Kubernetes Live Object Status

The Kubernetes Live Object Status feature is in early access, it is rolling out in Octopus Cloud now. This feature is coming to self-hosted customers in H2 2025.

Kubernetes Live Object Status shows the live status of your Kubernetes objects after they have been deployed. This allows you to monitor and safely troubleshoot your Kubernetes application directly from within Octopus Deploy.

Live status page

Where it is available

Using Kubernetes Live Object Status requires the following:

  • An Octopus Cloud instance
  • A Kubernetes Agent target
  • A project with a deployment process containing Kubernetes steps
    • The kubectl script step is currently unsupported

How to use Live Status

Once you have the Kubernetes monitor enabled on your Kubernetes Agent, simply toggle the switch on the dashboard to show live status in place of the deployment status.

A screenshot of the Space dashboard showing live status

Octopus display individual status at an object level as well as summarized status for an Application.

Live status page

Application status

LabelStatus IconDescription
ProgressingObjects in your application are currently in a progressing state
HealthyThe objects in your cluster match what was specified in the last deployment
UnknownWe’re having trouble getting live status updates for this application
DegradedYour objects experienced errors after the deployment completed
Out of SyncThe objects on your cluster no longer match what you last deployed
MissingObjects in your application are currently in a missing state
UnavailableApplication live status is unavailable because your last deployment failed
WaitingApplication live status will be available once the deployment completes

Object status

LabelStatus IconDescription
ProgressingObject is attempting to reach the desired state
HealthyObject is in sync and reporting that it is running as expected
UnknownWe don’t have up-to-date information about the live status of this object
DegradedObject has run into a problem, check the logs or events to find out more
Out of SyncObject manifest is not the same as what was applied
MissingObject is missing from the cluster
In SyncObject manifest matches what was applied, but does not report any additional health status
SuspendedJob is not currently running

Take a look at our troubleshooting guide for details on why you may see some object statuses

Detailed object information

Each object reported back by the Kubernetes monitor can be selected to provide detailed information including events, logs and the manifest currently on the cluster

Object summary

Events

Events are fetched on demand from the running object. Octopus reads and presents events in similar way to kubectl.

Object events

Logs

Logs are fetched on demand from the running object. We do not currently support tailing logs, but it is on the roadmap in the near future.

Object logs

Manifest

The manifest shown here is the live manifest as reported by the cluster back to Octopus.

Object manifest

How it works

The Kubernetes Agent has a new component called the Kubernetes monitor which also runs inside the Kubernetes cluster. Read more about the Kubernetes monitor here.

During a deployment, Octopus will capture any applied Kubernetes manifests and send them to the monitor. The monitor uses these manifests to track the deployed objects in the cluster, keeping track of their synchronization and health.

User permissions

Viewing the data returned from the Kubernetes monitor from within Octopus requires DeploymentView permissions.

This data includes the resource and application status, as well as pod logs and events for objects being monitored. This may be a change in security posture that your team should carefully consider.

Secrets

Octopus sensitive variables

As always, we treat secret data as carefully as we possibly can.

Practically, this means that we redact any detected Octopus sensitive variables from:

  • Manifests
  • Logs
  • Events

If we do not have all the required information to adequately redact something coming back from a Kubernetes cluster, we will opt to prevent the user from seeing this all together.

With that said, we highly recommend:

  1. Containing all sensitive information to Kubernetes secrets so they can be redacted at the source
  2. Never logging sensitive values in containers

The flexibility that Octopus variables provide mean that sensitive variables can turn up in unexpected ways and so our redaction can only be best effort.

Kubernetes secrets

The well defined structure of Kubernetes secrets allow us to confidently redact secret data.

To ensure that we never exfiltrate secret data that Octopus is not privy to, the Kubernetes monitor salts and hashes the secret data using sha256. By hashing secrets Octopus can tell you when something changed in your secret, but Octopus will never know what the secrets are unless you have populated them using Octopus sensitive variables.

Please be aware that outputting Kubernetes secrets into pod logs may result in them being sent un-redacted if they are not sourced from Octopus sensitive variables originally.

Known issues and limitations

Excluded steps

The desired object list is compiled from objects that were applied during the last deployment. If steps are excluded during a deployment, then live status will not be shown for objects that were applied in those steps.

Please avoid skipping steps that deploy Kubernetes objects.

Script steps are not supported

Objects modified by script steps directly are not monitored. Support for script steps is planned for a future release.

Runbooks are not supported

Objects modified by Runbooks are not monitored. Please deploy the objects via a Deployment if you want them to be monitored.

Help us continuously improve

Please let us know if you have any feedback about this page.

Send feedback

Page updated on Friday, March 28, 2025