'%20filter='url(%23b)'%20transform='translate(0%20-286)'/%3e%3cpath%20d='M1636.5%20147c-123.436%200-223.5%20102.975-223.5%20230s100.064%20230%20223.5%20230S1860%20504.025%201860%20377c-.143-126.964-100.124-229.853-223.5-230Zm107.16%20308.341c-1.892%202.323-4.973%203.231-7.78%202.295l-98.896-32.908-98.896%2032.908c-2.807.933-5.884.022-7.774-2.3-1.89-2.32-2.212-5.587-.815-8.25l101.128-192.49c1.376-2.238%203.776-3.596%206.357-3.596%202.58%200%204.981%201.358%206.357%203.596l101.128%20192.49c1.401%202.663%201.08%205.932-.81%208.255Z'%20fill='url(%23c)'%20filter='url(%23d)'%20transform='translate(0%20-286)'/%3e%3c/g%3e%3c/svg%3e)
Kubernetes — portal and automation features
Beyond downloading kubeconfig, Loopback exposes read and operational Kubernetes features through the project/workspace scope. These use server-side kubeconfig material and enforce RBAC before touching the cluster.
Version information
- Current version — resolved Kubernetes version record for the workspace.
- Available upgrades — versions that are active in the catalog and allowed by the version’s upgrade graph from your current semver.
- Trigger upgrade — asynchronous job; returns accepted while coordinators upgrade control plane and workers.
Details: Lifecycle & upgrades.
Kubeconfig and OIDC
- Admin kubeconfig — full super-admin file (sensitive permission).
- OIDC kubeconfig — uses
kubectl oidc-loginwith workspace-scoped client id and client secret; integrates with platform-configured OIDC issuer.
Details: Access & identity.
Kubernetes API proxy (read-oriented summaries)
The following capabilities query the cluster API with workspace credentials and return summaries (useful for dashboards without giving every user a kubeconfig):
- Cluster summary — high-level cluster health / capacity snapshot (implementation aggregates API lists).
- Nodes — node list and status summary.
- Ingress objects — ingress resources across namespaces (filtered/summarized).
- LoadBalancer-type services — Kubernetes services of type LoadBalancer (distinct from Loopback LoadBalancer product objects).
- Helm releases — detected Helm releases (where discoverable via API conventions).
- Volumes — persistent volume claims / volume summary helpers.
Operational actions
- Cordon / uncordon node — marks node unschedulable or restores scheduling (by host id linkage).
- Drain node — evicts workloads subject to Kubernetes drain semantics.
These mutate cluster state — require appropriate workspace.kubernetes family permissions (often update/execute class).
Events and deployments listings
Separate routes expose:
- Kubernetes events stream or list (for troubleshooting).
- Kubernetes deployments visible to the portal — helps operators compare what Loopback thinks vs
kubectl.
Secrets workflow
If enabled for your role, kubernetes.secrets permission unlocks portal interactions with Kubernetes Secret objects (create from form, rotate, etc.). Treat this as highly sensitive — equivalent to reading application credentials.
Integration with catalog apps
Kubernetes applications install into namespaces like loopback-<app>. Portal Kubernetes views show aggregated state but do not replace kubectl describe for deep debugging.