Querying Use Cases
The Configuration Query Language (CQL) in Mantis provides powerful capabilities for analyzing and managing your infrastructure configurations. Here are key use cases where CQL proves invaluable:
Resource Management
Resource Consumption Analysis
Track high-resource consumers across your infrastructure:
from: "service[string]"
select: ["resources", "namespace"]
where: {
"namespace": "production"
"resources.requests.memory": "^[1-9][0-9]*Gi$" // High memory requests
}
Resource Misconfiguration Detection
Identify potential resource misconfigurations:
from: "service[string]"
select: ["resources"]
where: {
"resources.requests.cpu": "^[0-9]*m$" // CPU in millicores
"resources.limits.cpu": "^[1-9][0-9]*$" // High CPU limit
}
High Availability Verification
Ensure proper replica placement and redundancy:
from: "service[string]"
select: ["topology"]
where: {
"node": ".*-zone-a" // Check zone placement
"replicas": "^[1-9][0-9]*$" // Multiple replicas
}
Change Impact Analysis
Dependency Tracking
Find resources depending on specific components:
from: "resource[string]"
select: ["*"]
where: {
"depends_on": ".*redis-cache.*" // Find Redis dependencies
}
Configuration Drift Detection
Compare configurations across environments:
from: "service[string]"
select: [
"name",
"replicas",
"env"
]
where: {
"replicas": "3" // Expected replica count
}
Resource Ownership and Management
Track resources by team or application:
from: "service[string]"
select: ["metadata"]
where: {
"metadata.labels.app": "frontend"
"metadata.labels.team": "platform"
}
Security Remediation
Immediate Threat Assessment
Problem: When security threats are detected, engineers need to quickly assess infrastructure for misconfigurations or vulnerable resources.
Solution: CQL enables rapid querying of security-related configurations:
from: "service[string]"
select: ["name", "securityGroup", "publicAccess"]
where: {
"publicAccess": "true"
}
This query identifies all services with public access enabled, providing immediate visibility into potential exposure points.
Misconfiguration Detection and Validation
Problem: Security vulnerabilities often stem from misconfigurations like overly permissive IAM roles.
Solution: Use CQL to validate configurations against security policies:
from: "iamRole[string]"
select: ["name", "permissions"]
where: {
"permissions": ".*admin.*"
}
Key Benefits
- Enhanced Security: Quickly identify potential security risks and vulnerabilities
- Resource Optimization: Track and optimize resource usage across your infrastructure
- Change Management: Assess the impact of changes before implementation
- Compliance: Ensure configurations meet organizational standards
- Operational Efficiency: Streamline infrastructure management tasks
Best Practices
- Use consistent naming patterns for resources
- Include comprehensive metadata in resource definitions
- Document dependencies explicitly
- Tag resources with ownership and criticality information
- Regularly audit configurations using CQL queries