Skip to content

v0.2.2

Choose a tag to compare

@github-actions github-actions released this 30 Apr 07:07
0cc56a6

v0.2.2 Richer Analysis

Five new analysis signals and reporting improvements on top of v0.2.1.

🔍 New Analysis Signals

Ingress Backend Integrity ([INGRESS])

inspectIngress cross-references each Ingress backend (default + per-path) against captured Services in the same namespace. Misconfigured ingresses pointing to non-existent services now surface in WORKLOAD ISSUES:

[INGRESS] sre-lab/api-ingress path=/ missing-service=ghost-service
[INGRESS] sre-lab/api-ingress default-backend missing-service=fallback

NetworkPolicy Gap Detection ([NETPOL])

detectNetworkPolicyGaps flags namespaces with running workloads but no NetworkPolicy applying to ingress traffic — these pods have implicit allow-all ingress and are unmonitored. Honors the spec default that omitted policyTypes means ["Ingress"]. Job-owned and Succeeded pods are excluded from the exposed-pod count.

[NETPOL] sre-lab no-ingress-policy 12 pods exposed (implicit allow-all)

📊 New Reporting Modes

--output json

Machine-readable structured report for piping into alerting tools, dashboards, or CI. Empty issue arrays serialize as [] (never null). Honors --no-resource-mix, --no-warning-events, and --severity-threshold (sets filtered: true with a reason field).

kubectl snapshot analyze snap.json --output json | jq '.incident'
 {
    "score": 43,
   "severity": "HIGH"
 }

kubectl snapshot analyze snap.json --output json | jq '.podIssues[]'

Schema: { metadata, incident, podIssues, nodeIssues, workloadIssues, storageIssues, warningEvents?, resourceCounts? }.

--since <duration>

Filter warning events by age. Cutoff is bundle.CapturedAt - duration, so analysis is reproducible regardless of when it's run. Events without timestamps aren't dropped (could be untimestamped cluster events). Tries lastTimestamp, then eventTime, then firstTimestamp.

kubectl snapshot analyze snap.json --since 1h
kubectl snapshot analyze snap.json --since 30m
kubectl snapshot analyze snap.json --since 24h --output json

🛡 Test Coverage

Added explicit tests for PIDPressure and NetworkUnavailable node conditions (both already detected, just previously untested). All four pressure types — MemoryPressure, DiskPressure, PIDPressure, and NetworkUnavailable — are now locked in by tests.

🔧 Internals

  • Pre-pass: A pre-pass before the main inspection loop builds three cross-reference indexes on the analysis state: serviceSet, nsHasIngressNetpol, and nsActivePodCount. This adds one extra walk over bundle.Records, which is computationally cheap.
  • JSON Pathing: The JSON path branches after score computation but before any text formatting—ensuring text and JSON paths stay independent.
  • Exported Types: New types exported for downstream consumers: AnalysisResult, AnalysisMetadata, and IncidentScore.

📦 Install

macOS arm64

tar -xzf kubectl-snapshot_v0.2.2_darwin_arm64.tar.gz
mv kubectl-snapshot ~/.local/bin/

Linux amd64

tar -xzf kubectl-snapshot_v0.2.2_linux_amd64.tar.gz
mv kubectl-snapshot ~/.local/bin/

From source:

go install https://github.com/whtssub/kubectl-snapshot/cmd/kubectl-snapshot@v0.2.2