# Kubernetes Monitor

The Kubernetes monitor is a component that runs alongside Tentacle in the cluster. The Kubernetes monitor tracks the health of resources deployed to the cluster via Octopus Server.

## How it works

The Kubernetes monitor communicates with Octopus Server over gRPC on a new port (8443) to send back object information to Octopus Deploy. Communications are initiated by the Kubernetes monitor, so no endpoints on the Kubernetes cluster need to be exposed.

The monitor process uses the [Argo project gitops engine project](https://github.com/argoproj/gitops-engine) to internally keep track of the resources running on your cluster and react to changes as they occur.

## Required Kubernetes permissions

### Registration

During registration, the Kubernetes monitor manages a secret to store it's authentication information.

To do so, a `Role` is created with the `get`, `list`, `create` and `update` verbs for the `secrets` resource.

Once registered, this `Role` is deleted.

### Normal operation

Once the monitor is registered, the Kubernetes monitor is a read only entity.

To enabled this a `ClusterRole` is created for use by the Kubernetes monitor with the `get`, `watch` and `list` verbs for all groups and resources.

## Upgrading

The Kubernetes monitor's upgrade process is directly tied to the Kubernetes agent.

See [how upgrades work for the Kubernetes agent here](/docs/kubernetes/targets/kubernetes-agent/upgrading)

## Troubleshooting

See [Kubernetes Live Object Status troubleshooting](/docs/kubernetes/live-object-status/troubleshooting)