azure_ad_groupazure_ad_service_principalazure_ad_userazure_alert_managementazure_api_managementazure_app_configurationazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_app_service_web_app_slotazure_application_gatewayazure_application_insightazure_application_security_groupazure_automation_accountazure_automation_variableazure_bastion_hostazure_batch_accountazure_cognitive_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_accessazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_ssh_keyazure_compute_virtual_machineazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_compute_virtual_machine_scale_set_network_interfaceazure_compute_virtual_machine_scale_set_vmazure_container_groupazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_collectionazure_cosmosdb_mongo_databaseazure_cosmosdb_restorable_database_accountazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_databox_edge_deviceazure_databricks_workspaceazure_diagnostic_settingazure_dns_zoneazure_eventgrid_domainazure_eventgrid_topicazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_firewall_policyazure_frontdoorazure_hdinsight_clusterazure_healthcare_serviceazure_hpc_cacheazure_hybrid_compute_machineazure_hybrid_kubernetes_connected_clusterazure_iothubazure_iothub_dpsazure_key_vaultazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_key_versionazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_kubernetes_service_versionazure_kusto_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_locationazure_log_alertazure_log_profileazure_logic_app_workflowazure_machine_learning_workspaceazure_management_groupazure_management_lockazure_mariadb_serverazure_monitor_activity_log_eventazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mssql_virtual_machineazure_mysql_flexible_serverazure_mysql_serverazure_nat_gatewayazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_flexible_serverazure_postgresql_serverazure_private_dns_zoneazure_providerazure_public_ipazure_recovery_services_backup_jobazure_recovery_services_vaultazure_redis_cacheazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_automationazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_sub_assessmentazure_security_center_subscription_pricingazure_service_fabric_clusterazure_servicebus_namespaceazure_signalr_serviceazure_spring_cloud_serviceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_share_fileazure_storage_syncazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_synapse_workspaceazure_tenantazure_virtual_networkazure_virtual_network_gateway
Table: azure_kubernetes_cluster
Azure Kubernetes orchestrates clusters of virtual machines and schedules containers to run on those virtual machines based on their available compute resources and the resource requirements of each container.
Examples
Basic Info
select name, id, location, type, skufrom azure_kubernetes_cluster;
List clusters with a system assigned identity
select name, id, location, type, identity ->> 'type' as identity_type, skufrom azure_kubernetes_clusterwhere identity ->> 'type' = 'SystemAssigned';
List clusters that have role-based access control (RBAC) disabled
select name, id, location, type, identity, enable_rbac, skufrom azure_kubernetes_clusterwhere not enable_rbac;
List clusters with an undesirable version (older than 1.20.5)
select name, id, location, type, kubernetes_versionfrom azure_kubernetes_clusterwhere kubernetes_version < '1.20.5';
Query examples
- compute_disk_encryption_sets_for_kubernetes_cluster
- kubernetes_cluster_agent_pools
- kubernetes_cluster_auto_scaler_profile_disabled_count
- kubernetes_cluster_by_kubernetes_version
- kubernetes_cluster_by_region
- kubernetes_cluster_by_sku_name
- kubernetes_cluster_by_subscription
- kubernetes_cluster_count
- kubernetes_cluster_disk_unencrypted_count
- kubernetes_cluster_node_pool_count
- kubernetes_cluster_pod_security_policy_disabled_count
- kubernetes_cluster_public_access_disabled_count
- kubernetes_cluster_rbac_disabled_count
- kubernetes_cluster_tags
- kubernetes_cluster_version
Control examples
- kubernetes_cluster_expected_tag_values
- kubernetes_cluster_mandatory
- kubernetes_cluster_prohibited
- kubernetes_cluster_tag_limit
- kubernetes_cluster_untagged
- compute_virtual_machine_scale_set_vms_for_kubernetes_cluster
- compute_virtual_machine_scale_sets_for_kubernetes_cluster
- kubernetes_cluster_auto_scaler_profile_status
- kubernetes_cluster_by_resource_group
- kubernetes_cluster_disk_by_encryption_status
- kubernetes_cluster_disk_encryption_details
- kubernetes_cluster_disk_encryption_status
- kubernetes_cluster_input
- kubernetes_cluster_overview
- kubernetes_cluster_public_access_status
- kubernetes_cluster_rbac_status
- kubernetes_cluster_status
- kubernetes_clusters_for_compute_virtual_machine_scale_set
- kubernetes_cluster_add_on_azure_policy_enabled
- kubernetes_cluster_addon_azure_policy_enabled
- kubernetes_cluster_authorized_ip_range_defined
- kubernetes_cluster_key_vault_secret_rotation_enabled
- kubernetes_cluster_logging_enabled
- kubernetes_cluster_max_pod_50
- kubernetes_cluster_network_policy_enabled
- kubernetes_cluster_node_restrict_public_access
- kubernetes_cluster_os_and_data_disks_encrypted_with_cmk
- kubernetes_cluster_restrict_public_access
- kubernetes_cluster_sku_standard
- kubernetes_cluster_temp_disks_and_agent_node_pool_cache_encrypted_at_host
- kubernetes_cluster_upgrade_channel
- kubernetes_cluster_upgraded_with_non_vulnerable_version
- kubernetes_instance_rbac_enabled
.inspect azure_kubernetes_cluster
Azure Kubernetes Cluster
Name | Type | Description |
---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
aad_profile | jsonb | Profile of Azure Active Directory configuration. |
addon_profiles | jsonb | Profile of managed cluster add-on. |
agent_pool_profiles | jsonb | Properties of the agent pool. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. |
api_server_access_profile | jsonb | Access profile for managed cluster API server. |
auto_scaler_profile | jsonb | Parameters to be applied to the cluster-autoscaler when enabled. |
auto_upgrade_profile | jsonb | Profile of auto upgrade configuration. |
azure_portal_fqdn | text | FQDN for the master pool which used by proxy config. |
cloud_environment | text | The Azure Cloud Environment. |
disk_encryption_set_id | text | ResourceId of the disk encryption set to use for enabling encryption at rest. |
dns_prefix | text | DNS prefix specified when creating the managed cluster. |
enable_pod_security_policy | boolean | Whether to enable Kubernetes pod security policy (preview). |
enable_rbac | boolean | Whether to enable Kubernetes Role-Based Access Control. |
fqdn | text | FQDN for the master pool. |
fqdn_subdomain | text | FQDN subdomain specified when creating private cluster with custom private dns zone. |
id | text | The ID of the cluster. |
identity | jsonb | The identity of the managed cluster, if configured. |
identity_profile | jsonb | Identities associated with the cluster. |
kubernetes_version | text | Version of Kubernetes specified when creating the managed cluster. |
linux_profile | jsonb | Profile for Linux VMs in the container service cluster. |
location | text | The location where the cluster is created. |
max_agent_pools | bigint | The max number of agent pools for the managed cluster. |
name | text | The name of the cluster. |
network_profile | jsonb | Profile of network configuration. |
node_resource_group | text | Name of the resource group containing agent pool nodes. |
pod_identity_profile | jsonb | Profile of managed cluster pod identity. |
power_state | jsonb | Represents the Power State of the cluster. |
private_fqdn | text | FQDN of private cluster. |
provisioning_state | text | The current deployment or provisioning state. |
region | text | The Azure region/location in which the resource is located. |
resource_group | text | The resource group which holds this resource. |
service_principal_profile | jsonb | Information about a service principal identity for the cluster to use for manipulating Azure APIs. |
sku | jsonb | The managed cluster SKU. |
subscription_id | text | The Azure Subscription ID in which the resource is located. |
tags | jsonb | A map of tags for the resource. |
title | text | Title of the resource. |
type | text | The type of the cluster. |
windows_profile | jsonb | Profile for Windows VMs in the container service cluster. |