Kubernetes dashboard

The Kubernetes dashboard is a managed operations layer for the EKS clusters Sciple discovers from your connected AWS accounts. Browse every resource kind, stream pod state live, tail logs, and open an interactive shell, all behind the workspace's identity, RBAC, and audit trail. There is nothing to install in the cluster beyond a credential.

What you see

• Clusters page at /k8s. A table of registered EKS clusters with name, region, Kubernetes version, provider, and status. Filter by name, region, or owning AWS account.
• Cluster detail at /k8s/clusters/:id with several views:
  • Hub: cluster metadata (version, endpoint, status) and the list of namespaces.
  • Global view: every namespaced kind (Pods, Deployments, StatefulSets, Services, ConfigMaps, PVCs, Ingresses, and more) across all namespaces. Pods stream live over a WebSocket at one update per second.
  • Cluster resources: cluster-scoped kinds (Nodes, PersistentVolumes, StorageClasses, ClusterRoles, ClusterRoleBindings, CRDs, MutatingWebhookConfigurations) from the cached snapshot.
  • Namespace view: the same namespaced kinds filtered to one namespace, with the pod stream scoped to that namespace.
  • Node view: per-node summary, CPU and memory used vs. allocatable, pod capacity, ready and schedulability flags, and a 24-hour restart-velocity histogram.
  • Helm releases: deployed Helm charts grouped by namespace, with the rendered values and revision history.
• kubectl describe and logs: live, no caching. Open the describe drawer on any resource. Tail logs from any pod's containers. Both are scoped to your role and recorded in the audit trail.
• Interactive pod shell: open a session over WebSocket. The session inherits your workspace identity rather than per-cluster credentials, and the audit event captures the engineer and the pod.

Prerequisites

• A Sciple workspace where you hold the settings.manage permission for cluster setup, or dashboard.view to browse.
• At least one AWS account registered via the Cloud (AWS) dashboard. EKS clusters are discovered from that account.
• An EKS access entry or aws-auth mapping that grants Sciple's IAM principal read access to the cluster, plus exec permission if you want the interactive shell.

Step 1. Discover clusters

Open Kubernetes and click Discover. Sciple scans the regions on the selected AWS account for EKS clusters and registers what it finds. Re-run discovery any time a cluster is created or destroyed; Sciple reconciles the registry.

Step 2. Sync resources

Trigger a full sync, or sync a single kind at a time. Sciple writes the cached snapshot that powers the resource tables; subsequent loads are served from the snapshot. Sync cadence is configurable per kind (15 minutes, hourly, six-hourly, daily, or off) so you can keep noisy kinds out of the schedule.

Namespaces and pods stream live independently of the cached snapshot, so the operational view stays current even between syncs.

Data flow

Most kinds are cached in Sciple's database after each sync and read from the snapshot. Live data covers namespaces (polled every ten seconds), pods (WebSocket stream at one Hz per cluster-namespace pair), and kubectl-style describe, logs, and exec, which are pulled fresh on every request.

Sciple talks to the cluster through the kubeconfig derived from your AWS credentials. The cluster's RBAC enforces what the principal can read; Sciple does not bypass it.

Permissions and audit

Browsing clusters, resources, describe drawers, and logs requires dashboard.view. Discovering clusters, deleting them from the registry, triggering syncs, and updating sync schedules require settings.manage.

Cluster discovery and registry updates emit cloud.account.updated. Per-kind schedule changes emit k8s.cluster.sync_schedule.updated. Both events land in the same audit log as the rest of the platform, in the same transaction as the change.

Limits

• Pull-only. Sciple does not watch the cluster for changes; resources sync on a schedule or on demand. The cached snapshot can lag between syncs.
• Background scheduler not yet wired. The sync schedule API exists, but the timer that runs it is not yet shipped. Trigger syncs from the dashboard for now.
• RBAC is at the kubeconfig principal. Sciple does not implement per-kind RBAC on top of the cluster's identity; if the principal can read a kind, every viewer can.
• Live pod stream is per namespace. Streaming all pods across every namespace at once can be high-volume on large clusters; pick a namespace for the live view.
• Read-only by default. Applying changes through the dashboard is not yet exposed; exec is the only mutating action and is permission-gated.

What is next

• ECS dashboard for the non-Kubernetes side of your container runtime.
• Cloud (AWS) dashboard for the AWS account that holds your EKS clusters.
• Access and audit for how permissions and audit work across every surface.