Skip to content
Request Your Demo

Add K8s Cluster Data To Your osquery Deployment

kubequery Augments Container Runtime With Kubernetes Cluster Data

osquery can do many things, but it lacks visibility into K8s pod security policies, network policies, roles and bindings. For security and DevOps teams using osquery and Kubernetes, kubequery is an open source solution that combines container runtime with K8s cluster telemetry for enhanced security observability. kubequery runs as an extension to osquery and leverages the power of normalization so that new insights across your container deployments are just a SQL JOIN away.

kubequery Empowers Security and DevOps Teams To:

  • Identify privileged containers
  • Inventory active Kubernetes pods
  • Monitor pod security policies
  • Reconstruct the state of a cluster at a historical point in time
  • Conform to CIS Benchmark compliance standards
  • Perform real-time investigations and root cause analysis

kubequery-how it works

How kubequery Works

kubequery is installed as a kubernetes Deployment and runs as a non-root user. There is only one container of kubequery running per K8S cluster.

Once installed, kubequery communicates with a K8s API server to retrieve necessary K8s objects.

  • Its provisioned role and secret allows kubequery to make get, list and watch API calls.
  • When a kubernetes table is queried, osquery passes the call to kubequery to retrieve necessary K8s objects and details.
  • Kubequery converts that information from JSON format to structured SQL and delivers to whichever destination — files, sockets, Kineses, Kafka, etc that osquery is configured for.
  • All K8s API resources and K8s versions are supported along with generic Kubernetes , Red Hat OpenShift , AWS EKS , Google Cloud GKE , Azure AKS , etc.

Learn More & Contribute To kubequery

You can explore details, test & install kubequery, or submit a contribution by visiting the kubequery repository on GitHub. Read more about kubequery from one of its developers in this blog article. Uptycs engineering resources are dedicated to advancing kubequery’s open source capabilities along with meaningful contributions from the developer community. Near-term improvements will focus on Istio support, K8s events, the ability to customize osquery functionality to avoid unnecessary flags/tables, and more.

Get kubequery Now

Install kubequery now to augment your existing osquery deployment with K8s cluster data.