Kubernetes
ACTIVATE provides built-in Kubernetes cluster management that lets you connect external clusters, manage workloads, deploy Helm charts, track costs, and control resource quotas — all from a single interface.
Key Capabilities
- Connecting Clusters — Register external Kubernetes clusters and share them with your groups
- kubectl Access — Authenticate to clusters using the PW CLI with federated OIDC credentials
- Managing Workloads — View, edit, and delete Deployments, StatefulSets, Jobs, Pods, and more across clusters
- Pod Logs — Stream and search container logs in real time
- Workload Metrics — Monitor CPU, memory, and storage usage with built-in charts
- Helm Charts — Install, upgrade, roll back, and uninstall Helm releases
- Resource Quotas — Set CPU, memory, and GPU limits per namespace
- Cost Tracking — Calculate and monitor per-namespace compute costs
- Services & Storage — Inspect services, persistent volumes, ConfigMaps, and Secrets
- Nodes & GPUs — View node capacity and configure NVIDIA MIG GPU profiles
Architecture
ACTIVATE connects to your Kubernetes clusters using OIDC token federation. When a user accesses a cluster through the UI or CLI:
- ACTIVATE issues a short-lived OIDC token (10-minute TTL) containing the user's identity and group memberships
- The target cluster validates the token against ACTIVATE's OIDC provider
- Kubernetes RBAC policies map the user's groups to cluster roles and namespace access
This approach requires no long-lived credentials to be stored and ensures that access is always scoped to the user's current permissions and group memberships.
OIDC Requirement
Clusters must be configured to trust ACTIVATE as an OIDC identity provider. See Connecting Clusters for setup details.
Getting Started
- Connect a cluster — Add your first Kubernetes cluster in the cluster connection page
- Set up CLI access — Install the PW CLI and run
pw kube authto configure kubectl access - Explore workloads — Browse running workloads in the workloads view