Skip to main content

Overview

The Kubernetes integration enables Steadwing to access cluster information, pod status, logs, and events from your Kubernetes clusters. During root cause analysis, Steadwing analyzes pod health, resource utilization, and deployment states to identify infrastructure-related issues that correlate with production incidents.

Why Use Kubernetes with Steadwing?

Pod Monitoring

Track pod status, restarts, and failures during incidents

Log Analysis

Access and analyze pod logs to identify error patterns

Resource Tracking

Monitor cluster resource usage and capacity issues

Event Correlation

Connect Kubernetes events to incident timing for better context

Setup Instructions

Choose your platform and copy-paste the complete command block: 
# 1. Connect to your EKS cluster (replace with your values)
aws eks update-kubeconfig --name YOUR_CLUSTER_NAME --region YOUR_REGION

# 2. Create read-only service account and permissions
kubectl apply -f - <<EOF
apiVersion: v1
kind: Namespace
metadata:
  name: steadwing
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: steadwing-readonly
  namespace: steadwing
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: steadwing-readonly
rules:
  - apiGroups: [""]
    resources: ["pods", "pods/log", "events", "nodes", "namespaces", "services", "endpoints"]
    verbs: ["get", "list"]
  - apiGroups: ["apps"]
    resources: ["deployments", "replicasets", "statefulsets", "daemonsets"]
    verbs: ["get", "list"]
  - apiGroups: ["batch"]
    resources: ["jobs", "cronjobs"]
    verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: steadwing-readonly-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: steadwing-readonly
subjects:
  - kind: ServiceAccount
    name: steadwing-readonly
    namespace: steadwing
EOF

# 3. Generate the kubeconfig file
sleep 3
CLUSTER_NAME=$(kubectl config view --minify -o jsonpath='{.clusters[0].name}')
CLUSTER_SERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
CLUSTER_CA=$(kubectl config view --minify --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}')
TOKEN=$(kubectl create token steadwing-readonly -n steadwing --duration=87600h)

cat > steadwing-kubeconfig.yaml <<EOF
apiVersion: v1
kind: Config
clusters:
- cluster:
    certificate-authority-data: ${CLUSTER_CA}
    server: ${CLUSTER_SERVER}
  name: ${CLUSTER_NAME}
contexts:
- context:
    cluster: ${CLUSTER_NAME}
    namespace: default
    user: steadwing-readonly
  name: steadwing-readonly@${CLUSTER_NAME}
current-context: steadwing-readonly@${CLUSTER_NAME}
users:
- name: steadwing-readonly
  user:
    token: ${TOKEN}
EOF

echo "Done! Your kubeconfig file is ready: steadwing-kubeconfig.yaml"
cat steadwing-kubeconfig.yaml
Next: Copy the entire output and upload it to Steadwing, or upload the steadwing-kubeconfig.yaml file.

Upload to Steadwing

After running the commands above:
  1. Option A: Copy the entire YAML output from your terminal
  2. Option B: Use the generated file steadwing-kubeconfig.yaml
  3. Go to IntegrationsKubernetesConnect
  4. Upload or paste the kubeconfig content
  5. Done!

What This Creates

  • Read-only service account (can only view, cannot modify)
  • Token valid for 10 years
  • Access to view: pods, logs, events, deployments, jobs
  • Isolated in steadwing namespace
  • Works with all Kubernetes versions 1.22+

How Kubernetes Integration Works

Data Collection

Steadwing queries Kubernetes for:
  • Pod Status - Running, pending, failed, and crashed pods
  • Pod Logs - Container logs for error analysis
  • Events - Cluster events related to scheduling, scaling, and failures
  • Deployments - Deployment status and replica counts
  • Resource Usage - Node and pod resource allocation

Root Cause Analysis

When analyzing an incident, Steadwing:
  1. Identifies the incident time window
  2. Queries pod status and events during that period
  3. Retrieves relevant pod logs for error patterns
  4. Detects pod restarts, OOMKills, and failures
  5. Correlates Kubernetes events with incident timing
  6. Includes cluster insights in the RCA report

Configuration

Required Permissions

The service account has read-only access to:
  • pods, pods/log - View pods and their logs
  • events - Read cluster events
  • nodes, namespaces, services, endpoints - View cluster resources
  • deployments, replicasets, statefulsets, daemonsets - View workload status
  • jobs, cronjobs - View batch workloads

Security

  • Read-only access only - no write or delete permissions
  • Scoped to cluster-wide read access
  • Token-based authentication
  • Token expiration set to 1 year (renewable)

Uninstall

To remove the Steadwing integration from your cluster: 
kubectl delete namespace steadwing
kubectl delete clusterrole steadwing-readonly
kubectl delete clusterrolebinding steadwing-readonly-binding

FAQs

The integration works with Kubernetes 1.22 and later. It’s compatible with all major distributions including EKS, GKE, AKS, and self-hosted clusters.
No, Steadwing only has read access. It can view pods, logs, and events but cannot create, modify, or delete any resources in your cluster.
The token is generated with a 10-year (87600 hours) validity period. You’ll need to regenerate it after expiration by running the setup script again.
The integration will stop working. You’ll need to run the setup script again to recreate the service account and generate a new kubeconfig file.
Yes! Run the setup script for each cluster. Each cluster will generate its own kubeconfig file that you can upload separately to Steadwing.
Yes, as long as Steadwing can reach the cluster’s API server endpoint. For private clusters, you may need to configure network access or use a VPN.
Need additional help? Please reach out to us at [email protected]