Skip to content

Actions (initial release)

To allow our users to close the troubleshooting loop through Komodor, we’re adding the ability to perform Actions through the platform.

Using Komodor you can run multiple actions against your resource. You'll be able to easily track what was done and by whom.

Prerequisites

  • Agent version 0.1.104
  • Required permissions (permissions can be modified as needed)
  - apiGroups:
    - apps
    resources:
    - deployments/scale
    - statefulsets/scale
    - deployments
    - replicasets
    - statefulsets
    - daemonsets
    verbs:
    - patch
  - apiGroups:
    - ""
    resources:
    - pods
    verbs:
    - delete
  - apiGroups:
    - batch
    resources:
    - jobs
    verbs:
    - delete
    - create
  - apiGroups:
    - ""
    resources:
    - pods
    - persistentvolumeclaims
    - configmaps
    - services
    - persistentvolumes
    - storageclasses
    verbs:
    - delete
    - patch
    - update
    - create
  - apiGroups:
    - apps
    resources:
    - replicasets
    - deployments
    - statefulsets
    - daemonsets
    verbs:
    - delete
    - patch
    - update
    - create
  - apiGroups:
    - batch
    resources:
    - cronjobs
    - jobs
    verbs:
    - delete
    - patch
    - update
    - create
  - apiGroups:
    - networking.k8s.io
    resources:
    - ingresses
    - networkpolicies
    verbs:
    - delete
    - patch
    - update
    - create
  - apiGroups:
    - ""
    resources:
    - nodes
    verbs:
    - patch
  - apiGroups:
    - ""
    resources:
    - pods/eviction
    verbs:
    - create
  • Please note: To perform actions against your resources, the user have to be either an account-admin or be provided with permission to perform actions, to read more about Komodor RBAC

How to opt-in

For convienece purposes we've seperated the actions helm chart values into two sections
- watcher.actions.basic - Enables basic actions (Delete pods, Scale and restart deployments, statefulsets, replicasets. Restart and trigger jobs)
- watcher.actions.advanced - Enables advanced actions (Update, Create and Delete resources, Cordon/Uncordon nodes)

New cluster installation

To install a new cluster with actions enabled just follow the installation process from the Komodor console

Cluster upgrade

helm repo add komodorio https://helm-charts.komodor.io ; helm repo update; helm upgrade --install k8s-watcher komodorio/k8s-watcher --set watcher.actions.basic=true --set watcher.actions.advanced=true --reuse-values

How to revoke

To disable the usage of Actions using helm, use the following command:

helm repo add komodorio https://helm-charts.komodor.io ; helm repo update; helm upgrade --install k8s-watcher komodorio/k8s-watcher --set watcher.actions.basic=false --set watcher.actions.advanced=false --reuse-values

How does it work?

  • User triggers a Manual Action through the Komodor platform
  • A command is registered to the Komodor SaaS
  • The Agent running in the cluster fetches the command from the Komodor SaaS (communication is always done from the Agent outside of the cluster)
  • The command is triggered against the Kuberenetes API
  • Kubernetes will now execute the command
  • During the entire process you can track the changes/events through a dedicated Event that will be created on the Komodor timeline.

Please note: Due to Kubernetes nature, this feature is built in an asynchronous way, review the timeline after triggering any action for updates

Komodor Actions Demo

Audit

For auditing purposes, Manual Actions events are created on the Komodor timeline

What type of Actions are supported and where can they be triggered from?

We currently support the following actions: - Scale service - Allows modifying the number of replicas for a Service. Can be triggered from Deployment/StatefulSet inspection pages (under Workloads) and also from a Service timeline page
- Delete Pod - Deletes/kills a specific Pod. Can be triggered from both the Pod inspection page (under Workloads) and the Pods & Logs screen
- Restart service - Triggers a rolling restart of all the Pods of a Service. Can be triggered from Deployment/StatefulSet inspection page (under Workloads) ans also from a Service timeline page
- Rollback service - Rolls back a service to the previous generation
- Re-trigger Job/CronJob - Re-creates the Job to trigger a new run of it. Can be triggered from a Job/CronJob timeline, Job/CronJob inspection pages (under Workloads) and from a Job event drawer
- Cordon/Uncordon node - Allows marking a node as unscehduable, preventing new Pods from being scheduled on it. You can revert this by using the Uncordon action
- Delete/Edit resources