What lives in the graph
Resources
Pods, deployments, services, EC2 instances, RDS databases, GCE VMs, systemd units, and everything in between.
Relationships
Depends-on, routes-to, owned-by, deployed-by, scales-with. Typed edges with metadata.
Signals
Metrics, events, logs, and state snapshots, indexed against the resource they came from.
Changes
Every deploy, rollback, config change, IAM mutation. Timestamped and attributable.
Incidents
Open insights, resolved RCAs, applied actions, and verification outcomes.
Operator context
Notes, ownership, on-call mapping, and the runbook links that apply to each resource.
How the graph stays current
Discovery runs continuously
The Observer walks each environment’s APIs on a rolling basis. New resources appear in minutes. Decommissioned ones fall out after a grace window.
Signals attach to nodes
Every metric, event, and log maps to the resource it came from. The edge stays live as long as the signal is flowing.
Changes become edges
A deploy adds a
deployed-by edge from the new revision to the team or actor who triggered it. A rollback adds one too. Time-sliced queries work out of the box.Why a graph and not a table
Three shapes of question that tables struggle with, and the graph answers in one hop.Blast radius
Blast radius
“If I restart this pod, what else is affected?” Answered by walking
depends-on and routes-to edges from the node.Cross-environment correlation
Cross-environment correlation
“Did the latency spike in the GKE cluster coincide with the RDS connection saturation?” Answered by joining signals across environments with a shared time window.
Change attribution
Change attribution
“What changed in the payments service around the time this incident started?” Answered by walking change edges in the incident’s causal neighbourhood.
What you can do with the graph directly
The graph powers every surface of the product, but you can query it directly too.- Chat asks questions in natural language. The SRI Agent translates to graph queries.
- Infrastructure Topology in the console renders a visual slice of the graph.
- Skills scope their tool calls against graph regions to stay focused.
- The RubixKube API and CLI expose a query interface for custom dashboards and scripts.
Privacy and scope
The graph is scoped to your workspace. Each environment feeds its resources, signals, and changes into it. No cross-tenant leakage, no shared resource IDs between customers. Retention follows your plan. See Memory Engine for the retention model that governs incident history.Common questions
Is the graph a CMDB?
Is the graph a CMDB?
The discovered-asset layer overlaps with what a traditional CMDB holds, but the graph goes further. It links resources to live signals, incidents, and memory. Think of it as a CMDB that updates itself every minute and knows what has broken before.
Can I bring my own ownership or tagging data?
Can I bring my own ownership or tagging data?
Yes. Tag data from AWS, labels from Kubernetes, and equivalent metadata from GCP flow in automatically. You can also annotate nodes directly through the console or API (owner, team, runbook link).
How does RubixKube handle multi-region and multi-account setups?
How does RubixKube handle multi-region and multi-account setups?
Every environment you connect is a separate region or account. The graph links resources across them through natural relationships (shared DNS names, cross-account VPC peering, Kubernetes services calling cloud APIs).
Is there a public schema?
Is there a public schema?
The core node types and edge types are documented inside the console and via the API. The schema extends when you attach custom integrations that introduce new resource types.
Related concepts
Observer Agent
The component that keeps the graph current.
Memory Engine
The history layer that sits alongside the live graph.
Infrastructure Topology
The visual view of the graph in the console.