Authentication
This provider requires authentication.- cluster_name: The name of the cluster (required: True, sensitive: False)
- service_account_json: The service account JSON with container.viewer role. Leave empty to use Application Default Credentials (e.g. GKE Workload Identity) (required: False, sensitive: True)
- region: The GKE cluster region (required: False, sensitive: False)
- project_id: The GCP project id (defaults to the service account project or the Application Default Credentials project) (required: False, sensitive: False)
- roles/container.viewer: Read access to GKE resources (mandatory)
- pods:delete: Required to delete/restart pods (Documentation)
- deployments:scale: Required to scale deployments (Documentation)
- pods:list: Required to list pods (Documentation)
- pods:get: Required to get pod details (Documentation)
- pods:logs: Required to get pod logs (Documentation)
In workflows
This provider can be used in workflows. As “step” to query data, example:Provider Methods
The provider exposes the following Provider Methods. They are available in the AI Assistant.- get_pods List all pods in a namespace or across all namespaces (view, scopes: pods:list, pods:get)
- get_pvc List all PVCs in a namespace or across all namespaces (view, scopes: pods:list)
- get_node_pressure Get pressure metrics for all nodes (view, scopes: pods:list)
- exec_command Execute a command in a pod (action, scopes: pods:exec)
- restart_pod Restart a pod by deleting it (action, scopes: pods:delete)
- get_deployment Get deployment information (view, scopes: pods:list)
- scale_deployment Scale a deployment to specified replicas (action, scopes: deployments:scale)
- get_pod_logs Get logs from a pod (view, scopes: pods:logs)
Connecting with the Provider
- Obtain Google Cloud credentials by following the steps in Google Cloud’s service account guide.
- Ensure your service account has the necessary permissions to manage GKE clusters (
roles/container.admin). - Provide the
gcp_credentials,project_id, andzonein your provider configuration.
service_account_json empty to authenticate with Application Default Credentials, for example a GKE Workload Identity service account. The project is resolved automatically and can be overridden with project_id.

