Table: k8s_core_resource_quotas

This table shows data for Kubernetes (K8s) Core Resource Quotas.

The primary key for this table is uid.

Columns

NameType
_cq_iduuid
_cq_parent_iduuid
contextutf8
kindutf8
api_versionutf8
nameutf8
namespaceutf8
uid (PK)utf8
resource_versionutf8
generationint64
deletion_grace_period_secondsint64
labelsjson
annotationsjson
owner_referencesjson
finalizerslist<item: utf8, nullable>
spec_hardjson
spec_scopeslist<item: utf8, nullable>
spec_scope_selectorjson
status_hardjson
status_usedjson

Example Queries

These SQL queries are sampled from CloudQuery policies and are compatible with PostgreSQL.

Namespace enforces resource quota cpu limits

SELECT
  DISTINCT
  k8s_core_namespaces.uid AS resource_id,
  'Namespace enforces resource quota cpu limits' AS title,
  k8s_core_namespaces.context AS context,
  k8s_core_namespaces.name AS namespace,
  k8s_core_namespaces.name AS resource_name,
  CASE
  WHEN (
    SELECT
      count(*)
    FROM
      k8s_core_resource_quotas
    WHERE
      namespace = k8s_core_namespaces.name
      AND context = k8s_core_namespaces.context
      AND (spec_hard->>'limits.cpu') IS NOT NULL
  )
  = 0
  THEN 'fail'
  ELSE 'pass'
  END
    AS status
FROM
  k8s_core_namespaces;

Namespace enforces resource quota cpu request

SELECT
  DISTINCT
  k8s_core_namespaces.uid AS resource_id,
  'Namespace enforces resource quota cpu request' AS title,
  k8s_core_namespaces.context AS context,
  k8s_core_namespaces.name AS namespace,
  k8s_core_namespaces.name AS resource_name,
  CASE
  WHEN (
    SELECT
      count(*)
    FROM
      k8s_core_resource_quotas
    WHERE
      namespace = k8s_core_namespaces.name
      AND context = k8s_core_namespaces.context
      AND (spec_hard->>'requests.cpu') IS NOT NULL
  )
  = 0
  THEN 'fail'
  ELSE 'pass'
  END
    AS status
FROM
  k8s_core_namespaces;

Namespace enforces resource quota memory limits

SELECT
  DISTINCT
  k8s_core_namespaces.uid AS resource_id,
  'Namespace enforces resource quota memory limits' AS title,
  k8s_core_namespaces.context AS context,
  k8s_core_namespaces.name AS namespace,
  k8s_core_namespaces.name AS resource_name,
  CASE
  WHEN (
    SELECT
      count(*)
    FROM
      k8s_core_resource_quotas
    WHERE
      namespace = k8s_core_namespaces.name
      AND context = k8s_core_namespaces.context
      AND (spec_hard->>'limits.memory') IS NOT NULL
  )
  = 0
  THEN 'fail'
  ELSE 'pass'
  END
    AS status
FROM
  k8s_core_namespaces;

Namespace enforces resource quota memory request

SELECT
  DISTINCT
  k8s_core_namespaces.uid AS resource_id,
  'Namespace enforces resource quota memory request' AS title,
  k8s_core_namespaces.context AS context,
  k8s_core_namespaces.name AS namespace,
  k8s_core_namespaces.name AS resource_name,
  CASE
  WHEN (
    SELECT
      count(*)
    FROM
      k8s_core_resource_quotas
    WHERE
      namespace = k8s_core_namespaces.name
      AND context = k8s_core_namespaces.context
      AND (spec_hard->>'requests.memory') IS NOT NULL
  )
  = 0
  THEN 'fail'
  ELSE 'pass'
  END
    AS status
FROM
  k8s_core_namespaces;