cluster_containers_countcluster_countcluster_cronjobs_countcluster_daemonsets_countcluster_deployments_countcluster_inputcluster_jobs_countcluster_namespace_countcluster_namespaces_countcluster_namespaces_tablecluster_node_countcluster_nodes_countcluster_nodes_tablecluster_persistent_volumes_countcluster_persistent_volumes_tablecluster_pod_security_policy_countcluster_pod_security_policy_tablecluster_pods_countcluster_repliasets_countcluster_role_annotationscluster_role_binding_countcluster_role_binding_tablecluster_role_bindings_for_clustercluster_role_bindings_for_cluster_rolecluster_role_countcluster_role_inputcluster_role_labelscluster_role_overviewcluster_role_rules_countcluster_role_rules_detailcluster_role_rules_for_cluster_rolecluster_role_tablecluster_roles_for_clustercluster_services_countcluster_statefulsets_countclusters_for_namespaceclusters_for_nodeconfigmaps_for_containerconfigmaps_for_podcontainer_allow_privilege_escalationcontainer_allow_privilege_escalation_countcontainer_allow_privilege_escalation_statuscontainer_by_contextcontainer_by_context_namecontainer_by_namespacecontainer_by_podcontainer_countcontainer_cpu_resourcescontainer_immutable_root_filesystemcontainer_immutable_root_filesystem_countcontainer_immutable_root_filesystem_statuscontainer_inputcontainer_liveness_probecontainer_liveness_probe_countcontainer_liveness_probe_statuscontainer_memory_resourcescontainer_overviewcontainer_portscontainer_privilegedcontainer_privileged_countcontainer_privileged_statuscontainer_readiness_probecontainer_readiness_probe_countcontainer_readiness_probe_statuscontainer_volume_mountcontainers_for_cronjobcontainers_for_daemonsetcontainers_for_deploymentcontainers_for_jobcontainers_for_podcontainers_for_replicasetcronjob_1_year_countcronjob_24_hours_countcronjob_30_90_days_countcronjob_30_days_countcronjob_90_365_days_countcronjob_age_tablecronjob_annotationscronjob_by_contextcronjob_by_context_namecronjob_by_creation_monthcronjob_by_namespacecronjob_configuration_detailcronjob_container_host_ipccronjob_container_host_ipc_countcronjob_container_host_ipc_statuscronjob_container_host_networkcronjob_container_host_network_countcronjob_container_host_network_statuscronjob_container_host_pidcronjob_container_host_pid_countcronjob_container_host_pid_statuscronjob_countcronjob_default_namespacecronjob_default_namespace_countcronjob_default_namespace_statuscronjob_host_tablecronjob_inputcronjob_jobs_detailcronjob_labelscronjob_overviewcronjob_pods_detailcronjob_treecronjobs_for_jobcronjobs_for_namespacedaemonset_1_year_countdaemonset_24_hours_countdaemonset_30_90_days_countdaemonset_30_days_countdaemonset_90_365_days_countdaemonset_age_tabledaemonset_annotationsdaemonset_by_contextdaemonset_by_context_namedaemonset_by_creation_monthdaemonset_by_namespacedaemonset_conditionsdaemonset_container_host_ipcdaemonset_container_host_ipc_countdaemonset_container_host_ipc_statusdaemonset_container_host_networkdaemonset_container_host_network_countdaemonset_container_host_network_statusdaemonset_container_host_piddaemonset_container_host_pid_countdaemonset_container_host_pid_statusdaemonset_countdaemonset_default_namespacedaemonset_default_namespace_countdaemonset_default_namespace_statusdaemonset_host_tabledaemonset_inputdaemonset_labelsdaemonset_node_detaildaemonset_node_statusdaemonset_overviewdaemonset_pods_detaildaemonset_strategydaemonset_treedaemonsets_for_namespacedaemonsets_for_poddeployment_1_year_countdeployment_24_hours_countdeployment_30_90_days_countdeployment_30_days_countdeployment_90_365_days_countdeployment_age_tabledeployment_annotationsdeployment_by_contextdeployment_by_context_namedeployment_by_creation_monthdeployment_by_namespacedeployment_conditionsdeployment_container_host_ipcdeployment_container_host_ipc_countdeployment_container_host_ipc_statusdeployment_container_host_networkdeployment_container_host_network_countdeployment_container_host_network_statusdeployment_container_host_piddeployment_container_host_pid_countdeployment_container_host_pid_statusdeployment_container_replica_statusdeployment_countdeployment_default_namespacedeployment_default_namespace_countdeployment_default_namespace_statusdeployment_hadeployment_host_tabledeployment_inputdeployment_labelsdeployment_overviewdeployment_pods_detaildeployment_replicadeployment_replica_countdeployment_replicas_detaildeployment_replicas_tabledeployment_replicasets_detaildeployment_strategydeployment_treedeployments_for_namespacedeployments_for_poddeployments_for_replicasetdeployments_for_serviceendpoints_for_nodeingresses_for_serviceinit_containers_for_podjob_1_year_countjob_24_hours_countjob_30_90_days_countjob_30_days_countjob_90_365_days_countjob_age_tablejob_annotationsjob_by_contextjob_by_context_namejob_by_creation_monthjob_by_namespacejob_conditionsjob_container_host_ipcjob_container_host_ipc_countjob_container_host_ipc_statusjob_container_host_networkjob_container_host_network_countjob_container_host_network_statusjob_container_host_pidjob_container_host_pid_countjob_container_host_pid_statusjob_countjob_default_namespacejob_default_namespace_countjob_default_namespace_statusjob_host_tablejob_inputjob_labelsjob_overviewjob_pods_detailjob_status_detailjob_treejobs_for_cronjobjobs_for_namespacejobs_for_podkubernetes_cluster_resourceskubernetes_cluster_verbsnamespace_1_year_countnamespace_24_hours_countnamespace_30_90_days_countnamespace_30_days_countnamespace_90_365_days_countnamespace_age_tablenamespace_annotationsnamespace_by_contextnamespace_countnamespace_daemonset_countnamespace_daemonset_tablenamespace_deployment_countnamespace_deployment_tablenamespace_inputnamespace_labelsnamespace_overviewnamespace_pod_countnamespace_pod_tablenamespace_replicaset_countnamespace_replicaset_tablenamespace_service_countnamespace_service_tablenamespace_tablenamespaces_for_clusternode_1_year_countnode_24_hours_countnode_30_90_days_countnode_30_days_countnode_90_365_days_countnode_addressesnode_age_tablenode_allocatablenode_annotationsnode_by_contextnode_capacitynode_conditionsnode_containers_countnode_countnode_hierarchynode_inputnode_labelsnode_overviewnode_pod_detailsnode_pods_countnode_tablenodes_for_clusternodes_for_cronjobnodes_for_daemonsetnodes_for_deploymentnodes_for_jobnodes_for_replicasetnodes_for_statefulsetpersistent_volume_claims_for_containerpersistent_volumes_for_clusterpersistent_volumes_for_containerpersistent_volumes_for_podpod_1_year_countpod_24_hours_countpod_30_90_days_countpod_30_days_countpod_90_365_days_countpod_age_tablepod_annotationspod_by_contextpod_by_context_namepod_by_creation_monthpod_by_namespacepod_by_phasepod_conditionspod_configurationpod_containerpod_container_basic_detailpod_container_countpod_container_cpu_detailpod_container_host_ipcpod_container_host_ipc_countpod_container_host_ipc_statuspod_container_host_networkpod_container_host_network_countpod_container_host_network_statuspod_container_host_pidpod_container_host_pid_countpod_container_host_pid_statuspod_container_memory_detailpod_countpod_default_namespacepod_default_namespace_countpod_default_namespace_statuspod_host_tablepod_init_containers_detailpod_inputpod_labelspod_overviewpod_persistent_volume_claimspod_security_policies_for_clusterpod_statuspod_volumespods_for_containerpods_for_cronjobpods_for_daemonsetpods_for_deploymentpods_for_jobpods_for_nodepods_for_replicasetpods_for_servicepods_for_service_accountpods_for_statefulsetrbac_rule_analysisreplicaset_1_year_countreplicaset_24_hours_countreplicaset_30_90_days_countreplicaset_30_days_countreplicaset_90_365_days_countreplicaset_age_tablereplicaset_annotationsreplicaset_by_contextreplicaset_by_context_namereplicaset_by_creation_monthreplicaset_by_namespacereplicaset_conditionsreplicaset_container_host_ipcreplicaset_container_host_ipc_countreplicaset_container_host_ipc_statusreplicaset_container_host_networkreplicaset_container_host_network_countreplicaset_container_host_network_statusreplicaset_container_host_pidreplicaset_container_host_pid_countreplicaset_container_host_pid_statusreplicaset_countreplicaset_default_namespacereplicaset_default_namespace_countreplicaset_default_namespace_statusreplicaset_hareplicaset_host_tablereplicaset_inputreplicaset_labelsreplicaset_overviewreplicaset_pods_detailreplicaset_replicas_detailreplicaset_treereplicasets_for_deploymentreplicasets_for_namespacereplicasets_for_podreplicasets_for_servicerole_annotationsrole_bindings_for_namespacerole_bindings_for_rbacrole_bindings_for_rolerole_bindings_for_service_accountrole_default_namespacerole_inputrole_labelsrole_overviewrole_rules_countrole_rules_detailrole_rules_for_cluster_roleroles_for_namespaceroles_for_rbacroles_for_service_accountsecrets_for_containersecrets_for_podsecrets_for_service_accountservice_1_year_countservice_24_hours_countservice_30_90_days_countservice_30_days_countservice_90_365_days_countservice_account_annotationsservice_account_automount_tokenservice_account_default_namespaceservice_account_inputservice_account_labelsservice_account_overviewservice_account_rules_detailservice_accounts_for_cluster_roleservice_accounts_for_podservice_accounts_for_rbacservice_accounts_for_roleservice_age_tableservice_annotationsservice_by_contextservice_by_context_nameservice_by_creation_monthservice_by_namespaceservice_by_typeservice_countservice_default_namespaceservice_default_namespace_countservice_default_namespace_statusservice_inputservice_ip_detailsservice_labelsservice_overviewservice_pods_detailservice_portsservice_treeservice_typeservices_for_deploymentservices_for_namespaceservices_for_replicasetservices_for_statefulsetstatefulset_1_year_countstatefulset_24_hours_countstatefulset_30_90_days_countstatefulset_30_days_countstatefulset_90_365_days_countstatefulset_age_tablestatefulset_annotationsstatefulset_by_contextstatefulset_by_context_namestatefulset_by_creation_monthstatefulset_by_namespacestatefulset_conditionsstatefulset_container_host_ipcstatefulset_container_host_ipc_countstatefulset_container_host_ipc_statusstatefulset_container_host_networkstatefulset_container_host_network_countstatefulset_container_host_network_statusstatefulset_container_host_pidstatefulset_container_host_pid_countstatefulset_container_host_pid_statusstatefulset_containersstatefulset_countstatefulset_default_namespacestatefulset_default_namespace_countstatefulset_default_namespace_statusstatefulset_host_tablestatefulset_inputstatefulset_labelsstatefulset_overviewstatefulset_pods_detailstatefulset_replicasstatefulset_replicas_detailstatefulset_service_namestatefulset_strategystatefulset_treestatefulsets_for_namespacestatefulsets_for_podstatefulsets_for_servicevolumes_for_node
Query: service_accounts_for_rbac
Usage
powerpipe query kubernetes_insights.query.service_accounts_for_rbac
SQL
with rbac_role_input as ( select distinct role.uid as uid from kubernetes_role_binding as b, kubernetes_role as role, jsonb_array_elements(rules) as r, jsonb_array_elements_text(r -> 'resources') as re, jsonb_array_elements_text(r -> 'verbs') as v where role.name = b.role_name and b.context_name = role.context_name and ( v in ( select unnest (string_to_array($1, ',') :: text [ ]) ) or v = '*' ) and ( re in ( select unnest (string_to_array($2, ',') :: text [ ]) ) or re = '*' ) and b.context_name in ( select unnest (string_to_array($3, ',') :: text [ ]) ) union select distinct role.uid as uid from kubernetes_cluster_role_binding as b, kubernetes_cluster_role as role, jsonb_array_elements(rules) as r, jsonb_array_elements_text(r -> 'resources') as re, jsonb_array_elements_text(r -> 'verbs') as v where role.name = b.role_name and b.context_name = role.context_name and ( v in ( select unnest (string_to_array($1, ',') :: text [ ]) ) or v = '*' ) and ( re in ( select unnest (string_to_array($2, ',') :: text [ ]) ) or re = '*' ) and b.context_name in ( select unnest (string_to_array($3, ',') :: text [ ]) ))select a.uid as uidfrom kubernetes_service_account as a, kubernetes_cluster_role as r, kubernetes_cluster_role_binding as b, jsonb_array_elements(subjects) as swhere b.role_name = r.name and s ->> 'kind' = 'ServiceAccount' and s ->> 'name' = a.name and a.context_name = r.context_name and r.uid in ( select uid from rbac_role_input )unionselect a.uid as uidfrom kubernetes_service_account as a, kubernetes_role as r, kubernetes_role_binding as b, jsonb_array_elements(subjects) as swhere b.role_name = r.name and s ->> 'kind' = 'ServiceAccount' and s ->> 'name' = a.name and a.context_name = r.context_name and r.uid in ( select uid from rbac_role_input );Params
| Args | Name | Default | Description | Variable |
|---|---|---|---|---|
| $1 | verb | |||
| $2 | resource | |||
| $3 | cluster_context |