Skip to main content

k8s

A description of the provider.

See also:
[SHOW] [DESCRIBE] [REGISTRY]


Installation

REGISTRY PULL k8s v0.1.1;

Authentication

{
"k8s": {
/**
* Type of authentication to use, suported values include: api_key, null_auth
* @type String
*/
"type": string,
/**
* Environment variable name containing the api key or credentials.
* @type String
*/
"credentialsenvvar": string,
/**
* Value prepended to the request header, e.g. "Bearer "
* Must be set to "Bearer "
* @type String
*/
"valuePrefix": string,
}
}
note

cluster_addr is a required paramter for all operations using the k8s provider, for example:

SELECT name, namespace, uid, creationTimestamp 
FROM k8s.core_v1.service_account
WHERE cluster_addr = '35.244.65.136' AND namespace = 'kube-system'
ORDER BY name ASC;

Example using kubectl proxy

AUTH='{ "k8s": { "type": "null_auth" } }'
./stackql shell --auth="${AUTH}"
note

The protocol parameter is required when accessing a Kubernetes cluster via kubectl proxy, see the example below:

select name, namespace, uid, creationTimestamp 
from k8s.core_v1.pod
where protocol = 'http'
and cluster_addr = 'localhost:8080'
order by name asc limit 3;

Example using direct cluster access

export K8S_TOKEN='eyJhbGciOiJ...'
AUTH='{ "k8s": { "type": "api_key", "valuePrefix": "Bearer ", "credentialsenvvar": "K8S_TOKEN" } }'
stackql shell --auth="${AUTH}" --tls.CABundle k8s_cert_bundle.pem
note

You will need to generate a certificate bundle for your cluster (k8s_cert_bundle.pem in the preceeding example), you can use the following code to generate this (for MacOS or Linux):

kubectl get secret -o jsonpath="{.items[?(@.type==\"kubernetes.io/service-account-token\")].data['ca\.crt']}" | base64 -i --decode > k8s_cert_bundle.pem

Alternatively, you could add the --tls.allowInsecure=true argument to the stackql command, it is not recommended however.

Services