Tools for Kubernetes Monitoring - Part 2: What is Kubewatch?

In the first part of this series, we explored kube-state-metrics, a tool designed to track the state and configuration of Kubernetes objects. We saw how it helps DevOps teams understand whether the current cluster state matches the desired configuration, making it a powerful resource for long-term visibility and performance tracking.

While performance metrics and resource usage are critical for long-term observability, it is equally important to receive real-time alerts when changes occur in the cluster. This is where Kubewatch plays a unique role. Unlike metrics-focused tools, Kubewatch specializes in event monitoring and notifications, keeping DevOps teams informed about modifications to Kubernetes resources the moment they happen.

This article is the second part of a series on Kubernetes Monitoring Tools. It explains what Kubewatch is, how it works, its key features, the benefits it offers, and why it is a valuable addition to any Kubernetes monitoring strategy.

What is Kubewatch?

Kubewatch is an open-source Kubernetes watcher that tracks changes to cluster resources and sends notifications through popular communication channels such as Slack, Microsoft Teams, Mattermost, and webhooks. It was originally developed by Bitnami, later archived by VMware, and is now actively maintained by Robusta.dev, which has released updated versions with improved features and stability.

Rather than collecting performance metrics, Kubewatch focuses on detecting events like the creation, deletion, or modification of Kubernetes objects. This event-driven approach makes it ideal for teams who need instant awareness of changes, whether they are planned or unexpected.

Kubewatch helps teams maintain visibility, respond quickly to potential problems, and stay aware of cluster activities in real time. It is lightweight, easy to deploy, and designed for minimal impact on cluster performance.

How Kubewatch Works?

Kubewatch operates by listening to the Kubernetes API server for resource events. Whenever an event matches its configured criteria, it formats the information and sends it as a notification to one or more configured channels.

The working process involves:

• 1. Watching Kubernetes Resources: Kubewatch monitors objects such as pods, deployments, services, daemonsets, config maps, secrets, jobs, and persistent volume claims.
• 2. Filtering Events: It can be configured to watch all resources or only specific types, helping reduce noise from excessive notifications.
• 3. Formatting Alerts: When a relevant event occurs, Kubewatch prepares a message containing details such as the resource name, namespace, event type, and time of occurrence.
• 4. Sending Notifications: The alert is sent to configured endpoints like Slack, Mattermost, Microsoft Teams, Flock, webhooks, or email.
• 5. User Action: Teams receiving these alerts can investigate changes immediately to confirm they are expected or take corrective action if needed.

Kubewatch works entirely in read-only mode, so it never alters resources or the cluster's running state. Its purpose is purely informational, ensuring that teams are always aware of changes.

Key Features of Kubewatch

Kubewatch offers a focused set of capabilities designed to keep Kubernetes event monitoring simple and effective.

1. Real-time Event Notifications

Kubewatch notifies teams as soon as a resource change happens. This is critical in scenarios where rapid response can prevent downtime or minimize issues.

2. Multiple Notification Channels

It supports popular communication tools such as Slack, Mattermost, Microsoft Teams, Flock, and generic webhooks. Email and CloudEvents integration are also available for flexible alert delivery.

3. Configurable Resource Monitoring

You can specify exactly which Kubernetes objects Kubewatch should watch. For example, it can monitor only deployments and pods while ignoring services or config maps.

4. Lightweight Design

Kubewatch is small in resource usage, making it suitable for production environments without introducing performance overhead.

5. Simple Setup

It can be installed using Helm charts or kubectl manifests. Configuration involves specifying resource types, namespaces, and notification channels.

6. Actively Maintained

The recent Kubewatch 2.0 release includes improvements such as ARM architecture support, additional resource monitoring, and better performance under heavy workloads.

Common Events Monitored by Kubewatch

Kubewatch can track a wide range of resource changes. Examples include:

• Pod creation or deletion: Alerts when a new pod is launched or removed from the cluster.
• Deployment updates: Notifies when a deployment changes its replica count or container images.
• Service modifications: Alerts for service endpoint changes or configuration updates.
• Secret changes: Sends notifications when Kubernetes secrets are created, updated, or deleted.
• ConfigMap updates: Tracks changes to configuration data stored in ConfigMaps.
• Persistent Volume Claim events: Notifies when PVCs are bound, released, or deleted.

These alerts provide immediate context to teams, allowing them to respond before small changes turn into major issues.

Practical Use Cases of Kubewatch

Kubewatch fits into several practical Kubernetes operations scenarios:

• Security Monitoring: Detect unauthorized resource changes quickly.
• Release Oversight:Track deployment rollouts and configuration changes in real time.
• Audit and Compliance: Maintain a record of changes for compliance reviews.
• Development Feedback Loops: Notify developers immediately when new pods or services are deployed.
• Testing Environments: Monitor event patterns during load or chaos testing.

Installation and Configuration of Kubewatch

Kubewatch is designed for quick deployment, and it offers two main installation methods:

1. Installing with Helm

Helm allows users to deploy Kubewatch with minimal manual configuration. You can set values for resources, namespaces, and notification endpoints directly in the values.yaml file.

2. Installing with kubectl

For environments without Helm, Kubewatch can be deployed using YAML manifests. This involves creating a ConfigMap for settings, a Deployment for the watcher, and necessary RBAC permissions.

Basic Setup Steps:

• Install Kubewatch in the desired namespace.
• Configure the ConfigMap to specify which resources to watch.
• Set up notification channels by providing credentials or webhook URLs.
• Apply the configuration and start receiving alerts.

Kubewatch requires minimal maintenance once installed, making it ideal for teams looking for a set-and-forget monitoring tool.

Conclusion

Kubewatch is a valuable Kubernetes monitoring tool that focuses on real-time event notifications. Its lightweight design, flexibility in configuration, and ability to integrate with popular communication tools make it a strong addition to any cluster monitoring setup.

While it does not replace performance metrics collection, it fills a critical gap by ensuring teams are aware of changes as soon as they occur. Experienced Kubernetes developers can help you seamlessly integrate Kubewatch into your cluster, ensuring it works with your existing monitoring solutions.

In the next article of this series, we will explore another tool that enhances Kubernetes monitoring capabilities and further strengthens your cluster visibility. Stay tuned for more insights into building a comprehensive Kubernetes monitoring stack.