CRD Commands¶
Comprehensive guide for working with Custom Resource Definitions (CRDs) using K8s Inventory CLI.
Overview¶
The CRD commands provide powerful capabilities to discover, analyze, and inventory Custom Resource Definitions in your Kubernetes cluster.
Available Commands¶
List CRDs¶
Display all CRDs in your cluster with comprehensive metadata:
Filtering Options¶
Filter CRDs by API group:
k8s-datamodel crd list --group networking.k8s.io
k8s-datamodel crd list --group operators.coreos.com
Filter by resource kind:
Filter by scope (Namespaced/Cluster):
Get CRD Details¶
Retrieve detailed information about a specific CRD:
This command provides: - Complete CRD specification - All available versions - Conversion strategy - Storage version - Categories and short names - Age and creation timestamp
Count CRD Instances¶
Count how many custom resource instances exist for each CRD:
With filtering:
CRD Analysis Process¶
flowchart LR
subgraph "Discovery Phase"
API["⚡ K8s API"]
FETCH["📥 Fetch CRDs"]
FILTER["🔍 Apply Filters"]
end
subgraph "Analysis Phase"
PARSE["🔍 Parse Spec"]
FRAMEWORK["🏷️ Detect Framework"]
CATEGORIZE["📊 Categorize"]
COUNT["🔢 Count Instances"]
end
subgraph "Output Phase"
FORMAT["🎨 Format Results"]
DISPLAY["💻 Display"]
EXPORT["📁 Export"]
end
API --> FETCH
FETCH --> FILTER
FILTER --> PARSE
PARSE --> FRAMEWORK
FRAMEWORK --> CATEGORIZE
CATEGORIZE --> COUNT
COUNT --> FORMAT
FORMAT --> DISPLAY
FORMAT --> EXPORT
style API fill:#fff3e0
style DISPLAY fill:#e8f5e8
style EXPORT fill:#e8f5e8Understanding CRD Information¶
Framework Detection¶
K8s Inventory CLI automatically detects how CRDs were deployed:
- Helm: CRDs installed via Helm charts
- OLM: CRDs managed by Operator Lifecycle Manager
- Manual: CRDs applied directly via kubectl/API
CRD Categories¶
CRDs are automatically categorized based on their metadata: - API extensions - Networking resources - Security policies - Storage classes - Monitoring resources
Instance Analysis¶
The tool can analyze actual custom resource instances: - Count instances per namespace - Identify unused CRDs - Track resource creation patterns - Monitor resource age distribution
CRD Relationship Mapping¶
erDiagram
CRD ||--o{ CUSTOM_RESOURCE : "defines"
CRD ||--|| OPERATOR : "managed_by"
CRD {
string name
string group
string kind
string scope
string framework
int instance_count
}
CUSTOM_RESOURCE {
string name
string namespace
string status
datetime created
}
OPERATOR {
string name
string namespace
string framework
string health_status
int replicas
}
NAMESPACE ||--o{ CUSTOM_RESOURCE : "contains"
NAMESPACE {
string name
string status
}
FRAMEWORK ||--o{ CRD : "deploys"
FRAMEWORK {
string name
string description
}Advanced Filtering¶
Multiple Filters¶
Combine multiple filters for precise results:
Pattern Matching¶
Use wildcards in group names:
Output Formats¶
All CRD commands support multiple output formats:
Table Format (Default)¶
Human-readable grid with key information.Rich Format¶
Enhanced terminal output with colors and styling.JSON Format¶
Machine-readable format perfect for scripting.YAML Format¶
Structured format for configuration management.Use Cases¶
Cluster Migration Planning¶
# Identify all CRDs that need to be migrated
k8s-datamodel crd list --output yaml > crds-inventory.yaml
# Check which CRDs have active instances
k8s-datamodel crd count --output json > crd-usage.json
Security Auditing¶
# List all cluster-scoped CRDs (potential security impact)
k8s-datamodel crd list --scope Cluster
# Find CRDs from specific vendors
k8s-datamodel crd list --group "*.example.com"
Operator Management¶
# Find all OLM-managed CRDs
k8s-datamodel crd list | grep "OLM"
# Analyze CRDs by framework
k8s-datamodel crd list --output json | jq '.[] | select(.framework == "Helm")'
Cleanup Operations¶
# Find CRDs with zero instances
k8s-datamodel crd count | grep "0 instances"
# Identify old/deprecated CRDs
k8s-datamodel crd list | sort -k6 # Sort by age
Troubleshooting¶
Permission Issues¶
If you encounter permission errors:
# Test cluster connection
k8s-datamodel cluster test-connection
# Check your RBAC permissions
kubectl auth can-i get customresourcedefinitions
Large Clusters¶
For clusters with many CRDs, use filtering to improve performance:
Output Formatting¶
Use --verbose flag for debugging:
Integration Examples¶
CI/CD Pipeline Integration¶
#!/bin/bash
# Export CRD inventory for compliance reporting
k8s-datamodel crd list --output json > artifacts/crd-inventory.json
# Check for unauthorized CRDs
UNAUTHORIZED=$(k8s-datamodel crd list --group "untrusted.com" --output json)
if [[ "$UNAUTHORIZED" != "[]" ]]; then
echo "Unauthorized CRDs detected!"
exit 1
fi
Monitoring Integration¶
# Generate metrics for monitoring systems
k8s-datamodel crd count --output json | \
jq -r '.[] | "\(.name) \(.instance_count)"' | \
while read name count; do
echo "crd_instances{name=\"$name\"} $count"
done
Related Commands¶
- Operators: Find operators managing these CRDs
- Cluster Operations: Full cluster inventory including CRDs
- Output Formats: Detailed format specifications