KubeBuddy CLI¶
CLI
KubeBuddy CLI is the local scanning tool for Kubernetes and AKS. Run it from PowerShell or Docker, generate HTML and JSON reports, and keep your cluster untouched while you inspect it properly.
PowerShell
Use the module directly on Windows, macOS, or Linux and run full scans from your terminal.
Docker
Run KubeBuddy in a container for isolated execution and easy CI or jump-host workflows.
Config File
Save repeatable scan settings in
kubebuddy-config.yaml and keep runs consistent.
KubeBuddy Radar
Connect the CLI to Radar when you want release tracking, alerts, and scan history in one place.
What It Does¶
- Scans Kubernetes and AKS from outside the cluster
- Finds node, pod, workload, network, RBAC, and storage issues
- Supports AKS best-practice checks when you need provider-specific coverage
- Generates HTML, JSON, and terminal output from the same run
- Pulls Prometheus metrics when available for richer diagnostics
Choose Your Runtime¶
PowerShell¶
Use the module to:
- monitor node health and usage
- detect failing pods, restart loops, and stuck jobs
- review Kubernetes events by severity
- inspect RBAC roles and security config
- generate HTML, JSON, or text output
Docker¶
Use Docker to:
- run scans without installing PowerShell locally
- mount kubeconfig for access to any cluster
- generate HTML, JSON, or TXT output for automation
- run AKS-specific checks with the required credentials
Related Guides¶
- Prometheus Integration
- Checks
- AKS Best Practices
- Logging Output
- Kubernetes Permissions
- Radar Integration (Pro)
AI Recommendations¶
KubeBuddy can enrich findings with AI-generated guidance when you provide an OpenAI API key.
Set:
$env:OpenAIKey = "<your-openai-api-key>"
AI guidance can appear in:
- HTML reports
- text output
- JSON report recommendation fields