Plugin details | |
Created by | Spotify |
Category | Monitoring |
Source | GitHub |
Type | Open-source plugin |
Application configuration YAML
The plugin supports two types of application configuration, which needs to be updated by the user in the Configurations
Authentication using a Kubernetes service account (default)
type: "multiTenant"
- type: "config"
- url: "<your-base-url>"
name: "<your-cluster-name>"
authProvider: "serviceAccount"
skipTLSVerify: true
skipMetricsLookup: false
serviceAccountToken: ${K8S_SA_TOKEN}
Authentication using Google Cloud Platform (GCP) credentials.
type: "multiTenant"
- type: "config"
- url: "<your-base-url>"
name: "<your-cluster-name>"
authProvider: "google"
skipTLSVerify: true
skipMetricsLookup: false
In both cases, replace <your-base-url>
with the base URL of the target cluster. Replace <your-cluster-name>
with a name that identifies the target cluster.
If you are using a service account to authenticate, ensure that a secret variable K8S_SA_TOKEN
is set with the Kubernetes service account key.
Please make sure, the Service Account
token generated above must have a ClusterRole
with permissions as mentioned below in the example reference YAML.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
name: idp-clusterrole
namespace: <namespace_name>
- apiGroups: [""]
resources: ["pods", "services", "configmaps", "namespaces", "limitranges"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
resources: ["deployments", "replicasets", "statefulsets","daemonsets"]
verbs: ["get", "list", "watch"]
- apiGroups: ["batch"]
resources: ["jobs", "cronjobs"]
verbs: ["get", "list", "watch"]
- apiGroups: ["metrics.k8s.io"]
resources: ["pods"]
verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses", "networkpolicies"]
verbs: ["get", "list", "watch"]
- apiGroups: ["autoscaling"]
resources: ["horizontalpodautoscalers"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get", "list"]
If you are using GCP credentials to authenticate, you do not have to add a variable. Instead, configure the Google OAuth provider on the OAuth Configurations page to enable the plugin to use the logged-in user's credentials when making requests.
Delegate proxy
If the target cluster is on a private network, ensure that you include the host portion of the cluster's base URL in this section. If the cluster is not on a private network, skip this section.
After adding the host, you can select one or more delegates that have access to the host. If you leave the delegate selectors field empty, it is assumed that all delegates in the account have access to the host/cluster.
When adding the host, include only the host name. Remove the protocol (HTTP/HTTPS) and any port number associated with it.
This plugin exports a UI tab that you can use as a new Kubernetes tab for a service or for any other layout page. Go to Admin > Layout, select Service in the dropdown menu. and then add the following in a new Kubernetes section:
- name: kubernetes
path: /kubernetes
title: Kubernetes
- component: EntityKubernetesContent