Table: k8s_core_limit_ranges

This table shows data for Kubernetes (K8s) Core Limit Ranges.

The primary key for this table is uid.

Columns

NameType
_cq_iduuid
_cq_parent_iduuid
contextutf8
kindutf8
api_versionutf8
nameutf8
namespaceutf8
uid (PK)utf8
resource_versionutf8
generationint64
deletion_grace_period_secondsint64
labelsjson
annotationsjson
owner_referencesjson
finalizerslist<item: utf8, nullable>
spec_limitsjson

Example Queries

These SQL queries are sampled from CloudQuery policies and are compatible with PostgreSQL.

Namespaces CPU default resource limit

WITH
  default_cpu_limits
    AS (
      SELECT
        context, namespace, value->'default'->>'cpu' AS default_cpu_limit
      FROM
        k8s_core_limit_ranges
        CROSS JOIN jsonb_array_elements(k8s_core_limit_ranges.spec_limits)
    )
INSERT
INTO
  k8s_policy_results
    (
      resource_id,
      execution_time,
      framework,
      check_id,
      title,
      context,
      namespace,
      resource_name,
      status
    )
SELECT
  uid AS resource_id,
  'Namespaces CPU default resource limit' AS title,
  context AS context,
  name AS namespace,
  name AS resource_name,
  CASE
  WHEN (
    SELECT
      count(default_cpu_limit)
    FROM
      default_cpu_limits
    WHERE
      namespace = k8s_core_namespaces.name
      AND context = k8s_core_namespaces.context
  )
  = 0
  THEN 'fail'
  ELSE 'pass'
  END
    AS status
FROM
  k8s_core_namespaces;

Namespaces CPU request resource quota

WITH
  default_request_cpu_limits
    AS (
      SELECT
        context,
        namespace,
        value->'default_request'->>'cpu' AS default_request_cpu_limit
      FROM
        k8s_core_limit_ranges
        CROSS JOIN jsonb_array_elements(k8s_core_limit_ranges.spec_limits)
    )
INSERT
INTO
  k8s_policy_results
    (
      resource_id,
      execution_time,
      framework,
      check_id,
      title,
      context,
      namespace,
      resource_name,
      status
    )
SELECT
  uid AS resource_id,
  'Namespaces CPU request resource quota' AS title,
  context AS context,
  name AS namespace,
  name AS resource_name,
  CASE
  WHEN (
    SELECT
      count(default_request_cpu_limit)
    FROM
      default_request_cpu_limits
    WHERE
      namespace = k8s_core_namespaces.name
      AND context = k8s_core_namespaces.context
  )
  = 0
  THEN 'fail'
  ELSE 'pass'
  END
    AS status
FROM
  k8s_core_namespaces;

Namespaces Memory default resource limit

WITH
  default_memory_limits
    AS (
      SELECT
        context, namespace, value->'default'->>'memory' AS default_memory_limit
      FROM
        k8s_core_limit_ranges
        CROSS JOIN jsonb_array_elements(k8s_core_limit_ranges.spec_limits)
    )
INSERT
INTO
  k8s_policy_results
    (
      resource_id,
      execution_time,
      framework,
      check_id,
      title,
      context,
      namespace,
      resource_name,
      status
    )
SELECT
  uid AS resource_id,
  'Namespaces Memory default resource limit' AS title,
  context AS context,
  name AS namespace,
  name AS resource_name,
  CASE
  WHEN (
    SELECT
      count(default_memory_limit)
    FROM
      default_memory_limits
    WHERE
      namespace = k8s_core_namespaces.name
      AND context = k8s_core_namespaces.context
  )
  = 0
  THEN 'fail'
  ELSE 'pass'
  END
    AS status
FROM
  k8s_core_namespaces;

Namespaces Memory request resource quota

WITH
  default_request_memory_limits
    AS (
      SELECT
        namespace,
        value->'default_request'->>'memory' AS default_request_memory_limit
      FROM
        k8s_core_limit_ranges
        CROSS JOIN jsonb_array_elements(k8s_core_limit_ranges.spec_limits)
    )
INSERT
INTO
  k8s_policy_results
    (
      resource_id,
      execution_time,
      framework,
      check_id,
      title,
      context,
      namespace,
      resource_name,
      status
    )
SELECT
  uid AS resource_id,
  'Namespaces Memory request resource quota' AS title,
  context AS context,
  name AS namespace,
  name AS resource_name,
  CASE
  WHEN (
    SELECT
      count(default_request_memory_limit)
    FROM
      default_request_memory_limits
    WHERE
      namespace = k8s_core_namespaces.name
      AND context = k8s_core_namespaces.context
  )
  = 0
  THEN 'fail'
  ELSE 'pass'
  END
    AS status
FROM
  k8s_core_namespaces;