Kubernetes
DockLog can manage Docker only, Kubernetes only, or both from one UI. Set RUNTIME_MODE to control which APIs and navigation items are enabled. Without a kubeconfig, DockLog still starts and shows a connection warning on the Kubernetes pages.
Runtime mode
| RUNTIME_MODE | What you get |
|---|---|
| docker | Default. Containers, Docker logs, shell, and Docker-only dashboard. |
| kubernetes | Pods, deployments, HPAs, services, events, pod logs, and pod shell. |
| both | Docker and Kubernetes side by side: unified dashboard, runtime toggle on the Logs page, and both nav sections. |
Cluster access
When RUNTIME_MODE is kubernetes or both, DockLog needs API access to a cluster.
Option A — mount kubeconfig
services:
docklog:
image: aimldev/docklog:latest
ports:
- "8888:8000"
environment:
- RUNTIME_MODE=both
- KUBECONFIG=/app/kube/config
- K8S_NAMESPACES=default,prod
volumes:
- /var/run/docker.sockdocker.sock: Local UNIX host socket allowing direct control of the Docker daemon engine.:/var/run/docker.sockdocker.sock: Local UNIX host socket allowing direct control of the Docker daemon engine.
- ${HOME}/.kube:/app/kube:ro
- ./data:/app/dataOption B — in-cluster ServiceAccount
Deploy DockLog inside the cluster with a ServiceAccount that can list pods, namespaces, and related resources. In-cluster config is detected automatically (no KUBECONFIG required).
https://127.0.0.1:PORT. Inside a container that address is unreachable, so DockLog rewrites it to host.docker.internal and sets TLS ServerName=localhost. If TLS still fails, set K8S_INSECURE_SKIP_TLS_VERIFY=true for local debugging only.UI overview
- Kubernetes hub — namespace picker, tabs for overview, pods, deployments, HPAs, services, and cluster events.
- Pod detail — containers, env, volumes, linked services/HPAs, live CPU/memory when metrics-server is available, and pod actions.
- Logs — same split-view log UI as Docker; use
?p=namespace/podandrt=kuberneteswhen both runtimes are enabled. - Shell — interactive terminal via
/ws/pod-shell/namespace/podwhenALLOW_SHELLand usercan_shellallow it. - Dashboard — adapts to runtime: Docker-only, Kubernetes-only, or a unified view with both container and pod tables (max five rows plus a link to the full list).
RBAC for namespaces and pods
Staff accounts use the same allowed_containers pattern field for Docker and Kubernetes. Patterns match container names, pod names, namespace names, or namespace/pod paths. See the RBAC guide for examples.
prod — entire namespaceprod/api-* — pods in namespace prod*-deployment-* — pod name across namespacesK8S_NAMESPACES limits which namespaces DockLog will talk to at the instance level (empty = all namespaces allowed by cluster RBAC).
Pod actions
Start, stop, restart, and delete map to Kubernetes reconcile operations (scale deployments, delete pods, etc.) through the same two-layer permission model as containers: server ALLOW_* flags plus per-user can_* flags.
Kubernetes alerts
Admins can create alert rules with source type Kubernetes events. DockLog polls Warning events and matches templates for crash loop backoff, image pull failures, failed scheduling, and OOM. Scope rules to specific pods or namespaces using the same pattern syntax as RBAC.
Notifications
Notification event labels adapt to runtime mode. In both mode, channels can route Workload actions (container and pod start/stop/restart/delete) plus security, health (Docker HEALTHCHECK), intelligent alerts, and version updates.
Environment variables
RUNTIME_MODE—docker,kubernetes, orbothK8S_NAMESPACES— comma-separated namespace allowlist (instance scope)K8S_CONTEXT— kubeconfig context overrideKUBECONFIG— path to kubeconfig inside the containerK8S_API_SERVER— optional API server URL overrideK8S_REWRITE_LOCALHOST— rewrite 127.0.0.1 API URLs for Docker Desktop (auto on Docker Desktop in container)K8S_INSECURE_SKIP_TLS_VERIFY— skip TLS verify for local clusters (debug only)
See the environment variables reference for defaults and all Docker-related settings.
Edit or suggest changes on GitHub.