steampipe plugin install azure

Table: azure_kubernetes_cluster - Query Azure Kubernetes Services using SQL

Azure Kubernetes Service (AKS) is a managed container orchestration service provided by Microsoft Azure. AKS simplifies the deployment, scaling, and operations of Kubernetes, an open-source system for automating the deployment, scaling, and management of containerized applications. It provides developers with a scalable and highly available infrastructure that's ideal for deploying microservice apps.

Table Usage Guide

The azure_kubernetes_cluster table provides insights into each Kubernetes cluster within Azure Kubernetes Service (AKS). As a DevOps engineer, you can use this table to explore details about each cluster, including its configuration, health status, and performance metrics. This information can be useful for monitoring the state of your clusters, troubleshooting issues, and optimizing resource usage.

Examples

Basic Info

Analyze the settings to understand the fundamental details of your Azure Kubernetes clusters. This information can help you monitor and manage your clusters more effectively by providing insights into aspects such as their location, type, and SKU.

select
name,
id,
location,
type,
sku
from
azure_kubernetes_cluster;
select
name,
id,
location,
type,
sku
from
azure_kubernetes_cluster;

List clusters with a system assigned identity

Identify instances where your Azure Kubernetes clusters are using a system assigned identity. This is useful in managing and securing cluster resources, as system assigned identities allow Azure to automatically manage the credentials.

select
name,
id,
location,
type,
identity ->> 'type' as identity_type,
sku
from
azure_kubernetes_cluster
where
identity ->> 'type' = 'SystemAssigned';
select
name,
id,
location,
type,
json_extract(identity, '$.type') as identity_type,
sku
from
azure_kubernetes_cluster
where
json_extract(identity, '$.type') = 'SystemAssigned';

List clusters that have role-based access control (RBAC) disabled

Determine the areas in your Azure Kubernetes clusters where role-based access control (RBAC) is disabled. This can help enhance your security measures by identifying potential vulnerabilities and ensuring appropriate access controls are in place.

select
name,
id,
location,
type,
identity,
enable_rbac,
sku
from
azure_kubernetes_cluster
where
not enable_rbac;
select
name,
id,
location,
type,
identity,
enable_rbac,
sku
from
azure_kubernetes_cluster
where
not enable_rbac;

List clusters with an undesirable version (older than 1.20.5)

Identify instances where your clusters are running on an outdated version (older than 1.20.5) in Azure Kubernetes. This is beneficial for maintaining system security and performance by ensuring your clusters are up-to-date.

select
name,
id,
location,
type,
kubernetes_version
from
azure_kubernetes_cluster
where
kubernetes_version < '1.20.5';
select
name,
id,
location,
type,
kubernetes_version
from
azure_kubernetes_cluster
where
kubernetes_version < '1.20.5';

Control examples

Schema for azure_kubernetes_cluster

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
aad_profilejsonbProfile of Azure Active Directory configuration.
addon_profilesjsonbProfile of managed cluster add-on.
agent_pool_profilesjsonbProperties of the agent pool.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
api_server_access_profilejsonbAccess profile for managed cluster API server.
auto_scaler_profilejsonbParameters to be applied to the cluster-autoscaler when enabled.
auto_upgrade_profilejsonbProfile of auto upgrade configuration.
azure_portal_fqdntextFQDN for the master pool which used by proxy config.
cloud_environmenttextThe Azure Cloud Environment.
disk_encryption_set_idtextResourceId of the disk encryption set to use for enabling encryption at rest.
dns_prefixtextDNS prefix specified when creating the managed cluster.
enable_pod_security_policybooleanWhether to enable Kubernetes pod security policy (preview).
enable_rbacbooleanWhether to enable Kubernetes Role-Based Access Control.
fqdntextFQDN for the master pool.
fqdn_subdomaintextFQDN subdomain specified when creating private cluster with custom private dns zone.
idtextThe ID of the cluster.
identityjsonbThe identity of the managed cluster, if configured.
identity_profilejsonbIdentities associated with the cluster.
kubernetes_versiontextVersion of Kubernetes specified when creating the managed cluster.
linux_profilejsonbProfile for Linux VMs in the container service cluster.
locationtextThe location where the cluster is created.
max_agent_poolsbigintThe max number of agent pools for the managed cluster.
nametext=The name of the cluster.
network_profilejsonbProfile of network configuration.
node_resource_grouptextName of the resource group containing agent pool nodes.
pod_identity_profilejsonbProfile of managed cluster pod identity.
power_statejsonbRepresents the Power State of the cluster.
private_fqdntextFQDN of private cluster.
provisioning_statetextThe current deployment or provisioning state.
regiontextThe Azure region/location in which the resource is located.
resource_grouptext=The resource group which holds this resource.
service_principal_profilejsonbInformation about a service principal identity for the cluster to use for manipulating Azure APIs.
skujsonbThe managed cluster SKU.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
subscription_idtext=, !=, ~~, ~~*, !~~, !~~*The Azure Subscription ID in which the resource is located.
tagsjsonbA map of tags for the resource.
titletextTitle of the resource.
typetextThe type of the cluster.
windows_profilejsonbProfile for Windows VMs in the container service cluster.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_kubernetes_cluster