> For the complete documentation index, see [llms.txt](https://resmocom.gitbook.io/product/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://resmocom.gitbook.io/product/integrations/kubernetes-integration.md).
# Kubernetes Integration
## Resmo + Kubernetes Integration Fundamentals
Resmo seamlessly integrates with [Kubernetes](https://kubernetes.io/) to ensure your resources stay secure and compliant.
### What does Resmo offer to Kubernetes users?
* Collect and monitor all your Kubernetes resources in one place
* Run automated audits with predefined or custom rules
* Set up notification rules to get alerted on rule violation
* Query your assets and receive instant answers
* Use the Best Practices pack to check your Kubernetes security and compliance posture.
### How does the integration work?
Resmo Kubernetes Integration collects resources by establishing a trust relationship in your cluster. After you copy and paste the YAML specified in the [How to install section](#how-to-install) to your Kubernetes cluster, a CronJob starts operating periodically. Once triggered, it sends requests to our servers, pulling resources inside the cluster. Then, we process them on the server. The app operating in your Kubernetes cluster is provided as a docker image without any authorization limits. Resmo performs the resource validation with a unique IngestKey. Note: An IngestKey is different for each integration.
* YAML
* IngestKey
### Available resources
Resmo Kubernetes integration aggregates deployments, jobs, pods, cluster roles, services, and more.
{% embed url="" %}
### Common queries and rules
* List job containers without livenessProbe.
* Find deployment containers with privilege escalation.
* See Kubernetes services with NodePort and LoadBalancer type.
* Find pod containers with privileged ports.
* List replicaset in default namespace.
* Identify cronjob containers without a memory limit.
### Integration walkthrough
#### How to install
1. Apply the following YAML to your Kubernetes cluster:
```
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: resmo-data-collector
spec:
schedule: "*/30 * * * *"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
spec:
backoffLimit: 2
template:
metadata:
name: resmo-data-collector
spec:
restartPolicy: Never
serviceAccountName: resmo-data-collector-service-account
containers:
- name: resmo-data-collector
image: resmoio/resmo-kubernetes-agent:0.0.1
imagePullPolicy: IfNotPresent
env:
- name: RESMO_KUBERNETES_ENDPOINT
value: "https://id.resmo.app/integration/kubernetes/ingest"
- name: RESMO_INGEST_KEY
value: "f039650b-6410-4cf1-93d9-5cf240b6ba62"
resources:
limits:
cpu: "300m"
memory: "200Mi"
requests:
cpu: "200m"
memory: "100Mi"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: resmo-data-collector-role
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- persistentvolumeclaims
- persistentvolumeclaims/status
- pods
- replicationcontrollers
- replicationcontrollers/scale
- serviceaccounts
- services
- services/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- bindings
- events
- limitranges
- namespaces/status
- pods/log
- pods/status
- replicationcontrollers/status
- resourcequotas
- resourcequotas/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- controllerrevisions
- daemonsets
- daemonsets/status
- deployments
- deployments/scale
- deployments/status
- replicasets
- replicasets/scale
- replicasets/status
- statefulsets
- statefulsets/scale
- statefulsets/status
verbs:
- get
- list
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
- horizontalpodautoscalers/status
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
- cronjobs/status
- jobs
- jobs/status
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- daemonsets
- daemonsets/status
- deployments
- deployments/scale
- deployments/status
- ingresses
- ingresses/status
- networkpolicies
- replicasets
- replicasets/scale
- replicasets/status
- replicationcontrollers/scale
verbs:
- get
- list
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
- poddisruptionbudgets/status
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
- ingresses/status
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- get
- list
- watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: resmo-data-collector-service-account
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: resmo-data-collector-role-binding
subjects:
- kind: ServiceAccount
name: resmo-data-collector-service-account
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: resmo-data-collector-role
```
2\. Log in to your Resmo account and navigate to the Integrations page.
3. Select Kubernetes and click the Add Integration button from the bottom right corner of the opening modal.
4. Paste your Ingest Key into the related field. (Ingest Key is used as a secret for authentication.)
5. Hit the Create button, and you can start querying your Kubernetes resources!
#### How to uninstall
1. Log in to your Resmo account.
2. Navigate to Integrations and select Kubernetes. Go to the Connected Integrations tab from the opening modal and select the one you want to remove.
3. To temporarily pause the integration, click Disable. To remove it permanently, click Delete.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://resmocom.gitbook.io/product/integrations/kubernetes-integration.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.