Kubernetes Discovery
Discover Kubernetes resources including deployments, services, pods, ingresses, config maps, and their relationships.
Overview
The Kubernetes plugin discovers resources from one or more clusters using the Kubernetes API. It supports in-cluster authentication (when running inside a pod) and kubeconfig-based authentication (for external runs).
Configuration
discovery:
plugins:
- name: "kubernetes"
enabled: true
config:
kubeconfig: "" # empty = in-cluster or default kubeconfig
contexts: [] # empty = current contextLeave kubeconfig empty to use the default~/.kube/config or in-cluster config when running in a pod. Specify contexts to discover from multiple clusters.
Easiest First Run
If you have a working kubeconfig, the Kubernetes plugin works with zero configuration. Just enable it and run discovery.
Discovered Resource Types
| Type | Description |
|---|---|
k8s.namespace | Namespaces |
k8s.deployment | Deployments |
k8s.stateful_set | StatefulSets |
k8s.daemon_set | DaemonSets |
k8s.pod | Individual pods |
k8s.service | Services (ClusterIP, NodePort, LoadBalancer) |
k8s.ingress | Ingress resources |
k8s.config_map | ConfigMaps |
k8s.secret | Secrets (metadata only, values not stored) |
k8s.persistent_volume_claim | PVCs |
k8s.persistent_volume | PVs |
k8s.cron_job | CronJobs |
k8s.network_policy | NetworkPolicies |
Relationships Discovered
The plugin automatically maps relationships between resources:
ServiceROUTES_TODeploymentIngressROUTES_TOServiceDeploymentRUNS_ONPodPodDEPENDS_ONPVCNamespaceOWNSDeployment
RBAC Permissions
When running in-cluster, create a ServiceAccount with read-only access:
apiVersion: v1
kind: ServiceAccount
metadata:
name: knowledge-tree
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: knowledge-tree-discovery
rules:
- apiGroups: ["", "apps", "batch", "networking.k8s.io"]
resources: ["*"]
verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: knowledge-tree-discovery
subjects:
- kind: ServiceAccount
name: knowledge-tree
roleRef:
kind: ClusterRole
name: knowledge-tree-discovery
apiGroup: rbac.authorization.k8s.io