Get Roadie in your IDE with our new MCP Servers
Roadie
Backstage Plugins Guides
Application Topology for Kubernetes logo

Backstage Application Topology for Kubernetes Plugin

Created by Red Hat

Application Topology for Kubernetes gives you a live map of what runs in your clusters. It shows services and the workloads that power them, plus how those parts connect. You can scan status at a glance, then open details when you need more. It supports common Kubernetes resources such as Deployments, Jobs, Daemonsets, Statefulsets, CronJobs, Pods, and even Virtual Machines. It works on vanilla Kubernetes and on OpenShift. This helps teams share the same picture of running systems without jumping between tools.

The Backstage plugin brings that map into your catalog. Open a component page and use the topology tab to see an interactive graph for that service. Click a node to view metadata and related resources. Use quick links to reach routes or ingress. Open pod logs when you are chasing an incident. Decorators can show links to source or pipeline runs when available. Common uses include faster triage during outages, explaining architecture in reviews, onboarding new engineers, and spotting drift across environments. The plugin reads from the Backstage Kubernetes plugin and uses your catalog annotations, so it fits cleanly into a self hosted Backstage setup.

Installation Instructions

These instructions apply to self-hosted Backstage only.

Install the topology frontend in your app

  1. Add the package to the app workspace

    Copy 
    yarn workspace app add @backstage-community/plugin-topology

  2. Add the Topology tab to the service entity page

    Edit packages/app/src/components/catalog/EntityPage.tsx

    Copy 
    import { TopologyPage } from '@backstage-community/plugin-topology';
import React from 'react';
import { EntityLayout } from '@backstage/plugin-catalog';

const serviceEntityPage = (
  <EntityLayout>
    {/* other tabs */}
    <EntityLayout.Route path="/topology" title="Topology">
      <TopologyPage />
    </EntityLayout.Route>
  </EntityLayout>
);

export default serviceEntityPage;

The Topology tab appears on each service entity page at path topology.

Ensure the Kubernetes backend is installed and configured

The topology plugin reads data through the Backstage Kubernetes plugin. Install and configure the Kubernetes backend first. Use the path that matches your backend system.

Old backend system

  1. Add the backend package

    Copy 
    yarn workspace backend add @backstage/plugin-kubernetes-backend

  2. Create the backend plugin router

    Create packages/backend/src/plugins/kubernetes.ts

    Copy 
    import { createRouter } from '@backstage/plugin-kubernetes-backend';
import { PluginEnvironment } from '../types';
import { Router } from 'express';

export default async function createPlugin(env: PluginEnvironment): Promise<Router> {
  return await createRouter({
    logger: env.logger,
    config: env.config,
    catalogApi: env.catalogClient,
  });
}

  3. Mount the router

    Edit packages/backend/src/index.ts

    Copy 
    import kubernetes from './plugins/kubernetes';

// inside the main function after creating apiRouter
apiRouter.use('/kubernetes', await kubernetes(env));

  4. Configure cluster access in app config

    Edit app-config.yaml. Add your clusters under the kubernetes key to use a ServiceAccount. Match the Backstage Kubernetes configuration you already use. Add any customResources you need as shown later in this guide.

New backend system

  1. Add the backend package

    Copy 
    yarn workspace backend add @backstage/plugin-kubernetes-backend

  2. Register the plugin in the backend

    Edit packages/backend/src/index.ts

    Copy 
    import { createBackend } from '@backstage/backend-defaults';

const backend = createBackend();

// other plugins
backend.add(import('@backstage/plugin-kubernetes-backend'));

await backend.start();

  3. Configure cluster access in app config

    Edit app-config.yaml. Add your clusters under the kubernetes key to use a ServiceAccount. Add any customResources you need as shown below.

Grant cluster permissions

Use a ServiceAccount for the Backstage Kubernetes plugin. Grant a ClusterRole with read access. Add extra rules when you want the features below.

View OpenShift routes

Add these rules to the ClusterRole

Copy 
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: backstage-read-only
rules:
  - apiGroups:
      - route.openshift.io
    resources:
      - routes
    verbs:
      - get
      - list

Add customResources in app-config.yaml

Copy 
kubernetes:
  customResources:
    - group: 'route.openshift.io'
      apiVersion: 'v1'
      plural: 'routes'

View pods and pod logs

Add these rules to the ClusterRole

Copy 
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: backstage-read-only
rules:
  - apiGroups:
      - ''
    resources:
      - pods
      - pods/log
    verbs:
      - get
      - list
      - watch

View Tekton PipelineRuns

Add these rules to the ClusterRole

Copy 
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: backstage-read-only
rules:
  - apiGroups:
      - tekton.dev
    resources:
      - pipelines
      - pipelineruns
      - taskruns
    verbs:
      - get
      - list

Add customResources in app-config.yaml

Copy 
kubernetes:
  customResources:
    - group: 'tekton.dev'
      apiVersion: 'v1'
      plural: 'pipelines'
    - group: 'tekton.dev'
      apiVersion: 'v1'
      plural: 'pipelineruns'
    - group: 'tekton.dev'
      apiVersion: 'v1'
      plural: 'taskruns'

View Virtual Machines

Make sure OpenShift Virtualization Operator is installed on the cluster

Add these rules to the ClusterRole

Copy 
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: backstage-read-only
rules:
  - apiGroups:
      - kubevirt.io
    resources:
      - virtualmachines
      - virtualmachineinstances
    verbs:
      - get
      - list

Add customResources in app-config.yaml

Copy 
kubernetes:
  customResources:
    - group: 'kubevirt.io'
      apiVersion: 'v1'
      plural: 'virtualmachines'
    - group: 'kubevirt.io'
      apiVersion: 'v1'
      plural: 'virtualmachineinstances'

Enable the source code editor decorator

Add these rules to the ClusterRole

Copy 
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: backstage-read-only
rules:
  - apiGroups:
      - org.eclipse.che
    resources:
      - checlusters
    verbs:
      - get
      - list

Add customResources in app-config.yaml

Copy 
kubernetes:
  customResources:
    - group: 'org.eclipse.che'
      apiVersion: 'v2'
      plural: 'checlusters'

Add entity annotations and labels

Add this annotation to catalog entities so Backstage can map the entity to Kubernetes resources

Copy 
# catalog-info.yaml
annotations:
  backstage.io/kubernetes-id: <BACKSTAGE_ENTITY_NAME>

Add this label to your Kubernetes resources so the Kubernetes plugin can find them

Copy 
# resource manifest
metadata:
  labels:
    backstage.io/kubernetes-id: <BACKSTAGE_ENTITY_NAME>

You can also set a namespace for lookups

Copy 
# catalog-info.yaml
annotations:
  backstage.io/kubernetes-namespace: <RESOURCE_NS>

You can use a label selector for lookups. This takes precedence over the id annotation

Copy 
# catalog-info.yaml
annotations:
  backstage.io/kubernetes-label-selector: 'app=my-app,component=front-end'

If you want to support a shared Dev Spaces editor across many entities you can use a selector like this and label your resources accordingly

Copy 
# catalog-info.yaml
annotations:
  backstage.io/kubernetes-label-selector: 'component in (<BACKSTAGE_ENTITY_NAME>,che)'
Copy 
# checluster.yaml
metadata:
  labels:
    component: che
Copy 
# other resources
metadata:
  labels:
    component: <BACKSTAGE_ENTITY_NAME>

Add a runtime icon to nodes with one of these labels

Copy 
# deployment.yaml
metadata:
  labels:
    app.openshift.io/runtime: <RUNTIME_NAME>

or

Copy 
# deployment.yaml
metadata:
  labels:
    app.kubernetes.io/name: <RUNTIME_NAME>

Supported values

Copy 
django
dotnet
drupal
go-gopher
golang
grails
jboss
jruby
js
nginx
nodejs
openjdk
perl
phalcon
php
python
quarkus
rails
redis
rh-spring-boot
rust
java
rh-openjdk
ruby
spring
spring-boot

Group related workloads in the view

Copy 
# any resource
metadata:
  labels:
    app.kubernetes.io/part-of: <GROUP_NAME>

Draw a connector between workloads

Copy 
# any resource
metadata:
  annotations:
    app.openshift.io/connects-to: '[{"apiVersion": <RESOURCE_APIVERSION>,"kind": <RESOURCE_KIND>,"name": <RESOURCE_NAME>}]'

Optional Backstage RBAC policy

If RBAC is enabled, allow users to view topology and pod logs with this policy

Copy 
g, user:default/<YOUR_USERNAME>, role:default/topology-viewer
p, role:default/topology-viewer, kubernetes.clusters.read, read, allow
p, role:default/topology-viewer, kubernetes.resources.read, read, allow
p, role:default/topology-viewer, kubernetes.proxy, use, allow
p, role:default/topology-viewer, catalog-entity, read, allow

Changelog

This changelog is produced from commits made to the Application Topology for Kubernetes plugin since 8 months ago, and based on the code located here. It may not contain information about all commits. Releases and version bumps are intentionally omitted. This changelog is generated by AI.

Breaking changes

  • Switch to Kubernetes plugin permissions. Use kubernetes.clusters.read and kubernetes.resources.read for viewing. Use kubernetes.proxy for pod logs. Update any RBAC policies to these keys. See #2998 merged 6 months ago
  • Move translation exports to the alpha module. Update imports to the alpha entry. See #5499 merged 10 days ago

Features

  • Add i18n support across the plugin. See #5351 merged 10 days ago
  • Improve permission alerts. The plugin now shows clear messages for missing Kubernetes read permissions and for missing proxy permission when viewing pod logs. See #2998 merged 6 months ago

Bug fixes

  • Render markdown on the missing permission page. See #5549 merged 4 days ago
  • Replace the log file download code with a local version. This removes a hard dependency and keeps the same behavior. See #4263 merged 3 months ago

Dependencies

  • Bump Backstage to v1.42.5 in the example app. See #5377 merged 11 days ago
  • Use the Kubernetes React hook useKubernetesObjects from the upstream package. This removes a custom hook and trims dependencies. See #4851 merged 1 month ago
  • Update Material UI packages. See #4396 merged 1 month ago
  • Update Kubernetes client libraries used around the workspace. See #2843 merged 7 months ago and #2871 merged 7 months ago
  • Earlier bump to Backstage v1.38.1 for topology. See #3877 merged 5 months ago

Maintenance

  • Remove the product theme from the dev setup. See #4804 merged 2 months ago and #4901 merged 1 month ago
  • Clean up metadata and unused dependencies. See #4302 merged 3 months ago, #3443 merged 6 months ago, #3476 merged 6 months ago, and #3018 merged 6 months ago

Documentation

  • Update the contributing guide for topology. See #2572 merged 8 months ago

Set up Backstage in minutes with Roadie

Get a demo