Workloads & Resources
Browse, scale, restart, apply, and delete every kind of Kubernetes resource — all through one auditable GraphQL surface.
Resource Coverage
The subsystem ships pages for every core Kubernetes kind operators routinely touch. Each list is namespace-scoped (with an "all namespaces" view), filterable, and refreshes against the live cluster on demand.
| Page | Resources |
|---|---|
| Overview | Cluster-level dashboard — stat tiles, node fleet grid, recent events. |
| Workloads | Deployments, StatefulSets, DaemonSets, ReplicaSets, Jobs, CronJobs. Coarse health badges, replica ratios, restart counts. |
| Pods | Flat list across all namespaces. Click into a pod for tabs covering Overview, Logs (live), Events, and Manifest. |
| Nodes | Node fleet with status, taints, kubelet version, capacity bars. Per-node drawer for cordon/drain (planned). |
| Events | Cluster-wide event log with level filter (info / warn / error) and namespace scoping. |
| Networking | Services, Ingresses, NetworkPolicies. |
| Gateway API | GatewayClasses, Gateways, HTTPRoutes. Gracefully shows an empty state on clusters where the Gateway API CRDs aren't installed. |
| Config & Secrets | ConfigMaps and Secrets. Secret values are masked by default with explicit reveal. |
| Storage | PersistentVolumes, PersistentVolumeClaims, StorageClasses. |
| Namespaces | Card grid with workload/pod/service counts. Create new namespaces inline. |
| Custom Resources | Every CRD installed on the cluster, grouped by API group. Drill into instances to view manifests. |
| Access Control | Roles, ClusterRoles, RoleBindings, ClusterRoleBindings, ServiceAccounts. |
| cert-manager / Cilium / CloudNativePG | Operator-aware UIs with native columns (cert expiry, network policy verdicts, CNPG primary/replica topology). |
Resource Mutations
Every page supports the actions an operator would normally run with kubectl:
- Apply Manifest — paste a multi-document YAML, optionally run a server-side
--dry-runfirst to preview which resources would be applied. The result includes per-resource success/failure status. - Scale Workload — change a Deployment / StatefulSet / ReplicaSet replica count. Returns the updated workload synchronously; live transitions stream through the
k8sWorkloadStatussubscription. - Restart Workload — rolling restart by patching the pod template's
kubectl.kubernetes.io/restartedAtannotation. Same semantics askubectl rollout restart. - Delete Resource — delete any resource by GVK + name + namespace. The studio wraps destructive deletes in a typed-confirm modal.
- Create Namespace — with optional labels (JSON).
Per-Resource YAML
Every detail page has a Manifest tab that fetches the full YAML for the resource via a single GraphQL yaml(cluster, kind, group, name, namespace) field. The implementation uses fabric8's generic resource API so it covers built-in kinds and any CRD instance without per-kind wiring. Managed-fields are intentionally not stripped — admins routinely want to see which controller wrote which field as a drift signal.
Audit and Authorization
Every read and every mutation passes a three-layer admin check before reaching the cluster: at the GraphQL resolver, at the kubernetes-controller HTTP route, and at the fabric8 caller. See Security Model for details on the authorization model and what gets logged.