Skip to content
Go to file


Failed to load latest commit information.
Latest commit message
Commit time


Kubediff is a tool for Kubernetes to show you the differences between your running configuration and your version controlled configuration.

Kubediff can be run from the command line:

$ ./kubediff
Usage: kubediff [options] <dir/file>...

Compare yaml files in <dir> to running state in kubernetes and print the
differences.  This is useful to ensure you have applied all your changes to the
appropriate environment.  This tools runs kubectl, so unless your
~/.kube/config is configured for the correct environment, you will need to
supply the kubeconfig for the appropriate environment.

  -h, --help            show this help message and exit
                        path to kubeconfig
  --context=CONTEXT     name of kubeconfig context to use
                        the namespace to assume for objects where it's not
                        specified (default = Kubernetes default for current
  -j, --json            output in json format
  --no-error-on-diff    don't exit with 2 if diff exists

For example:

$ ./kubediff k8s
Checking ReplicationController 'kubediff'
 *** .spec.template.spec.containers[0].args[0]: '-repo=' != '-repo=<your github repo>'
Checking Secret 'kubediff-secret'
Checking Service 'kubediff'

Make sure the dependencies are installed first:

$ pip install -r requirements.txt

Kubediff can also be run as a service on Kubernetes, periodically downloading the latest configuration from Github, comparing it to the running configuration. In this mode Kubediff will also offers a very simple UI showing the output and export the result to Prometheus, all courtesy to prom-run.

To deploy to Kubernetes, you much first make a copy of the YAML files in k8s and update the following fields:

  • kubediff-rc.yaml the first argument to git-sync must be the location of the config repo, and the last argument to kubediff must the the location in this repo of your config.
  • kubediff-secret.yaml the username and password must be set to valid github OAuth token.

Once you have updated the config, the following commands should bring up the service:

$ kubectl create -f k8s
replicationcontroller "kubediff" created
secret "kubediff-secret" created
service "kubediff" created

And to view the UI, run the follow command and go to http://localhost:4040

$ kubectl port-forward $(kubectl get pod --selector=name=kubediff -o jsonpath={}) 4040:80

Kubediff Screenshot

This service exports the exit code of the kubediff as a Prometheus metric; a suitable alert can be setup for persistent differences:

ALERT Kubediff
  IF          max(command_exit_code{job="kubediff"}) != 0
  FOR         2h
  LABELS      { severity="warning" }
    summary = "Kubediff has detected a difference in running config.",
    description = "Kubediff has detected a difference in running config.",

These alerts can be sent to Slack, for example:

Slack Alert


To quickly see how two sets of configurations differ, purely in terms of images:

$ ./compare-images ../service-conf/k8s/dev/ ../service-conf/k8s/prod/
Image                          dev                   prod
-----------------------------  --------------------  --------------------     master-0fc7cc2        master-08fd09d  master-0fc7cc2        master-4fb2aed   master-2899c36        master-45d67b3
tomwilkie/prometheus           frankenstein-8a5ec1b  frankenstein-ebe5808
weaveworks/scope               master-1a1021c        master-14d0e4e


mkdir -p $GOPATH/src/ && cd "$_"
git clone
mkdir -p $GOPATH/src/ && cd "$_"
git clone
cd kubediff

Getting Help

If you have any questions about, feedback for or problems with kubediff:

Your feedback is always welcome!


Kubediff: a tool for Kubernetes to show differences between running state and version controlled configuration.




No releases published


No packages published
You can’t perform that action at this time.