Hey Folks when working with kubernetes i always used docker tables, but long time ago i saw this kube-query , is there any plans for osquery to have kubernetes specific tables ? Thanks

See if this works for you: https://github.com/Uptycs/kubequery/

Thanks a lot, is there a process for good extensions to be added to native osquery ? or how to bundle that with osquery agent when deployed

^^ kubequery is not meant to be deployed along with Osquery on every k8s worker node. You just need one container/pod deployed per cluster irrespective of cluster size. As for adding extensions natively to Osquery, I am assuming you are referring to packaging extensions and not making extension functionality part of Osquery core. You can include any extension that is already built using flags: https://osquery.readthedocs.io/en/stable/deployment/extensions/

oh ok, so with kubequery, that would be a pod per cluster not the agent deployed to the node itself, thanks for clarifying that. i thought that extensions would be part of Osquery core after tests/endorsements. thanks a lot.

Don't think it will ever be a part of Osquery core 🙂