Kubernetes

The Tempest Kubernetes App enables management of Kubernetes applications and resources, with capabilities for both new deployments and importing existing resources for centralized management. For detailed information about each resource, see the Resources section below.

Authentication

Currently supports public Kubernetes clusters via kubeconfig. Support for private clusters coming soon.

Kubeconfig Authentication

Prerequisites

Cluster API must be publicly accessible (typical for GKE and EKS clusters)
Dedicated service account with long-lived token

Generate Kubeconfig for Tempest

Create Service Account

apiVersion: v1
kind: ServiceAccount
metadata:
  name: <service_account_name>
  namespace: <your_namespace>

Apply with: kubectl apply -f sa.yaml

Create Service Account Token

apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
  name: <token_name>
  namespace: <your_namespace>
  annotations:
    kubernetes.io/service-account.name: <service_account_name>

Apply with: kubectl apply -f sa_token.yaml

Bind to Cluster Role

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: <service_account_name>
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: <service_account_name>
    namespace: <your_namespace>

Apply with: kubectl apply -f crb.yaml

Get Token

Retrieve token: kubectl get secret <token_name> -o jsonpath='{.data.token}' | base64 --decode

Create Kubeconfig

apiVersion: v1
clusters:
  - cluster: { your_cluster_information }
    name: <your_cluster_name>
contexts:
  - context:
      cluster: <your_cluster_name>
      user: <service_account_name>
    name: <your_cluster_name>
current-context: <your_cluster_name>
kind: Config
preferences: {}
users:
  - name: <service_account_name>
    user:
      token: <token_data>

Connect to Tempest

Access Recipes

Navigate to Recipes and create or select a recipe

Add Kubernetes Resource

Add or select a Kubernetes resource

Link Credentials

Click “Add credentials” then “+Link credentials”

Select Kubeconfig

Choose “Kubeconfig” authentication

Name Credentials

Enter an identifier for these credentials

Upload Configuration

Upload your kubeconfig file

Resources

Application

Deploy containerized applications in Kubernetes. Configuration options:

Name and image specification
Gateway class selection
Resource allocation:
CPU (100m-1)
Memory (256Mi-2Gi)
Storage (1Gi-10Gi)
Replica count
Port configuration

Properties:

Namespace location
Resource relationships
Primary address

Importable Resources

Tempest can import existing Kubernetes resources for centralized management:

ConfigMaps
Deployments
Gateways
Ingresses
Replicasets
Secrets
Services

Properties for imported resources:

Resource name
Namespace
Configuration data (except Secrets)
Resource relationships

Get Started

App Directory

Authentication

Kubeconfig Authentication

Resources

Application

Importable Resources

Get Started

App Directory

​Authentication

​Kubeconfig Authentication

​Resources

​Application

​Importable Resources

Authentication

Kubeconfig Authentication

Resources

Application

Importable Resources