubectl get secret -o jsonpath="{.items[?(@.type==\"kubernetes.io/service-account-token\")].data['ca\.crt']}" | base64 -i --decode > k8s_cert_bundle.pem
Alternatively, you could add the --tls.allowInsecure=true
argument to the stackql
command, it is not recommended however.