Table: kubernetes_deployment - Query Kubernetes Deployments using SQL

A Kubernetes Deployment is a resource object in Kubernetes that provides declarative updates for applications. It allows you to describe an application's life-cycle, such as which images to use for the app, the number of pod replicas, and the way to update them. In addition, it offers advanced features such as rollback and scaling.

Table Usage Guide

The kubernetes_deployment table provides insights into Deployments within Kubernetes. As a DevOps engineer, explore Deployment-specific details through this table, including the current and desired states, strategy used for updates, and associated metadata. Utilize it to manage the life-cycle of your applications, such as scaling up/down the number of replicas, rolling updates, and rollback to earlier versions.

Examples

Basic Info

Explore the status and availability of various components within a deployment, helping you understand the overall health and readiness of your system. This is useful for ongoing monitoring and troubleshooting of your deployment.

select
  name,
  namespace,
  status_replicas,
  ready_replicas,
  updated_replicas,
  available_replicas,
  unavailable_replicas,
  age(current_timestamp, creation_timestamp)
from
  kubernetes_deployment
order by
  namespace,
  name;

select
  name,
  namespace,
  status_replicas,
  ready_replicas,
  updated_replicas,
  available_replicas,
  unavailable_replicas,
  (julianday('now') - julianday(creation_timestamp)) * 86400.0
from
  kubernetes_deployment
order by
  namespace,
  name;

Configuration Info

Explore the status of your deployments in the Kubernetes environment. This query is beneficial to understand the settings of your deployments, such as whether they are paused or active, their generation status, and their selection strategy.

select
  name,
  paused,
  generate_name,
  generation,
  revision_history_limit,
  replicas,
  strategy,
  selector
from
  kubernetes_deployment;

select
  name,
  paused,
  generate_name,
  generation,
  revision_history_limit,
  replicas,
  strategy,
  selector
from
  kubernetes_deployment;

Container Images used in Deployments

Explore which container images are currently in use across different deployments. This query is useful in managing and tracking the versions of images used, aiding in troubleshooting and ensuring consistency across deployments.

select
  name as deployment_name,
  namespace,
  c ->> 'name' as container_name,
  c ->> 'image' as image
from
  kubernetes_deployment,
  jsonb_array_elements(template -> 'spec' -> 'containers') as c
order by
  namespace,
  name;

select
  name as deployment_name,
  namespace,
  json_extract(c.value, '$.name') as container_name,
  json_extract(c.value, '$.image') as image
from
  kubernetes_deployment,
  json_each(json_extract(template, '$.spec.containers')) as c
order by
  namespace,
  name;

List pods for a deployment

Determine the areas in which pods are being used for a specific deployment in a Kubernetes environment. This can be useful for understanding the deployment's resource utilization and identifying potential areas for optimization or troubleshooting.

select
  pod.namespace,
  d.name as deployment_name,
  rs.name as replicaset_name,
  pod.name as pod_name,
  pod.phase,
  age(current_timestamp, pod.creation_timestamp),
  pod.pod_ip,
  pod.node_name
from
  kubernetes_pod as pod,
  jsonb_array_elements(pod.owner_references) as pod_owner,
  kubernetes_replicaset as rs,
  jsonb_array_elements(rs.owner_references) as rs_owner,
  kubernetes_deployment as d
where
  pod_owner ->> 'kind' = 'ReplicaSet'
  and rs.uid = pod_owner ->> 'uid'
  and rs_owner ->> 'uid' = d.uid
  and d.name = 'frontend'
order by
  pod.namespace,
  d.name,
  rs.name,
  pod.name;

select
  pod.namespace,
  d.name as deployment_name,
  rs.name as replicaset_name,
  pod.name as pod_name,
  pod.phase,
  (
    julianday('now') - julianday(pod.creation_timestamp)
  ) as age,
  pod.pod_ip,
  pod.node_name
from
  kubernetes_pod as pod,
  json_each(pod.owner_references) as pod_owner,
  kubernetes_replicaset as rs,
  json_each(rs.owner_references) as rs_owner,
  kubernetes_deployment as d
where
  json_extract(pod_owner.value, '$.kind') = 'ReplicaSet'
  and rs.uid = json_extract(pod_owner.value, '$.uid')
  and json_extract(rs_owner.value, '$.uid') = d.uid
  and d.name = 'frontend'
order by
  pod.namespace,
  d.name,
  rs.name,
  pod.name;

List Pods with access to the to the host process ID, IPC, or network namespace

Identify the Kubernetes deployments that have access to the host's process ID, inter-process communication, or network namespace. This helps in pinpointing potential security vulnerabilities by highlighting the areas where a pod could potentially gain unauthorized access to sensitive host resources.

select
  namespace,
  name,
  template -> 'spec' ->> 'hostPID' as hostPID,
  template -> 'spec' ->> 'hostIPC' as hostIPC,
  template -> 'spec' ->> 'hostNetwork' as hostNetwork
from
  kubernetes_deployment
where
  template -> 'spec' ->> 'hostPID' = 'true'
  or template -> 'spec' ->> 'hostIPC' = 'true'
  or template -> 'spec' ->> 'hostNetwork' = 'true';

select
  namespace,
  name,
  json_extract(template, '$.spec.hostPID') as hostPID,
  json_extract(template, '$.spec.hostIPC') as hostIPC,
  json_extract(template, '$.spec.hostNetwork') as hostNetwork
from
  kubernetes_deployment
where
  json_extract(template, '$.spec.hostPID') = 'true'
  or json_extract(template, '$.spec.hostIPC') = 'true'
  or json_extract(template, '$.spec.hostNetwork') = 'true';

List manifest resources

Discover the segments that have allocated resources within a specific namespace in a Kubernetes deployment, allowing you to better manage and allocate resources efficiently. This is particularly useful in larger deployments where resource management is crucial.

select
  name,
  namespace,
  replicas,
  path
from
  kubernetes_deployment
where
  path is not null
order by
  namespace,
  name;

select
  name,
  namespace,
  replicas,
  path
from
  kubernetes_deployment
where
  path is not null
order by
  namespace,
  name;

Query examples

Control examples

Schema for kubernetes_deployment

Name	Type	Description
_ctx	jsonb	Steampipe context in JSON form.
annotations	jsonb	Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata.
available_replicas	bigint	Total number of available pods (ready for at least minReadySeconds) targeted by this deployment.
collision_count	bigint	Count of hash collisions for the Deployment. The Deployment controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ReplicaSet.
conditions	jsonb	Represents the latest available observations of a deployment's current state.
context_name	text	Kubectl config context name.
creation_timestamp	timestamp with time zone	CreationTimestamp is a timestamp representing the server time when this object was created.
deletion_grace_period_seconds	bigint	Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set.
deletion_timestamp	timestamp with time zone	DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted.
end_line	bigint	The path to the manifest file.
finalizers	jsonb	Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.
generate_name	text	GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided.
generation	bigint	A sequence number representing a specific generation of the desired state.
labels	jsonb	Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.
min_ready_seconds	bigint	Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0.
name	text	Name of the object. Name must be unique within a namespace.
namespace	text	Namespace defines the space within which each name must be unique.
observed_generation	bigint	The generation observed by the deployment controller.
owner_references	jsonb	List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
path	text	The path to the manifest file.
paused	boolean	Indicates that the deployment is paused.
progress_deadline_seconds	bigint	The maximum time in seconds for a deployment to make progress before it is considered to be failed.
ready_replicas	bigint	Total number of ready pods targeted by this deployment.
replicas	bigint	Number of desired pods. Defaults to 1.
resource_version	text	An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed.
revision_history_limit	bigint	The number of old ReplicaSets to retain to allow rollback.
selector	jsonb	Label selector for pods. A label selector is a label query over a set of resources.
selector_query	text	A query string representation of the selector.
source_type	text	The source of the resource. Possible values are: deployed and manifest. If the resource is fetched from the spec file the value will be manifest.
sp_connection_name	text	Steampipe connection name.
sp_ctx	jsonb	Steampipe context in JSON form.
start_line	bigint	The path to the manifest file.
status_replicas	bigint	Total number of non-terminated pods targeted by this deployment (their labels match the selector).
strategy	jsonb	The deployment strategy to use to replace existing pods with new ones.
tags	jsonb	A map of tags for the resource. This includes both labels and annotations.
template	jsonb	Template describes the pods that will be created.
title	text	Title of the resource.
uid	text	UID is the unique in time and space value for this object.
unavailable_replicas	bigint	Total number of unavailable pods targeted by this deployment.
updated_replicas	bigint	Total number of non-terminated pods targeted by this deployment that have the desired template spec.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- kubernetes

You can pass the configuration to the command with the --config argument:

steampipe_export_kubernetes --config '<your_config>' kubernetes_deployment