The Tempest Kubernetes App enables management of Kubernetes applications and resources, with capabilities for both new deployments and importing existing resources for centralized management.
For detailed information about each resource, see the Resources section below.
Authentication
Currently supports public Kubernetes clusters via kubeconfig. Support for private clusters coming soon.
Kubeconfig Authentication
Cluster API must be publicly accessible (typical for GKE and EKS clusters)
Dedicated service account with long-lived token
Generate Kubeconfig for Tempest
Create Service Account
apiVersion : v1
kind : ServiceAccount
metadata :
name : <service_account_name>
namespace : <your_namespace>
Apply with: kubectl apply -f sa.yaml
Create Service Account Token
apiVersion : v1
kind : Secret
type : kubernetes.io/service-account-token
metadata :
name : <token_name>
namespace : <your_namespace>
annotations :
kubernetes.io/service-account.name : <service_account_name>
Apply with: kubectl apply -f sa_token.yaml
Bind to Cluster Role
apiVersion : rbac.authorization.k8s.io/v1
kind : ClusterRoleBinding
metadata :
name : <service_account_name>
roleRef :
apiGroup : rbac.authorization.k8s.io
kind : ClusterRole
name : cluster-admin
subjects :
- kind : ServiceAccount
name : <service_account_name>
namespace : <your_namespace>
Apply with: kubectl apply -f crb.yaml
Get Token
Retrieve token: kubectl get secret <token_name> -o jsonpath='{.data.token}' | base64 --decode
Create Kubeconfig
apiVersion : v1
clusters :
- cluster : { your_cluster_information }
name : <your_cluster_name>
contexts :
- context :
cluster : <your_cluster_name>
user : <service_account_name>
name : <your_cluster_name>
current-context : <your_cluster_name>
kind : Config
preferences : {}
users :
- name : <service_account_name>
user :
token : <token_data>
Access Recipes
Navigate to Recipes and create or select a recipe
Add Kubernetes Resource
Add or select a Kubernetes resource
Link Credentials
Click “Add credentials” then “+Link credentials”
Select Kubeconfig
Choose “Kubeconfig” authentication
Name Credentials
Enter an identifier for these credentials
Upload Configuration
Upload your kubeconfig file
Resources
Application
Deploy containerized applications in Kubernetes.
Configuration options:
Name and image specification
Gateway class selection
Resource allocation:
CPU (100m-1)
Memory (256Mi-2Gi)
Storage (1Gi-10Gi)
Replica count
Port configuration
Properties:
Namespace location
Resource relationships
Primary address
Importable Resources
Tempest can import existing Kubernetes resources for centralized management:
ConfigMaps
Deployments
Gateways
Ingresses
Replicasets
Secrets
Services
Properties for imported resources:
Resource name
Namespace
Configuration data (except Secrets)
Resource relationships