Skip to content

Releases: whtssub/kubectl-snapshot

v0.2.4

Choose a tag to compare

@github-actions github-actions released this 05 May 17:03
fea6606

v0.2.4 — Distribution

Shell completion

# bash (~/.bashrc)
source <(kubectl snapshot completion bash)

# zsh (~/.zshrc)
source <(kubectl snapshot completion zsh)

# fish (~/.config/fish/config.fish)
kubectl snapshot completion fish | source

# PowerShell ($PROFILE)
kubectl snapshot completion powershell | Out-String | Invoke-Expression

SARIF output for GitHub Code Scanning

analyze --output sarif emits SARIF 2.1.0 compatible with the GitHub Code Scanning upload action. Each pod/node/workload/storage issue becomes a result with a rule ID, severity level, and logical resource location.

# .github/workflows/cluster-scan.yml
- run: kubectl snapshot analyze snap.json --output sarif > results.sarif
- uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: results.sarif

Rules emitted: snapshot/pod-issue (error), snapshot/node-issue (error), snapshot/workload-issue (warning/error), snapshot/storage-issue (warning/error), snapshot/warning-event (note).

Krew and Homebrew distribution

GoReleaser now auto-publishes the krew manifest to whtssub/krew-index and the Homebrew formula to whtssub/homebrew-tap on every release.

# Homebrew
brew install whtssub/tap/kubectl-snapshot

# krew (after kubernetes-sigs/krew-index PR is accepted)
kubectl krew install snapshot

Checksums verification

Every release ships checksums.txt. Verify your download:

curl -LO https://github.com/whtssub/kubectl-snapshot/releases/download/v0.2.4/kubectl-snapshot_Linux_x86_64.tar.gz
curl -LO https://github.com/whtssub/kubectl-snapshot/releases/download/v0.2.4/checksums.txt

# Linux
sha256sum --check --ignore-missing checksums.txt

# macOS
shasum -a 256 --check --ignore-missing checksums.txt

Internals

  • internal/cli/completion.go — Cobra's built-in GenBashCompletionV2 / GenZshCompletion / GenFishCompletion / GenPowerShellCompletionWithDesc
  • internal/snapshot/sarif.gorenderSARIF(), sarifRules catalogue, extractResourceFromIssue() helper
  • .goreleaser.yaml — added brews: section (whtssub/homebrew-tap), removed skip_upload: true from krews:
  • .github/workflows/release.yml — uses GH_PAT secret for cross-repo writes; falls back to GITHUB_TOKEN

Note: To enable automatic krew and Homebrew pushes, add a GH_PAT secret to this repo — a PAT with contents:write on whtssub/krew-index and whtssub/homebrew-tap.

v0.2.3

Choose a tag to compare

@github-actions github-actions released this 02 May 17:06
6deafba

v0.2.3 — Multi-snapshot / trending

New commands

kubectl snapshot history
Lists all previously captured snapshots from a local index (~/.kubectl-snapshot/history.json).
The index is maintained automatically — every successful capture adds an entry.
Use --no-index to skip indexing a specific capture, or --index <path> to use a custom index file.

# List all indexed snapshots (newest first)
kubectl snapshot history
kubectl snapshot history --index /custom/path/history.json

kubectl snapshot trend [snapshot.json ...]
Compares pod counts, node counts, total restarts, and warning event counts across two or more snapshots.
Pass files explicitly or omit them to read the last N entries from the history index.

# Compare two specific snapshots
kubectl snapshot trend before.json after.json

# Compare the 5 most recent captures from history
kubectl snapshot trend --last 5

# Compare 3 snapshots from a custom index
kubectl snapshot trend --index /custom/path/history.json --last 3

New flags

capture --selector/-l <selector>
Scopes a capture to resources matching a Kubernetes label selector — forwarded to every API list call.

kubectl snapshot capture -o snap.json --selector app=frontend
kubectl snapshot capture -o snap.json -l env=prod

analyze --namespace/-n <namespace>
Restricts the analysis report to a single namespace.
Cluster-scoped records (nodes, PersistentVolumes, etc.) are always included regardless of this filter.

kubectl snapshot analyze snap.json --namespace production
kubectl snapshot analyze snap.json -n staging

Internals

  • internal/snapshot/history.goLoadIndex, SaveIndex, AddToIndex, DefaultIndexPath
  • internal/snapshot/trend.goComputeTrend, RenderTrend, TrendPoint, TrendReport
  • internal/snapshot/io.go — added StatBundle helper for recording file sizes in the history index
  • Namespace filter applied before both the pre-pass index-building loop and the main analysis loop so cross-reference indexes (service set, network policy map) are also namespace-scoped

Install

# krew
kubectl krew install snapshot

# direct (linux/amd64)
curl -L https://github.com/whtssub/kubectl-snapshot/releases/download/v0.2.3/kubectl-snapshot_Linux_x86_64.tar.gz | tar xz
mv kubectl-snapshot ~/.local/bin/

v0.2.2

Choose a tag to compare

@github-actions github-actions released this 30 Apr 07:07
0cc56a6

v0.2.2 Richer Analysis

Five new analysis signals and reporting improvements on top of v0.2.1.

🔍 New Analysis Signals

Ingress Backend Integrity ([INGRESS])

inspectIngress cross-references each Ingress backend (default + per-path) against captured Services in the same namespace. Misconfigured ingresses pointing to non-existent services now surface in WORKLOAD ISSUES:

[INGRESS] sre-lab/api-ingress path=/ missing-service=ghost-service
[INGRESS] sre-lab/api-ingress default-backend missing-service=fallback

NetworkPolicy Gap Detection ([NETPOL])

detectNetworkPolicyGaps flags namespaces with running workloads but no NetworkPolicy applying to ingress traffic — these pods have implicit allow-all ingress and are unmonitored. Honors the spec default that omitted policyTypes means ["Ingress"]. Job-owned and Succeeded pods are excluded from the exposed-pod count.

[NETPOL] sre-lab no-ingress-policy 12 pods exposed (implicit allow-all)

📊 New Reporting Modes

--output json

Machine-readable structured report for piping into alerting tools, dashboards, or CI. Empty issue arrays serialize as [] (never null). Honors --no-resource-mix, --no-warning-events, and --severity-threshold (sets filtered: true with a reason field).

kubectl snapshot analyze snap.json --output json | jq '.incident'
 {
    "score": 43,
   "severity": "HIGH"
 }

kubectl snapshot analyze snap.json --output json | jq '.podIssues[]'

Schema: { metadata, incident, podIssues, nodeIssues, workloadIssues, storageIssues, warningEvents?, resourceCounts? }.

--since <duration>

Filter warning events by age. Cutoff is bundle.CapturedAt - duration, so analysis is reproducible regardless of when it's run. Events without timestamps aren't dropped (could be untimestamped cluster events). Tries lastTimestamp, then eventTime, then firstTimestamp.

kubectl snapshot analyze snap.json --since 1h
kubectl snapshot analyze snap.json --since 30m
kubectl snapshot analyze snap.json --since 24h --output json

🛡 Test Coverage

Added explicit tests for PIDPressure and NetworkUnavailable node conditions (both already detected, just previously untested). All four pressure types — MemoryPressure, DiskPressure, PIDPressure, and NetworkUnavailable — are now locked in by tests.

🔧 Internals

  • Pre-pass: A pre-pass before the main inspection loop builds three cross-reference indexes on the analysis state: serviceSet, nsHasIngressNetpol, and nsActivePodCount. This adds one extra walk over bundle.Records, which is computationally cheap.
  • JSON Pathing: The JSON path branches after score computation but before any text formatting—ensuring text and JSON paths stay independent.
  • Exported Types: New types exported for downstream consumers: AnalysisResult, AnalysisMetadata, and IncidentScore.

📦 Install

macOS arm64

tar -xzf kubectl-snapshot_v0.2.2_darwin_arm64.tar.gz
mv kubectl-snapshot ~/.local/bin/

Linux amd64

tar -xzf kubectl-snapshot_v0.2.2_linux_amd64.tar.gz
mv kubectl-snapshot ~/.local/bin/

From source:

go install https://github.com/whtssub/kubectl-snapshot/cmd/kubectl-snapshot@v0.2.2

v0.2.1

Choose a tag to compare

@github-actions github-actions released this 27 Apr 09:35

Changelog

  • 0113198 Merge dev into main: v0.2.1 batch — job analysis, CLI tests, Makefile targets, docs
  • f83b78b build: add test, fmt, lint, coverage Makefile targets
  • 8599fdc feat: add -v/--version flags and ensure v prefix in version output
  • c3bd70c feat: add inspectJob and inspectCronJob to incident analysis
  • 6780778 fix: skip succeeded pods and cronjob-owned pods from incident analysis

v0.2.0

Choose a tag to compare

@github-actions github-actions released this 18 Apr 18:04

Changelog

  • 983f647 add CapturedResources and SkippedResources to bundle metadata
  • 7b861d4 add gzip compression to WriteBundleWithOptions and magic-byte auto-detect in ReadBundle
  • fee63a8 add unit tests for capture, diff, analyze, io, and GVR resolution
  • cc5ce18 add workload, storage, and HPA incident signals with weighted severity scoring
  • 1aedeb6 automate local cluster testing with sample panic scenarios
  • 8715620 expand capture to 24 resource types with short-name aliases and GVR triple support
  • 64bb07d feat: add ReplicaSet replica mismatch detection
  • a2833bd feat: colorized output with section icons and numbered lists
  • cc3568a feat: severity-aware output limits and colorized severity label
  • 25bb9e9 fix: cap restart contribution at 50 to prevent score inflation
  • 1581702 fix: deduplicate deployment signals, use replica count over condition
  • ff0ba16 fix: skip job-owned pods from incident analysis
  • bc2047f improve cli readablity
  • 544c4c8 initialize repo
  • f0feccb main cmd files for cluster diagnosis
  • 64f2410 scaffolfing
  • effd9e8 update docs
  • 47ae47b updates for cross platform distribution
  • 9bc7984 versioning the local testing scenarios
  • a0fa7ca wire --resources and --compress flags; inject version/commit/date via ldflags