[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81255":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":11,"openIssues":12,"contributorsCount":12,"subscribersCount":12,"size":12,"stars1d":12,"stars7d":12,"stars30d":12,"stars90d":12,"forks30d":12,"starsTrendScore":12,"compositeScore":13,"rankGlobal":9,"rankLanguage":9,"license":14,"archived":15,"fork":15,"defaultBranch":16,"hasWiki":15,"hasPages":17,"topics":18,"createdAt":9,"pushedAt":9,"updatedAt":28,"readmeContent":29,"aiSummary":30,"trendingCount":12,"starSnapshotCount":12,"syncStatus":31,"lastSyncTime":32,"discoverSource":33},81255,"kubeatlas","KubeAtlas-org\u002Fkubeatlas","KubeAtlas-org","See your whole Kubernetes cluster at a glance. Lightweight, web-based, real-time, single Go binary visualizer.",null,"JavaScript",21,0,40,"MIT License",false,"main",true,[19,20,21,22,23,5,24,25,26,27],"cluster","dashboard","devops","golang","k8s","kubernetes","observability","server-sent-events","visualization","2026-06-12 04:01:32","\u003Cdiv align=\"center\">\n\n# KubeAtlas\n\n### A real-time, interactive map for Kubernetes\n\n**Your cluster, on the map.** Every resource, every connection, drawn live and never polled.\nBuilt for operators who want to *see* the cluster, not parse it.\n\n[![License: MIT](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-2962FF.svg)](LICENSE)\n![Go](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FGo-00ADD8?logo=go&logoColor=white)\n![Kubernetes](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FKubernetes-326CE5?logo=kubernetes&logoColor=white)\n\n**[▶ View the showcase](https:\u002F\u002Fkubeatlas-org.github.io\u002Fkubeatlas\u002F)**\n\n\u003Cimg src=\"docs\u002Fassets\u002Freadme\u002Fplate-hero.png\" alt=\"Your cluster, on the map: a live Kubernetes cluster drawn as namespace territories with pods, controllers and services\" width=\"880\">\n\n**Keyboard-driven** vim-style nav · **No build step** plain ES6, one binary · **Safe by design** secrets redacted, drain excluded · **Narrow on purpose** watch · diagnose · operate\n\n\u003C\u002Fdiv>\n\n> ⚠️ **Early and under active development.** Expect rough edges and bugs — **for now, we strictly don't recommend relying on it for mission-critical work.** Please [open an issue](https:\u002F\u002Fgithub.com\u002Fkubeatlas-org\u002Fkubeatlas\u002Fissues) with problems or feedback, it's exactly what the project needs right now.\n\n---\n\n## From text to map\n\nA Kubernetes cluster is a dense graph of interdependent resources. `kubectl` shows it as flat text, one query at a time, so the relationships between Pods, Services, and config end up *living in your head*. KubeAtlas connects to the API, watches every resource, and streams every change live, drawing it as one map in your browser.\n\n\u003Cdiv align=\"center\">\n\u003Cimg src=\"docs\u002Fassets\u002Freadme\u002Fplate-text-to-map.png\" alt=\"The same cluster as kubectl flat text on the left, drawn as a live graph on the right\" width=\"880\">\n\u003C\u002Fdiv>\n\n---\n\n## How to read the map\n\nKubeAtlas encodes cluster state into **shape** (kind), **colour** (health), and **edge** (relationship), so a single semantic-zoom graph reads at three altitudes: namespace **territories**, per-kind **workloads**, and click-to-**inspect**.\n\n\u003Cdiv align=\"center\">\n\u003Cimg src=\"docs\u002Fassets\u002Freadme\u002Fplate-how-to-read.png\" alt=\"How to read the map: shapes map to kinds, colours to health, edges to relationships; semantic zoom shows Territories, Workloads, and Inspect\" width=\"880\">\n\u003C\u002Fdiv>\n\nExplore your cluster through the layer logic. One graph, redrawn as you zoom:\n- **L1 · Territories**: namespaces collapse into labelled regions; the whole cluster at a glance.\n- **L2 · Workloads**: per-kind shapes resolve, controllers fan out to their pods, colour tracks live health.\n- **L3 · Inspect**: click any node for a full `describe` inline. No terminal, no context switch.\n\n---\n\n## What you do with it\n\n- **See it**: cluster state and every relationship, at a glance, live.\n- **Diagnose it**: logs · `describe` · metrics · events. No terminal, no context switch.\n- **Operate it**: scale · restart · `exec`, in place. Dangerous ops (drain, cordon, bulk delete) excluded by design.\n\n---\n\n## Inside the binary\n\nOne Go binary, with the frontend embedded via `go:embed`, so `make build` produces a single self-contained executable you can copy to any host with a kubeconfig and run. Stateless on writes, cache-first on reads:\n\n1. The browser opens an SSE stream and joins a broker group per namespace, keyed by `clientID`.\n2. `client-go` informers watch every kind; each add \u002F update \u002F delete is serialized once and fanned to that group.\n3. The table and graph render from one in-memory store, so both stay live without polling, and a reconnect resyncs from cache.\n4. Mutations go over REST with an `X-Client-ID`; `exec` rides a WebSocket bridged to the API server.\n\n\u003Cdiv align=\"center\">\n\u003Cimg src=\"docs\u002Fassets\u002Freadme\u002Fplate-architecture.png\" alt=\"Architecture: Browser (Alpine.js, Canvas2D + d3-force, xterm.js) ⇄ Go server (chi router, SSE broker, client-go informers, SPDY→WebSocket exec bridge) ⇄ Kubernetes API server\" width=\"880\">\n\u003C\u002Fdiv>\n\n### How connections are inferred\n\nEdges aren't stored, so KubeAtlas re-derives them on every change by reading references off each object and resolving them against the cache (by UID, name, or pod IP):\n\n- **owns**: `ownerReferences` (controller → pod, walked up the chain); HPAs link to their `scaleTargetRef`.\n- **routes-to**: Ingress → Service (rule backends); Service → Pod, resolved through Endpoints \u002F EndpointSlices by pod IP.\n- **mounts**: a Pod's `volumes[]` → the PVC, ConfigMap, or Secret they name.\n- **reads-from**: a container's `env[].valueFrom` → the Secret or ConfigMap key it references.\n\n---\n\n## Quick start\n\n**Install** — each one-liner detects your OS\u002Farch, downloads and checksum-verifies the matching binary, and installs it so you can run `kubeatlas` from anywhere.\n\nLinux \u002F macOS:\n\n```bash\ncurl -fsSL https:\u002F\u002Fkubeatlas-org.github.io\u002Fkubeatlas\u002Finstall.sh | bash\nkubeatlas # opens http:\u002F\u002F127.0.0.1:8000 in your browser\n```\n\nWindows (PowerShell):\n\n```powershell\nirm https:\u002F\u002Fkubeatlas-org.github.io\u002Fkubeatlas\u002Finstall.ps1 | iex\n```\n\nThe binary is a single **statically linked** file — the frontend is embedded and there are no shared-library dependencies, so it runs on any Linux distro (Alpine included); all it needs is a reachable cluster via your kubeconfig. Prefer not to pipe a script to your shell? Prebuilt archives for every OS\u002Farch are on the [Releases](https:\u002F\u002Fgithub.com\u002Fkubeatlas-org\u002Fkubeatlas\u002Freleases) page. KubeAtlas opens your browser on startup, and launches even when no cluster is reachable so you can fix your kubeconfig and reconnect from the UI.\n\nWorking on KubeAtlas itself? See **[DEVELOPMENT.md](DEVELOPMENT.md)** for the dev server, throwaway test clusters, and tooling.\n\nConfiguration is via environment variables:\n\n| Variable | Default | Description |\n|--------------------|------------------|-------------------------------------------------------------|\n| `PORT` | `8000` | Server listen port. If unset and `8000` is busy, falls back to a free port; if set explicitly and busy, it's an error |\n| `BIND_ADDRESS` | `127.0.0.1` | Bind interface (warns loudly if set to a non-loopback addr) |\n| `SINGLE_NAMESPACE` | _empty_ | Restrict the server to a single namespace |\n| `NAMESPACE_FILTER` | _empty_ | Regex of namespaces to hide |\n| `DISABLE_POD_LOGS` | `false` | Disable the log streaming endpoints |\n| `LOG_LEVEL` | `info` | `debug` \u002F `info` \u002F `warn` \u002F `error` |\n| `LOG_FORMAT` | `text` | `text` (human-readable) or `json` (one event per line) |\n| `OPEN_BROWSER` | _auto_ | Open the UI on startup (loopback only). On for the standalone binary, off in the dev loop; set `true`\u002F`false` to override |\n| `STATIC_DIR` | _empty_ | Serve the frontend from this dir on disk (dev) |\n| `KUBECONFIG` | `~\u002F.kube\u002Fconfig` | Standard client-go kubeconfig path |\n\n---\n\n## Security model\n\nKubeAtlas is **local-only by default**. The boundary is the loopback bind plus the kubeconfig user's RBAC, with no built-in authentication. The threat model assumes a trusted operator on a trusted machine; don't expose KubeAtlas to a network.\n\n- Binds `127.0.0.1`; non-loopback binds emit a loud startup warning.\n- A host-validation middleware rejects `Host` headers other than `localhost`, `127.0.0.1`, or the configured `BIND_ADDRESS` (DNS-rebinding mitigation).\n- All mutating routes require an `X-Client-ID` header, which is the same UUID the client uses for SSE grouping.\n- `ReadHeaderTimeout = 5s` (slowloris mitigation).\n- Secret and ConfigMap `data` fields are redacted server-side before YAML export.\n\n---\n\n## Proof of concept\n\nValidated on two reproducible, **KWOK-simulated** clusters that seed in about a minute:\n\n- **Production-shaped**: 19 nodes, ~130 pods, StatefulSets with PVCs, sidecars, and live metrics.\n- **Fault-injected**: CrashLoop, OOMKilled, ImagePullBackOff, Pending, stuck-Terminating, and a NotReady node, each failure pinned by a label-keyed KWOK Stage so it does not self-heal during a walkthrough.\n\nEvery state was verified end-to-end through the live interface. Rendering uses **Canvas2D + d3-force** with viewport culling and a uniform-grid spatial index; semantic-zoom LOD keeps the graph legible from the namespace-territory view down to individual pods.\n\n---\n\n## Tech stack\n\n**Kubernetes** · **Go** · **Alpine.js** · **d3-force** · **Canvas2D \u002F JavaScript**\n\n`chi` · SSE · WebSocket · xterm.js · client-go · KWOK\n\n---\n\n## Licence\n\nMIT. See [LICENSE](LICENSE).\n\n## Special thanks\n\nKubeAtlas began as a fork of [KubeView](https:\u002F\u002Fgithub.com\u002Fbenc-uk\u002Fkubeview) by Ben Coleman, with its graph view inspired by [Obsidian](https:\u002F\u002Fobsidian.md)'s.\n\nThanks also to [k9s](https:\u002F\u002Fgithub.com\u002Fderailed\u002Fk9s) for the minimalist take on Kubernetes management.\n\nBuilt as a graduation project (CENG 402 · 2025–26) at Ankara Yıldırım Beyazıt University, Department of Computer Engineering, by **Ahmet Kaan Demirci** and **Emin Salih Açıkgöz**. With thanks to our supervisor, **Asst. Prof. Mustafa Yeniad**.\n","KubeAtlas 是一个轻量级的基于 Web 的 Kubernetes 集群可视化工具,能够实时展示整个集群的状态。它以单一 Go 二进制文件运行,无需构建步骤,并采用服务器发送事件技术实现实时更新。KubeAtlas 通过图形化的方式将 Kubernetes 资源之间的关系直观地呈现出来,支持键盘驱动导航和多层级视图(包括命名空间、工作负载和个人资源检查),并且设计上保证了安全性,如自动隐藏敏感信息。适用于需要快速了解和诊断 Kubernetes 集群状态的运维场景中,但目前仍处于早期开发阶段,不建议用于关键任务环境。",2,"2026-06-11 04:04:05","CREATED_QUERY"]