Skip to main content

Authentication

This provider requires authentication.
  • cluster_name: The name of the cluster (required: True, sensitive: False)
  • service_account_json: The service account JSON with container.viewer role. Leave empty to use Application Default Credentials (e.g. GKE Workload Identity) (required: False, sensitive: True)
  • region: The GKE cluster region (required: False, sensitive: False)
  • project_id: The GCP project id (defaults to the service account project or the Application Default Credentials project) (required: False, sensitive: False)
Certain scopes may be required to perform specific actions or queries via the provider. Below is a summary of relevant scopes and their use cases:
  • roles/container.viewer: Read access to GKE resources (mandatory)
  • pods:delete: Required to delete/restart pods (Documentation)
  • deployments:scale: Required to scale deployments (Documentation)
  • pods:list: Required to list pods (Documentation)
  • pods:get: Required to get pod details (Documentation)
  • pods:logs: Required to get pod logs (Documentation)

In workflows

This provider can be used in workflows. As “step” to query data, example:
Check the following workflow example:

Provider Methods

The provider exposes the following Provider Methods. They are available in the AI Assistant.
  • get_pods List all pods in a namespace or across all namespaces (view, scopes: pods:list, pods:get)
  • get_pvc List all PVCs in a namespace or across all namespaces (view, scopes: pods:list)
  • get_node_pressure Get pressure metrics for all nodes (view, scopes: pods:list)
  • exec_command Execute a command in a pod (action, scopes: pods:exec)
  • restart_pod Restart a pod by deleting it (action, scopes: pods:delete)
  • get_deployment Get deployment information (view, scopes: pods:list)
  • scale_deployment Scale a deployment to specified replicas (action, scopes: deployments:scale)
  • get_pod_logs Get logs from a pod (view, scopes: pods:logs)

Connecting with the Provider

  1. Obtain Google Cloud credentials by following the steps in Google Cloud’s service account guide.
  2. Ensure your service account has the necessary permissions to manage GKE clusters (roles/container.admin).
  3. Provide the gcp_credentials, project_id, and zone in your provider configuration.
Alternatively, leave service_account_json empty to authenticate with Application Default Credentials, for example a GKE Workload Identity service account. The project is resolved automatically and can be overridden with project_id. -Google Kubernetes Engine Documentation