Kubernetes
First-class multi-cluster Kubernetes administration inside Bosca Studio — read, write, and stream every resource in your fleet through one auditable console.
What Is Bosca Kubernetes?
Bosca Kubernetes is the platform's built-in cluster administration subsystem. Operators register their existing clusters once — by handing Bosca a kubeconfig — and from then on every workload list, log stream, manifest apply, and helm release runs through the studio. No context-switch to kubectl, no parallel access-control surface, and every action is gated through Bosca's auth pipeline so you have a single audit trail for cluster operations.
The subsystem covers the resources operators actually use day-to-day: deployments and pods, services and ingresses, namespaces, RBAC, custom resources, plus dedicated UIs for Gateway API, cert-manager, Cilium, and CloudNativePG. The Helm lifecycle is end-to-end — browse charts from configured repos, install with a YAML values editor, watch release status transition live, upgrade, roll back, uninstall.
Key Capabilities
| Capability | What It Does |
|---|---|
| Cluster Registration | Register existing clusters by uploading a kubeconfig. Kubeconfigs are encrypted at rest with the platform's standard encryption key and never written to controller disk. |
| Resource Browsing | Read every core kind — workloads (Deployments / StatefulSets / DaemonSets / Jobs / CronJobs), pods, nodes, namespaces, services, ingresses, network policies, ConfigMaps, Secrets, PVCs, StorageClasses, RBAC roles and bindings, plus all CRDs. |
| Resource Mutations | Apply YAML manifests (with server-side dry-run), scale and restart workloads, delete resources, and create namespaces. Every mutation passes a three-layer admin check before reaching the cluster. |
| Helm Lifecycle | Manage Helm repositories, browse charts, install with custom values (dry-run preview supported), watch progress live over WebSocket, upgrade, roll back to any prior revision, and uninstall. |
| Live Streaming | Subscribe to pod logs (with follow-tail, level filter, container picker), event streams, workload status transitions, and helm release status — all over the studio's standard /graphqlws WebSocket transport. |
| Operator-Aware UIs | Dedicated pages for Gateway API (Gateways, HTTPRoutes), cert-manager (Certificates, Issuers), Cilium (CiliumNetworkPolicies), and CloudNativePG. When a CRD isn't installed, the page gracefully renders an empty state rather than erroring. |
| Multi-Cluster | Switch the active cluster from the page header. Every query and subscription is scoped to the selected cluster; switching tears down active watches and re-subscribes against the new target. |
How It Fits Together
The kubernetes subsystem splits across three runtimes:
- Bosca Studio — the Nuxt 4 application users interact with. Lives in
projects/studio/app/pages/kubernetes/; backed by theuseK8s*composables that issue GraphQL queries and subscriptions. - bosca-server — handles the studio's GraphQL endpoint. The
io.bosca:kubernetesmodule registers the resolver layer plus the encrypted kubeconfig storage. Talks to the controller over an internal HTTP + WebSocket transport. - kubernetes-controller — a separate native binary that holds long-lived connections to registered clusters via fabric8, runs the Helm CLI for install/upgrade, and streams logs and events over WebSocket. See Kubernetes Controller for the architecture details.
Getting Started
Start with Cluster Registration to learn how to add your first cluster. From there, the Workloads & Resources and Helm Lifecycle guides cover the day-to-day operator surface, and the Security Model page documents the admin-only gating and credential handling.