Application Topology for Kubernetes gives you a live map of what runs in your clusters. It shows services and the workloads that power them, plus how those parts connect. You can scan status at a glance, then open details when you need more. It supports common Kubernetes resources such as Deployments, Jobs, Daemonsets, Statefulsets, CronJobs, Pods, and even Virtual Machines. It works on vanilla Kubernetes and on OpenShift. This helps teams share the same picture of running systems without jumping between tools.
The Backstage plugin brings that map into your catalog. Open a component page and use the topology tab to see an interactive graph for that service. Click a node to view metadata and related resources. Use quick links to reach routes or ingress. Open pod logs when you are chasing an incident. Decorators can show links to source or pipeline runs when available. Common uses include faster triage during outages, explaining architecture in reviews, onboarding new engineers, and spotting drift across environments. The plugin reads from the Backstage Kubernetes plugin and uses your catalog annotations, so it fits cleanly into a self hosted Backstage setup.
Installation Instructions
These instructions apply to self-hosted Backstage only.
Install the topology frontend in your app
-
Add the package to the app workspace
yarn workspace app add @backstage-community/plugin-topology
-
Add the Topology tab to the service entity page
Edit packages/app/src/components/catalog/EntityPage.tsx
import { TopologyPage } from '@backstage-community/plugin-topology'; import React from 'react'; import { EntityLayout } from '@backstage/plugin-catalog'; const serviceEntityPage = ( <EntityLayout> {/* other tabs */} <EntityLayout.Route path="/topology" title="Topology"> <TopologyPage /> </EntityLayout.Route> </EntityLayout> ); export default serviceEntityPage;
The Topology tab appears on each service entity page at path topology.
Ensure the Kubernetes backend is installed and configured
The topology plugin reads data through the Backstage Kubernetes plugin. Install and configure the Kubernetes backend first. Use the path that matches your backend system.
Old backend system
-
Add the backend package
yarn workspace backend add @backstage/plugin-kubernetes-backend
-
Create the backend plugin router
Create packages/backend/src/plugins/kubernetes.ts
import { createRouter } from '@backstage/plugin-kubernetes-backend'; import { PluginEnvironment } from '../types'; import { Router } from 'express'; export default async function createPlugin(env: PluginEnvironment): Promise<Router> { return await createRouter({ logger: env.logger, config: env.config, catalogApi: env.catalogClient, }); }
-
Mount the router
Edit packages/backend/src/index.ts
import kubernetes from './plugins/kubernetes'; // inside the main function after creating apiRouter apiRouter.use('/kubernetes', await kubernetes(env));
-
Configure cluster access in app config
Edit app-config.yaml. Add your clusters under the kubernetes key to use a ServiceAccount. Match the Backstage Kubernetes configuration you already use. Add any customResources you need as shown later in this guide.
New backend system
-
Add the backend package
yarn workspace backend add @backstage/plugin-kubernetes-backend
-
Register the plugin in the backend
Edit packages/backend/src/index.ts
import { createBackend } from '@backstage/backend-defaults'; const backend = createBackend(); // other plugins backend.add(import('@backstage/plugin-kubernetes-backend')); await backend.start();
-
Configure cluster access in app config
Edit app-config.yaml. Add your clusters under the kubernetes key to use a ServiceAccount. Add any customResources you need as shown below.
Grant cluster permissions
Use a ServiceAccount for the Backstage Kubernetes plugin. Grant a ClusterRole with read access. Add extra rules when you want the features below.
View OpenShift routes
Add these rules to the ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: backstage-read-only
rules:
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- get
- list
Add customResources in app-config.yaml
kubernetes:
customResources:
- group: 'route.openshift.io'
apiVersion: 'v1'
plural: 'routes'
View pods and pod logs
Add these rules to the ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: backstage-read-only
rules:
- apiGroups:
- ''
resources:
- pods
- pods/log
verbs:
- get
- list
- watch
View Tekton PipelineRuns
Add these rules to the ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: backstage-read-only
rules:
- apiGroups:
- tekton.dev
resources:
- pipelines
- pipelineruns
- taskruns
verbs:
- get
- list
Add customResources in app-config.yaml
kubernetes:
customResources:
- group: 'tekton.dev'
apiVersion: 'v1'
plural: 'pipelines'
- group: 'tekton.dev'
apiVersion: 'v1'
plural: 'pipelineruns'
- group: 'tekton.dev'
apiVersion: 'v1'
plural: 'taskruns'
View Virtual Machines
Make sure OpenShift Virtualization Operator is installed on the cluster
Add these rules to the ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: backstage-read-only
rules:
- apiGroups:
- kubevirt.io
resources:
- virtualmachines
- virtualmachineinstances
verbs:
- get
- list
Add customResources in app-config.yaml
kubernetes:
customResources:
- group: 'kubevirt.io'
apiVersion: 'v1'
plural: 'virtualmachines'
- group: 'kubevirt.io'
apiVersion: 'v1'
plural: 'virtualmachineinstances'
Enable the source code editor decorator
Add these rules to the ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: backstage-read-only
rules:
- apiGroups:
- org.eclipse.che
resources:
- checlusters
verbs:
- get
- list
Add customResources in app-config.yaml
kubernetes:
customResources:
- group: 'org.eclipse.che'
apiVersion: 'v2'
plural: 'checlusters'
Add entity annotations and labels
Add this annotation to catalog entities so Backstage can map the entity to Kubernetes resources
# catalog-info.yaml
annotations:
backstage.io/kubernetes-id: <BACKSTAGE_ENTITY_NAME>
Add this label to your Kubernetes resources so the Kubernetes plugin can find them
# resource manifest
metadata:
labels:
backstage.io/kubernetes-id: <BACKSTAGE_ENTITY_NAME>
You can also set a namespace for lookups
# catalog-info.yaml
annotations:
backstage.io/kubernetes-namespace: <RESOURCE_NS>
You can use a label selector for lookups. This takes precedence over the id annotation
# catalog-info.yaml
annotations:
backstage.io/kubernetes-label-selector: 'app=my-app,component=front-end'
If you want to support a shared Dev Spaces editor across many entities you can use a selector like this and label your resources accordingly
# catalog-info.yaml
annotations:
backstage.io/kubernetes-label-selector: 'component in (<BACKSTAGE_ENTITY_NAME>,che)'
# checluster.yaml
metadata:
labels:
component: che
# other resources
metadata:
labels:
component: <BACKSTAGE_ENTITY_NAME>
Add a runtime icon to nodes with one of these labels
# deployment.yaml
metadata:
labels:
app.openshift.io/runtime: <RUNTIME_NAME>
or
# deployment.yaml
metadata:
labels:
app.kubernetes.io/name: <RUNTIME_NAME>
Supported values
django
dotnet
drupal
go-gopher
golang
grails
jboss
jruby
js
nginx
nodejs
openjdk
perl
phalcon
php
python
quarkus
rails
redis
rh-spring-boot
rust
java
rh-openjdk
ruby
spring
spring-boot
Group related workloads in the view
# any resource
metadata:
labels:
app.kubernetes.io/part-of: <GROUP_NAME>
Draw a connector between workloads
# any resource
metadata:
annotations:
app.openshift.io/connects-to: '[{"apiVersion": <RESOURCE_APIVERSION>,"kind": <RESOURCE_KIND>,"name": <RESOURCE_NAME>}]'
Optional Backstage RBAC policy
If RBAC is enabled, allow users to view topology and pod logs with this policy
g, user:default/<YOUR_USERNAME>, role:default/topology-viewer
p, role:default/topology-viewer, kubernetes.clusters.read, read, allow
p, role:default/topology-viewer, kubernetes.resources.read, read, allow
p, role:default/topology-viewer, kubernetes.proxy, use, allow
p, role:default/topology-viewer, catalog-entity, read, allow
Changelog
This changelog is produced from commits made to the Application Topology for Kubernetes plugin since 8 months ago, and based on the code located here. It may not contain information about all commits. Releases and version bumps are intentionally omitted. This changelog is generated by AI.
Breaking changes
- Switch to Kubernetes plugin permissions. Use kubernetes.clusters.read and kubernetes.resources.read for viewing. Use kubernetes.proxy for pod logs. Update any RBAC policies to these keys. See #2998 merged 6 months ago
- Move translation exports to the alpha module. Update imports to the alpha entry. See #5499 merged 10 days ago
Features
- Add i18n support across the plugin. See #5351 merged 10 days ago
- Improve permission alerts. The plugin now shows clear messages for missing Kubernetes read permissions and for missing proxy permission when viewing pod logs. See #2998 merged 6 months ago
Bug fixes
- Render markdown on the missing permission page. See #5549 merged 4 days ago
- Replace the log file download code with a local version. This removes a hard dependency and keeps the same behavior. See #4263 merged 3 months ago
Dependencies
- Bump Backstage to v1.42.5 in the example app. See #5377 merged 11 days ago
- Use the Kubernetes React hook useKubernetesObjects from the upstream package. This removes a custom hook and trims dependencies. See #4851 merged 1 month ago
- Update Material UI packages. See #4396 merged 1 month ago
- Update Kubernetes client libraries used around the workspace. See #2843 merged 7 months ago and #2871 merged 7 months ago
- Earlier bump to Backstage v1.38.1 for topology. See #3877 merged 5 months ago
Maintenance
- Remove the product theme from the dev setup. See #4804 merged 2 months ago and #4901 merged 1 month ago
- Clean up metadata and unused dependencies. See #4302 merged 3 months ago, #3443 merged 6 months ago, #3476 merged 6 months ago, and #3018 merged 6 months ago
Documentation
- Update the contributing guide for topology. See #2572 merged 8 months ago
Set up Backstage in minutes with Roadie
Focus on using Backstage, rather than building and maintaining it.