explaingit

gnana997/periscope

Analysis updated 2026-06-24

6GoAudience · ops devopsComplexity · 4/5LicenseSetup · moderate

TLDR

Self-hosted multi-cluster Kubernetes web console for EKS that avoids static AWS keys by using Pod Identity/IRSA and logs every action under the human's OIDC identity.

Mindmap

mindmap
  root((periscope))
    Inputs
      Kubeconfig
      OIDC IdP
      AWS Pod Identity
      Agent install
    Outputs
      Live resource views
      Audit log SQLite
      YAML edits
    Use Cases
      Multi-cluster ops
      Compliance audit
      EKS admin
    Tech Stack
      Go
      React
      Helm
      SSE
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Run one dashboard across many EKS clusters without storing AWS keys

USE CASE 2

Audit who ran what in Kubernetes by real human identity

USE CASE 3

Edit Kubernetes YAML with schema awareness and drift detection

USE CASE 4

Add non-EKS clusters via an outbound-only agent

What is it built with?

GoReactHelmSQLiteOIDCKubernetes

How does it compare?

gnana997/periscopebeastmastergrinder/turbopuffer-engine-opensourceca-x/nowledge-mem-snap
Stars666
LanguageGoGoGo
Setup difficultymoderatemoderatemoderate
Complexity4/55/53/5
Audienceops devopsdeveloperops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Local kind demo runs in a minute, but a real install needs Helm plus OIDC client setup and Pod Identity/IRSA wiring.

Apache 2.0 lets you use, modify, and distribute the code commercially with attribution.

In plain English

Periscope is a self-hosted web dashboard for managing Kubernetes clusters across an organisation, with a particular focus on clusters running on Amazon's EKS service. Kubernetes is the system that runs containerised applications across a fleet of machines, an admin usually pokes at it through the kubectl command-line tool. Periscope gives that admin a single browser page that talks to every cluster they have, showing pods, deployments, logs, events, and the like, with a Slack-style left rail to switch between clusters. The main selling point in the README is how it handles credentials. Many existing tools require a long-lived AWS key sitting on the dashboard server, which is hard to justify under modern compliance rules. Periscope avoids this by using AWS's Pod Identity or IRSA, which hand out short-lived cluster access on demand, so there is nothing static to steal from the console pod. Users log in through OIDC (a standard sign-in protocol, the author has tested Auth0 and Okta), and every action they take inside Kubernetes is performed as their own identity through a feature called impersonation. The result is that audit log rows show real names like alice@corp instead of a generic service account. The audit log itself is stored in a small SQLite database, searchable and filterable inside the app, with retention limits, which the README pitches as a way to make compliance reviews faster than grepping raw log files. Resource list pages stream live updates over Server-Sent Events (a one-way HTTP push channel) for 21 different resource types, with a polling fallback for corporate proxies that block streaming. The built-in YAML editor knows the schema for standard Kubernetes objects and Custom Resources, applies changes through server-side apply, and detects drift while you type. Version 1.1, released in mid-May 2026, adds an AWS Access section that catalogues IAM entries, service-account-to-role mappings, and lets you ask the reverse question of which workloads can perform a given action. Clusters outside EKS can be added through a small agent that runs inside any cluster with outbound HTTPS, including GKE, AKS, and on-prem k3s, without needing AWS trust to be set up. Installation is via a Helm chart, with a kind-based local demo profile for trying it out in a minute.

Copy-paste prompts

Prompt 1
Give me a 5-minute kind-based local demo of periscope using its Helm chart
Prompt 2
Show me how periscope wires Pod Identity or IRSA so the console pod holds no static AWS keys
Prompt 3
Explain how periscope uses OIDC impersonation to write the human's identity into Kubernetes audit logs
Prompt 4
Walk me through adding a non-EKS cluster to periscope using the periscope-agent tunnel
Prompt 5
Compare periscope's SSE watch streams vs polling fallback and when each kicks in

Frequently asked questions

What is periscope?

Self-hosted multi-cluster Kubernetes web console for EKS that avoids static AWS keys by using Pod Identity/IRSA and logs every action under the human's OIDC identity.

What language is periscope written in?

Mainly Go. The stack also includes Go, React, Helm.

What license does periscope use?

Apache 2.0 lets you use, modify, and distribute the code commercially with attribution.

How hard is periscope to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is periscope for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.