Integrating with Kubernetes

FireHydrant's Kubernetes integration allows you to automatically send updates about the workloads deployed in your clusters to FireHydrant. This lets you follow the lifecylce of a change, from GitHub pull request to deployed pod.

Changes appear in your FireHydrant account, enabling you to identify:

  • whether an image in a Replica Set changed
  • the status of Pods in a Deployment
  • whether the labels on a Service were updated

This allows you to easily identify exactly what has changed in your cluster and determine whether changes contributed to an active incident.changelog.labels.png

Resources Tracked

  • DaemonSet
  • Deployments
  • ReplicaSet
  • Services
  • StatefulSets

Installation Instructions

You need a bot token for the controller to use for authentication. We recommend generating one specifically for this integration. This token goes in the firehydrant-keys Kubernetes secret. 

Use the following manifests to deploy the controller.

Note: Be sure to change [[YOUR_BOT_TOKEN]]  and [[YOUR_ENVIRONMENT_NAME]] before deploying the manifests.
apiVersion: v1
kind: Namespace
metadata:
  name: firehydrant-system
---
apiVersion: v1
kind: Secret
metadata:
  name: firehydrant-keys
  namespace: firehydrant-system
stringData:
  FIREHYDRANT_API_KEY: [[YOUR_BOT_TOKEN]]
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: firehydrant-cm
  namespace: firehydrant-system
data:
  config.yml: |
    apiToken: '$FIREHYDRANT_API_KEY'
    fireHydrantUrl: 'api.firehydrant.io'
    watch:
      - namespace: "*"
        environment: [[YOUR_ENVIRONMENT_SLUG]]
        resources:
        - resource: deployments.v1.apps
          updateOn: ["spec", "metadata", "status"]
          includeDiff: true
          skipServiceCreate: false
        - resource: configmaps
          updateOn: ["data"]
          includeDiff: true
          skipServiceCreate: true
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: firehydrant-k8s-changelog-serviceaccount
  namespace: firehydrant-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: firehydrant-system-clusterrole
rules:
  - apiGroups:
      - ""
      - "extensions"
      - "apps"
    resources:
      - configmaps
      - services
      - deployments
      - replicasets
      - daemonsets
      - statefulsets
    verbs:
      - list
      - watch
      - get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: firehydrant-clusterrole-nisa-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: firehydrant-system-clusterrole
subjects:
  - kind: ServiceAccount
    name: firehydrant-k8s-changelog-serviceaccount
    namespace: firehydrant-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: firehydrant-k8s-changelog
  namespace: firehydrant-system
  labels:
    app: firehydrant-k8s-changelog
    app.kubernetes.io/name: firehydrant-k8s-changelog
    app.kubernetes.io/component: changelog
spec:
  replicas: 1
  strategy:
    type: RollingUpdate
  selector:
    matchLabels:
      app: firehydrant-k8s-changelog
  template:
    metadata:
      labels:
        app: firehydrant-k8s-changelog
    spec:
      serviceAccount: firehydrant-k8s-changelog-serviceaccount
      containers:
      - name: changelog
        image: quay.io/firehydrant/k8s-changelog:v0.0.19
        command:
        - firehydrant-k8s-changelog
        - watch
        envFrom:
        - secretRef:
            name: firehydrant-keys
        volumeMounts:
        - name: config
          mountPath: /etc/k8s-watcher
        resources:
          limits:
            cpu: 10m
            memory: 128Mi
          requests:
            cpu: 10m
            memory: 128Mi
      volumes:
      - name: config
        configMap:
          name: firehydrant-cm

 

Was this article helpful?
0 out of 0 found this helpful
Register your product
You can get support that’s tailored to you, owner exclusives and more
Our helpline hours:
8:00am - 8:00pm CST Monday to Friday; 9:00am - 6:00pm CST Saturday
Follow us on Twitter
Get the latest news and updates first