Querying Use Cases
The Configuration Query Language (CQL) in Mantis provides powerful capabilities for analyzing and managing your infrastructure configurations. Here are key use cases where CQL proves invaluable:
Security Analysis
CQL helps identify potential security vulnerabilities in your infrastructure:
from: "service[string]"
select: [""]
where: {
"image": "^vulnerable-." // Find vulnerable images
// OR
"image.tag": "^.-cve-." // Find images with CVE tags
}
Resource Management
Resource Consumption Analysis
Track high-resource consumers across your infrastructure:
from: "service[string]"
select: ["resources", "namespace"]
where: {
"namespace": "production"
"resources.requests.memory": "^[1-9][0-9]*Gi$" // High memory requests
}
Resource Misconfiguration Detection
Identify potential resource misconfigurations:
from: "service[string]"
select: ["resources"]
where: {
"resources.requests.cpu": "^[0-9]*m$" // CPU in millicores
"resources.limits.cpu": "^[1-9][0-9]*$" // High CPU limit
}
High Availability Verification
Ensure proper replica placement and redundancy:
from: "service[string]"
select: ["topology"]
where: {
"node": ".*-zone-a" // Check zone placement
"replicas": "^[1-9][0-9]*$" // Multiple replicas
}
Change Impact Analysis
Dependency Tracking
Find resources depending on specific components:
from: "resource[string]"
select: ["*"]
where: {
"depends_on": ".*redis-cache.*" // Find Redis dependencies
}
Configuration Drift Detection
Compare configurations across environments:
from: "service[string]"
select: [
"name",
"replicas",
"env"
]
where: {
"replicas": "3" // Expected replica count
}
Resource Ownership and Management
Track resources by team or application:
from: "service[string]"
select: ["metadata"]
where: {
"metadata.labels.app": "frontend"
"metadata.labels.team": "platform"
}
Key Benefits
- Enhanced Security: Quickly identify potential security risks and vulnerabilities
- Resource Optimization: Track and optimize resource usage across your infrastructure
- Change Management: Assess the impact of changes before implementation
- Compliance: Ensure configurations meet organizational standards
- Operational Efficiency: Streamline infrastructure management tasks
Best Practices
- Use consistent naming patterns for resources
- Include comprehensive metadata in resource definitions
- Document dependencies explicitly
- Tag resources with ownership and criticality information
- Regularly audit configurations using CQL queries