33
GitHub - aquasecurity/kube-query: [EXPERIMENTAL] Extend osquery to report on Kub...
source link: https://github.com/aquasecurity/kube-query
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
kube-query
kube-query is an extension for osquery, letting you visualize your cluster using sql queries.
Deployment
Prerequisites
Go v1.12+
build
$ export GO111MODULE=on
$ go build kube-query.go Running kube-query
When running kube-query, you should always pass the -kubeconfig flag, specifying the path to your kubeconfig file.
osqueryi
When using the osqueryi tool you can easily register kube-query by passing the -socket parameter to kube-query on another process. For example:./kube-query -socket="/path/to/osquery/socket" -kubeconfig="/path/to/kubeconfig.yml"
One way to get the path to the osquery socket is like this:
osqueryi --nodisable_extensions
osquery> select value from osquery_flags where name = 'extensions_socket';
+-----------------------------------+
| value |
+-----------------------------------+
| /Users/USERNAME/.osquery/shell.em |
+-----------------------------------+
There are many other options to automatically register extensions.
Example Queries
# query all kube-system pods SELECT * FROM kubernetes_pods WHERE namespace="kube-system"; # query all containers created by kubernetes SELECT * FROM kubernetes_containers; # query all pods that runs with a privileged container SELECT * FROM kubernetes_containers JOIN kubernetes_pods ON kubernetes_containers.pod_uid=kubernetes_pods.uid WHERE privileged="True";
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK