helm_charthelm_releasehelm_templatehelm_template_renderedhelm_valuekubernetes_cluster_rolekubernetes_cluster_role_bindingkubernetes_config_mapkubernetes_cronjobkubernetes_custom_resource_definitionkubernetes_daemonsetkubernetes_deploymentkubernetes_endpointkubernetes_endpoint_slicekubernetes_eventkubernetes_horizontal_pod_autoscalerkubernetes_ingresskubernetes_jobkubernetes_limit_rangekubernetes_namespacekubernetes_network_policykubernetes_nodekubernetes_persistent_volumekubernetes_persistent_volume_claimkubernetes_podkubernetes_pod_disruption_budgetkubernetes_pod_security_policykubernetes_pod_templatekubernetes_replicasetkubernetes_replication_controllerkubernetes_resource_quotakubernetes_rolekubernetes_role_bindingkubernetes_secretkubernetes_servicekubernetes_service_accountkubernetes_stateful_setkubernetes_storage_classkubernetes_{custom_resource_singular_name}
Table: kubernetes_cluster_role
ClusterRole contains rules that represent a set of permissions. You can use them to grant access to:
- cluster-scoped resources (like nodes)
- non-resource endpoints (like /healthz)
- namespaced resources (like Pods), across all namespaces
Examples
Basic Info
select name, creation_timestamp, rules, aggregation_rulefrom kubernetes_cluster_roleorder by name;List rules and verbs for cluster roles
select name as role_name, rule ->> 'apiGroups' as api_groups, rule ->> 'resources' as resources, rule ->> 'nonResourceURLs' as non_resource_urls, rule ->> 'verbs' as verbs, rule ->> 'resourceNames' as resource_namesfrom kubernetes_cluster_role, jsonb_array_elements(rules) as ruleorder by role_name, api_groups;Group cluster roles by same set of aggregation rules
select jsonb_agg(name) as roles, aggregation_rulefrom kubernetes_cluster_rolegroup by aggregation_rule;List manifest resources
select name, rules, aggregation_rule, pathfrom kubernetes_cluster_rolewhere path is not nullorder by name;Query examples
- cluster_role_annotations
- cluster_role_bindings_for_cluster_role
- cluster_role_count
- cluster_role_input
- cluster_role_labels
- cluster_role_rules_count
- cluster_role_rules_for_cluster_role
- cluster_role_table
- cluster_roles_for_cluster
- kubernetes_cluster_verbs
- service_accounts_for_cluster_role
.inspect kubernetes_cluster_role
ClusterRole contains rules that represent a set of permissions.
| Name | Type | Description |
|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
| aggregation_rule | jsonb | An optional field that describes how to build the Rules for this ClusterRole |
| annotations | jsonb | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. |
| context_name | text | Kubectl config context name. |
| creation_timestamp | timestamp with time zone | CreationTimestamp is a timestamp representing the server time when this object was created. |
| deletion_grace_period_seconds | bigint | Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. |
| deletion_timestamp | timestamp with time zone | DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. |
| end_line | bigint | The path to the manifest file. |
| finalizers | jsonb | Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. |
| generate_name | text | GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. |
| generation | bigint | A sequence number representing a specific generation of the desired state. |
| labels | jsonb | Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. |
| name | text | Name of the object. Name must be unique within a namespace. |
| owner_references | jsonb | List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. |
| path | text | The path to the manifest file. |
| resource_version | text | An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. |
| rules | jsonb | List of the PolicyRules for this Role. |
| source_type | text | The source of the resource. Possible values are: deployed and manifest. If the resource is fetched from the spec file the value will be manifest. |
| start_line | bigint | The path to the manifest file. |
| tags | jsonb | A map of tags for the resource. This includes both labels and annotations. |
| title | text | Title of the resource. |
| uid | text | UID is the unique in time and space value for this object. |