FireHydrant's Kubernetes integration allows you to automatically send updates about the workloads deployed in your clusters to FireHydrant. This lets you follow a change from GitHub pull request to deployed pod.

You'll see changes appear in your FireHydrant account allowing you to identify if the image in a Replica Set changed, the status of Pods in a Deployment or if the labels on a Service were updated. This allows you to easily identify exactly what has changed in your cluster and determine if it contributed to an active incident.

Resources Tracked

  • DaemonSet
  • Deployments
  • ReplicaSet
  • Services
  • StatefulSets

Support for other resource types is coming soon. Let us know which resources are most important to you and what you'd like to see tracked.

Installation Instructions

You'll need a bot token for the controller to authenticate with; we recommend that you generate one specifically for this integration. This goes in the firehydrant-keys  Kubernetes secret. 

We have a helm chart coming soon but in the mean time you can use the following manifests to deploy the controller; make sure to change [[YOUR_BOT_TOKEN]]  and [[YOUR_ENVIRONMENT_NAME]]  before deploying the manifests.

apiVersion: v1
kind: Namespace
metadata:
  name: firehydrant-system
---
apiVersion: v1
kind: Secret
metadata:
  name: firehydrant-keys
  namespace: firehydrant-system
stringData:
  FIREHYDRANT_API_KEY: [[YOUR_BOT_TOKEN]]
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: firehydrant-cm
  namespace: firehydrant-system
data:
  config.yml: |
    apiToken: '$FIREHYDRANT_API_KEY'
    fireHydrantUrl: 'api.firehydrant.io'
    watch:
      - namespace: "*"
        environment: [[YOUR_ENVIRONMENT_NAME]]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: firehydrant-k8s-changelog-serviceaccount
  namespace: firehydrant-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: firehydrant-system-clusterrole
rules:
  - apiGroups:
      - ""
      - "extensions"
      - "apps"
    resources:
      - services
      - deployments
      - replicasets
      - daemonsets
      - statefulsets
    verbs:
      - list
      - watch
      - get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: firehydrant-clusterrole-nisa-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: firehydrant-system-clusterrole
subjects:
  - kind: ServiceAccount
    name: firehydrant-k8s-changelog-serviceaccount
    namespace: firehydrant-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: firehydrant-k8s-changelog
  namespace: firehydrant-system
  labels:
    app: firehydrant-k8s-changelog
    app.kubernetes.io/name: firehydrant-k8s-changelog
    app.kubernetes.io/component: changelog
spec:
  replicas: 1
  strategy:
    type: RollingUpdate
  selector:
    matchLabels:
      app: firehydrant-k8s-changelog
  template:
    metadata:
      labels:
        app: firehydrant-k8s-changelog
    spec:
      serviceAccount: firehydrant-k8s-changelog-serviceaccount
      containers:
      - name: changelog
        image: quay.io/firehydrant/k8s-changelog:v0.0.14
        command:
        - firehydrant-k8s-changelog
        - watch
        envFrom:
        - secretRef:
            name: firehydrant-keys
        volumeMounts:
        - name: config
          mountPath: /etc/k8s-watcher
        resources:
          limits:
            cpu: 10m
            memory: 128Mi
          requests:
            cpu: 10m
            memory: 128Mi
      volumes:
      - name: config
        configMap:
          name: firehydrant-cm

Did this answer your question?