The Kubernetes console for EKS shops that banned long-lived AWS creds. Single binary, embedded SPA, OIDC-native — every action signed by the human, audit-trail clean.
Every page is built around how operators actually debug — list, drill, describe, exec, fix. No tabs you have to reorder, no plugin marketplace, no SaaS pricing per node.
Aggregates per-cluster status across every registered cluster in parallel — running under the user's impersonation, so a card error is per-card, not page-wide.
SSE-backed list pages. Pods, events, configmaps, deployments, every registered kind. Last-Event-ID resume for proxy reconnects.
Streams stdin/stdout over WS. Idle, heartbeat, and session caps configurable per cluster. Every exec.attempted rows the audit log before the connection opens.
AWS Insights + node group AMI drift + add-on freshness on a single dashboard. Not a separate console. Cached server-side; AWS only refreshes Insights daily anyway.
Cluster Access page reconciles Access Entries with the legacy aws-auth ConfigMap and unifies the SA → IAM Role index across IRSA and Pod Identity. Per-workload tab chips against an 18-action sensitive-permissions catalog. Reverse lookup answers which workloads can perform action X? in one query.
Read across secret + configmap drivers. Diff before upgrade, rollback in one click, values rendered with Monaco.
The agent dials out over a long-lived WebSocket. No public LB, no IAM role per cluster. Works on EKS, GKE, AKS, on-prem k3s, kind — anywhere with outbound HTTPS.
Stdout JSON sink + SQLite backend with retention caps. *.attempted before the K8s call, *.succeeded / *.failed after.
Every K8s call sets Impersonate-Userto the human's OIDC sub. The bridge identity is only the transport credential; per-call authz is the user's RBAC.
Paste or edit YAML in the embedded Monaco. Server-side dry-run shows the rendered diff before any mutation. The kubectl-apply path you'd already trust.
Amazon Inspector v2 findings, joined to your pods and nodes, then grouped by package so 200 raw CVEs collapse to ~10 bumps with a suggested upgrade target per group. Filter to exploits or fixable only. Manual refresh emits one signed audit row. One Helm flag to enable.
Per-session ephemeral pod on the target cluster, mounting a kubeconfig wired with your impersonate headers + tier-narrow resourceNames. Single audit row joins to the apiserver's own log via shared session-id. In-cluster and agent backends both.
SSM Session Manager onto the node's EC2 host — kubelet, journald, containerd — no SSH key, no bastion. Opened with the operator's own short-lived AWS creds (OIDC id_token → AssumeRoleWithWebIdentity); the Periscope pod holds zero SSM permissions. CloudTrail attributes every session to the operator's IdP subject (the OIDC sub), not a shared role.
Auto-detected dashboard: NodePool weights, disruption budgets, and per-pool $/hr + spot savings scraped from the controller. Pending pods carry the per-pool incompatibility reason from the FailedScheduling event — no grepping karpenter-controller logs.
Installed add-ons with health, current vs latest version, the k8s compatibility window, and blocks next minor warnings. Catalog browse + install / upgrade / delete with a schema-aware config editor, under your impersonated identity.
The page operators land on after the fleet view. Capacity, workload counts, EKS posture, hot signals — read top-to-bottom in the order you'd debug them. Built from a single /dashboard endpoint cached per-actor for 30 seconds, plus a live event stream.
Image and QoS columns out of the box. Stuck pods (CrashLoopBackOff, ImagePullBackOff, RunContainerError) tint red. Filter pills for phase. Click a row, get describe / yaml / events / logs / exec — the whole investigation in one drawer.
The exec drawer opens at the bottom of the page — never full-screen, so you can keep watching the pods list above it. Sessions carry the connected timer, idle and cap timers, and an info tab that surfaces the user, target, and audit row before anything goes over the wire.
Click shell on any cluster page. Periscope provisions a per-session ephemeral pod on that cluster, mounts a kubeconfig pre-wired with your impersonation identity, and attaches the same drawer the pod-exec terminal uses. Every command lands at apiserver as you under tier-narrow RBAC; the close envelope's session-id joins straight to the apiserver's own audit log.
A curated read-only Karpenter dashboard that joins three sources kubectl can not: NodePool weights and disruption knobs, NodeClaims grouped by pool with the Drifted condition surfaced as a badge, and pending pods with the per-NodePool incompatibility breakdown extracted from the FailedScheduling event. Operators stop greping karpenter-controller logs to find out why a pod is not being scheduled.
Four EKS authentication primitives — Access Entries, the legacy aws-auth ConfigMap, IRSA annotations, Pod Identity associations — reconciled in one view, with the migration-health chip rolling up aws-auth-only / entries-only / both counts. The SA → Role index flags dual-source bindings (Pod Identity wins; the IRSA annotation is shadowed dead config) and stale orphans (role deleted). Open any pod and the AWS Access tab resolves the identity chain server-side — every policy parsed, grouped by AWS service, chipped against an 18-action sensitive catalog. Reverse lookup answers 'which workloads can perform s3:DeleteBucket?' in one query.
Amazon Inspector v2 findings, joined to your pods and nodes, then grouped by package server-side so the wall of CVEs collapses to a list of upgrades. Each group header carries the suggested fix version that closes every finding in the group. Filter chips slice by severity, exploitable, or fixable. One Helm flag to enable; reads serve from a per-cluster local cache after a ~30s cold-path hydrate.
Periscope ships as a single Go binary with the SPA embedded via embed.FS. No frontend deployment, no central database, no kubeconfigs cached on disk. Audit rows in SQLite are the only durable state.
OIDC sessions are in-memory only. Restart drops sessions; users sign back in. Multi-replica session sharing is a v1.x concern — explicit, not hidden.
No handler talks to apiserver "as Periscope." Every K8s call carries the user's OIDC sub. The bridge identity is the transport — per-call authz is the human's RBAC.
Privileged handlers emit *.attempted before the K8s call and *.succeeded / *.failed after. A denied action still leaves a row.
where it fits
EKS-native, audit-clean.
for orgs that banned long-lived aws creds and need an audit row for every action. multi-cluster fleet view in oss. apache-2.0.
Polished general K8s console.
yc-backed kubeconfig-based console with a nice topology graph, opencost integration, and an mcp server today. cloud tier at $99/cluster/mo.
Local-first, single-user.
desktop or terminal. no install on the cluster, no shared session, no audit trail. perfect for solo work, not for a team that needs an answer to who-changed-what.
all three are good. periscope is the one for the audited multi-cluster eks shop where every action needs a name on it.
Published to ghcr.io as an OCI artifact and signed with cosign. Verify the signature, write a values file, install. The dashboard is at http://localhost:8080/ after a port-forward.
helm 3.x or 4.x.# 1. Write a values file with auth + cluster registry
$EDITOR my-values.yaml
# 2. Apply your OIDC client secret
kubectl create namespace periscope
kubectl -n periscope create secret generic periscope-oidc \
--from-literal=OIDC_CLIENT_SECRET='<the-secret>'
# 3. Install
helm install periscope \
oci://ghcr.io/gnana997/charts/periscope \
--version 1.1.6 \
--namespace periscope \
--values my-values.yaml
# 4. Reach it
kubectl -n periscope port-forward svc/periscope 8080:8080
open http://localhost:8080/Five minutes from helm install to a fleet view. Bring your own IdP, your own clusters, your own RBAC.