The Kubernetes monitor is a component that runs alongside Tentacle in the cluster. The Kubernetes monitor tracks the health of resources deployed to the cluster via Octopus Server.
How it works
The Kubernetes monitor communicates with Octopus Server over gRPC on a new port (8443) to send back object information to Octopus Deploy. Communications are initiated by the Kubernetes monitor, so no endpoints on the Kubernetes cluster need to be exposed.
The monitor process uses the Argo project gitops engine project to internally keep track of the resources running on your cluster and react to changes as they occur.
Newer versions of the Kubernetes monitor (2.38.3 or later for v2, 3.0.1 or later for v3) also surface resources that were previously deployed but are no longer part of the latest deployment process. See Orphaned objects for details.
Required Kubernetes permissions
Registration
During registration, the Kubernetes monitor manages a secret to store it’s authentication information.
To do so, a Role is created with the get, list, create and update verbs for the secrets resource.
Once registered, this Role is deleted.
Normal operation
Once the monitor is registered, the Kubernetes monitor is a read only entity.
To enabled this a ClusterRole is created for use by the Kubernetes monitor with the get, watch and list verbs for all groups and resources.
Upgrading
The Kubernetes monitor’s upgrade process is directly tied to the Kubernetes agent.
See how upgrades work for the Kubernetes agent here
Troubleshooting
See Kubernetes Live Object Status troubleshooting
Help us continuously improve
Please let us know if you have any feedback about this page.
Page updated on Sunday, May 24, 2026