Kubernetes Cluster DashboardKubernetes Cluster DetailKubernetes Cluster Role DetailKubernetes Container DashboardKubernetes Container DetailKubernetes CronJob Age ReportKubernetes CronJob DashboardKubernetes CronJob DetailKubernetes CronJob Host Access ReportKubernetes DaemonSet Age ReportKubernetes DaemonSet DashboardKubernetes DaemonSet DetailKubernetes DaemonSet Host Access ReportKubernetes Deployment Age ReportKubernetes Deployment DashboardKubernetes Deployment DetailKubernetes Deployment HA ReportKubernetes Deployment Host Access ReportKubernetes Job Age ReportKubernetes Job DashboardKubernetes Job DetailKubernetes Job Host Access ReportKubernetes Namespace Age ReportKubernetes Namespace DetailKubernetes Namespace ReportKubernetes Node Age ReportKubernetes Node DetailKubernetes Node ReportKubernetes Pod Age ReportKubernetes Pod DashboardKubernetes Pod DetailKubernetes Pod Host Access ReportKubernetes RBAC - Who can delete events?Kubernetes RBAC - Who can delete pods?Kubernetes RBAC - Who can escalate privileges via node/proxy?Kubernetes RBAC - Who can exec into pods?Kubernetes RBAC - Who can read secrets?Kubernetes RBAC ExplorerKubernetes ReplicaSet Age ReportKubernetes ReplicaSet DashboardKubernetes ReplicaSet DetailKubernetes ReplicaSet Host Access ReportKubernetes Role DetailKubernetes Service Account DetailKubernetes Service Age ReportKubernetes Service DashboardKubernetes Service DetailKubernetes StatefulSet Age ReportKubernetes StatefulSet DashboardKubernetes StatefulSet DetailKubernetes StatefulSet Host Access Report
Dashboard: Kubernetes RBAC - Who can delete events?
This dashboard answers the following questions for each cluster:
- Who can delete events?
This dashboard contains 1 graph, 1 input and 1 table.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-kubernetes-insightsStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Kubernetes RBAC - Who can delete events? dashboard.
You could also snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe dashboard run kubernetes_insights.dashboard.rbac_event_delete_report --shareQueries
This dashboard uses the the following queries:
select s ->> 'name' as "Principal", s ->> 'kind' as "Principal Kind", b.name as "Role Binding", role.name as "Role", v as "Verbs", re as "Resources", resource_name as "Resource Names"from kubernetes_cluster_role_binding as b, kubernetes_cluster_role as role, kubernetes_service_account as a, jsonb_array_elements(subjects) as s, jsonb_array_elements(rules) as r, jsonb_array_elements_text(r -> 'resources') as re, jsonb_array_elements_text(r -> 'verbs') as v, jsonb_array_elements_text(coalesce(r -> 'resourceNames', '["*"]'::jsonb)) as resource_namewhere role.name = b.role_name and (s ->> 'kind' <> 'ServiceAccount' or s ->> 'name' in (select name from kubernetes_service_account)) and b.context_name = role.context_name and (v in (select unnest (string_to_array($1, ',')::text[])) or v = '*') and (re in (select unnest (string_to_array($2, ',')::text[])) or re = '*') and b.context_name in (select unnest (string_to_array($3, ',')::text[]))unionselect s ->> 'name' as "Principal", s ->> 'kind' as "Principal Kind", b.name as "Role Binding", role.name as "Role", v as "Verbs", re as "Resources", resource_name as "Resource Names"from kubernetes_role_binding as b, kubernetes_role as role, kubernetes_service_account as a, jsonb_array_elements(subjects) as s, jsonb_array_elements(rules) as r, jsonb_array_elements_text(r -> 'resources') as re, jsonb_array_elements_text(r -> 'verbs') as v, jsonb_array_elements_text(coalesce(r -> 'resourceNames', '["*"]'::jsonb)) as resource_namewhere role.name = b.role_name and (s ->> 'kind' <> 'ServiceAccount' or s ->> 'name' in (select name from kubernetes_service_account)) and b.context_name = role.context_name and (v in (select unnest (string_to_array($1, ',')::text[])) or v = '*') and (re in (select unnest (string_to_array($2, ',')::text[])) or re = '*') and b.context_name in (select unnest (string_to_array($3, ',')::text[]))order by 1;
{ "$1": "verb", "$2": "resource", "$3": "cluster_context"}