Kubernetes

Kubernetes, without the kubectl archaeology. Agents map the cluster, read the events, and open the fix as a pull request.

Any cluster that speaks the Kubernetes API: EKS, GKE, AKS, or the one under your desk. One read-only ServiceAccount and it's in the graph.

Join the waitlist

Every supported resource.

The Kubernetes resource types that show up in your graph.

Namespace
Node
Deployment
StatefulSet
DaemonSet
ReplicaSet
Job
CronJob
Pod
Service
Ingress
ConfigMap
Secret
Service Account
Role
Role Binding
Cluster Role
Cluster Role Binding
Persistent Volume
Persistent Volume Claim
Storage Class
Network Policy
Horizontal Pod Autoscaler
Pod Disruption Budget

Proactive observability for Kubernetes.

Self-operating software for your clusters: proactive agents watch the workloads, investigate the failures, and open the fixes.

Workloads, wiring, and RBAC, one graph

Deployments, StatefulSets, DaemonSets, pods, services, ingresses, CronJobs, volumes, autoscalers, roles and bindings: 24 resource types land in one living graph with their edges and history, alongside the clouds the cluster runs on.

Events and logs, actually read

Agents inspect pods, read logs and events, and map the cluster topology on a cadence, judging what they see against how each workload normally behaves. No dashboards to babysit.

The failures Kubernetes hides well

Crashloops, OOM kills, pods stuck pending, a rollout that never converged: the cluster knows, but nobody's watching. Polylane notices, investigates, and writes up what happened.

Every rollout, on the record

Each sync writes down exactly what appeared, changed, or disappeared in the cluster. When a workload starts failing right after a rollout, the investigation starts from that change, not from scratch.

get, list, watch, and nothing else

Connect with a kubeconfig or a read-only ServiceAccount token. Polylane only makes read-only Kubernetes API calls, credentials are encrypted before they're stored, the agent never sees the token, and you can scope it to a single namespace.

Investigations that end in a PR

When the root cause is a line of code or a manifest, the investigation ends as a pull request on the repo behind the workload, with a regression test and the evidence trail attached.

Questions.

How does Polylane connect to my Kubernetes cluster?

Two ways: paste a kubeconfig (Polylane reads the API server URL, CA certificate, and ServiceAccount bearer token from the current context), or enter the API server URL and a token manually. Create a read-only ServiceAccount with get, list, and watch, and that's all it needs. Credentials are encrypted before they're stored, and the agent never sees the token.

Does it work with EKS, GKE, or my own clusters?

Any cluster that speaks the Kubernetes API works: EKS, GKE, AKS, or bare metal. If you connect an AWS account, EKS clusters, node groups, and Fargate profiles also show up in the same graph automatically.

What Kubernetes resources does Polylane sync?

24 resource types: namespaces, nodes, Deployments, StatefulSets, DaemonSets, ReplicaSets, Jobs, CronJobs, pods, services, ingresses, ConfigMaps, secrets, ServiceAccounts, RBAC roles and bindings, persistent volumes and claims, storage classes, network policies, autoscalers, and pod disruption budgets. The full list is on this page.

Can Polylane change my cluster?

No. Polylane only makes read-only Kubernetes API calls; the ServiceAccount you create needs nothing beyond get, list, and watch. Fixes land as pull requests on the repos behind your workloads, for you to review and merge.

Does it work with my observability provider?

Yes. Datadog, Sentry, Honeycomb, and Axiom join the graph as first-class sources, and their alerts get triaged by an agent the moment they fire.

What does it cost?

Early access is rolling out through the waitlist. Join it and we'll get you in as capacity opens up.

One ServiceAccount, read-only. The cluster explains itself from then on.