Kubernetes Toolsets¶
Core ✓¶
Enabled by Default
This toolset is enabled by default and should typically remain enabled.
By enabling this toolset, HolmesGPT will be able to describe and find Kubernetes resources like nodes, deployments, pods, etc.
Configuration¶
Capabilities¶
| Tool Name | Description |
|---|---|
| kubectl_describe | Run kubectl describe command on a specific resource |
| kubectl_get_by_name | Get details of a specific resource with labels |
| kubectl_get_by_kind_in_namespace | List all resources of a given type in a namespace |
| kubectl_get_by_kind_in_cluster | List all resources of a given type across the cluster |
| kubectl_find_resources | Search for resources matching a keyword |
| kubectl_get_yaml | Get YAML definition of a resource |
| kubectl_events | Get events for a specific resource |
| kubectl_memory_requests_all_namespaces | Get memory requests for all pods across all namespaces in MiB |
| kubectl_memory_requests_namespace | Get memory requests for all pods in a specific namespace in MiB |
| kubernetes_jq_query | Query Kubernetes resources using jq filters |
Logs ✓¶
Enabled by Default
This toolset is enabled by default. You do not need to configure it.
By enabling this toolset, HolmesGPT will be able to read Kubernetes pod logs.
Available Log Sources
Multiple logging toolsets can be enabled simultaneously. HolmesGPT will use the most appropriate source for each investigation.
- Kubernetes logs - Direct pod log access (enabled by default)
- Loki - Centralized logs via Loki
- Elasticsearch / OpenSearch - Logs from Elasticsearch/OpenSearch
- Coralogix - Logs via Coralogix platform
- DataDog - Logs from DataDog
Configuration¶
Capabilities¶
| Tool Name | Description |
|---|---|
| kubectl_logs | Fetch logs from a specific pod |
| kubectl_logs_all_containers | Fetch logs from all containers in a pod |
| kubectl_previous_logs | Fetch previous logs from a pod |
| kubectl_previous_logs_all_containers | Fetch previous logs from all containers in a pod |
| kubectl_container_logs | Fetch logs from a specific container in a pod |
| kubectl_logs_grep | Search for specific patterns in pod logs |
| kubectl_logs_all_containers_grep | Search for patterns in logs from all containers |
Live Metrics¶
This toolset retrieves real-time CPU and memory usage for pods and nodes.
Configuration¶
Capabilities¶
| Tool Name | Description |
|---|---|
| kubectl_top_pods | Get current CPU and memory usage for pods |
| kubectl_top_nodes | Get current CPU and memory usage for nodes |
Prometheus Stack¶
This toolset fetches Prometheus target definitions. Requires specific cluster role rules.
Configuration¶
holmes:
toolsets:
kubernetes/prometheus_stack:
enabled: true
customClusterRoleRules:
- apiGroups: ["monitoring.coreos.com"]
resources: ["servicemonitors", "podmonitors", "prometheusrules"]
verbs: ["get", "list"]
Capabilities¶
| Tool Name | Description |
|---|---|
| kubectl_get_prometheus_targets | Get Prometheus monitoring targets |
| kubectl_get_service_monitors | Get ServiceMonitor resources |
| kubectl_get_pod_monitors | Get PodMonitor resources |
Resource Lineage Extras¶
Two variations of resource lineage toolsets: one native and one using kubectl krew. Provides tools to fetch children/dependents and parents/dependencies of Kubernetes resources.
Configuration¶
holmes:
toolsets:
kubernetes/resource_lineage_extras:
enabled: true
# OR
kubernetes/resource_lineage_extras_krew:
enabled: true
Capabilities¶
| Tool Name | Description |
|---|---|
| kubectl_lineage_children | Get child/dependent resources of a Kubernetes resource |
| kubectl_lineage_parents | Get parent/dependency resources of a Kubernetes resource |
Adding Permissions for Additional Resources (In-Cluster Deployments)¶
In-Cluster Only
This section applies only to HolmesGPT running inside a Kubernetes cluster via Helm. For local CLI deployments, permissions are managed through your kubeconfig file.
HolmesGPT may require access to additional Kubernetes resources or CRDs for specific analyses. Permissions can be extended by modifying the ClusterRole rules.
Default CRD Permissions¶
HolmesGPT includes read-only permissions for common Kubernetes operators and tools by default. These can be individually enabled or disabled:
Adding Custom Permissions¶
For resources not covered by the default CRD permissions, you can add custom ClusterRole rules.
Common scenarios:
- External Integrations and CRDs - Access to custom resources from other operators
- Additional Kubernetes resources - Resources not included in the default permissions
Example: Adding Cert-Manager Permissions
To enable HolmesGPT to analyze cert-manager certificates and issuers (not included in default permissions), add custom ClusterRole rules:
Update your values.yaml:
customClusterRoleRules:
- apiGroups: ["cert-manager.io"]
resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"]
verbs: ["get", "list", "watch"]
Apply the configuration: