Skip to main content

Kubernetes diagnostics without the archaeology

Turn broken workload symptoms into ranked root causes.

triage is a kubectl-native CLI that cross-references pod status, events, owner refs, services, endpoints, PVCs, and RBAC in one pass. It tells responders what is broken, why, and what command to run next.

Install triageOpen sandbox
23 built-in rulesText, JSON, Markdown outputRead-only by design
incident:default/crashloop-demo
ⓧ CRITICAL  [high confidence]  TRG-POD-CRASHLOOPBACKOFF
Container "app" is in CrashLoopBackOff (5 restarts)

Evidence:
  • pod.status.containerStatuses[app].state.waiting.reason = CrashLoopBackOff
  • pod.status.containerStatuses[app].restartCount = 5

Next commands:
  $ kubectl logs -n default crashloop-demo -c app --previous
  $ kubectl describe pod -n default crashloop-demo

Built for responders who need the likely root cause, the evidence behind it, and the shortest path to confirmation.

Why triage

Not another wrapper around `kubectl describe`.

triage keeps the raw cluster facts, but adds ranking, rule IDs, evidence correlation, and immediate follow-up commands so responders can move from symptom to fix faster.

Manual cluster archaeology

Useful for raw detail, but the operator still has to correlate symptoms, owners, events, services, and next steps by hand.

  • Raw status firstGood at showing what Kubernetes knows, not why one signal matters more than another.
  • Cross-resource reasoning is manualEvents, services, endpoints, PVCs, and RBAC checks still have to be stitched together mentally.
  • No built-in next stepThe operator decides which command to run next based on experience and time pressure.

triage workflow

Designed for incident response: rank the likely cause, preserve the evidence, and make the confirmation path obvious.

  • Ranked findingsSeverity and confidence push the likely incident driver to the top instead of treating all signals equally.
  • Evidence linkedServices, endpoints, events, rollout conditions, storage references, and RBAC gaps stay attached to the finding.
  • Action-oriented outputEach finding includes the next command to run, plus JSON and markdown output for automation and reports.

Core benefits

Built for operators who need the signal first.

rank first

Ranked diagnosis

Severity and confidence push the incident-driving finding to the top instead of leaving clues scattered across commands.

evidence linked

Evidence preserved

Every finding carries contract-grade evidence so automation and humans can reason from the same facts.

actionable next step

Exact next command

Findings include pasteable follow-up commands, which shortens the loop from detection to remediation.

Scenario-led demos

Explore the failures triage is meant to cut through.

criticalTRG-POD-CRASHLOOPBACKOFF

CrashLoopBackOff

See how triage prioritizes runtime failure, retains evidence, and keeps follow-up commands copyable.

Open scenario
highTRG-POD-MISSING-CONFIGMAP

Missing ConfigMap

Watch a broken dependency turn into a concrete configuration diagnosis with object-level evidence.

Open scenario
criticalTRG-DEPLOY-ROLLOUT-STUCK

Stuck rollout

Inspect how triage connects controller-level rollout failure to the underlying image pull problem.

Open scenario

Architecture

One-shot CLI, request-scoped cache, static rule engine.

The product stays fast because it does one diagnosis pass, builds a request-scoped cache, and runs compiled rules over explicit Kubernetes signals instead of trying to become a long-lived control plane.

1

CLI surface

Cobra commands map user intent to one diagnosis target and a renderer choice.

2

Collector + cache

Request-scoped cache warms likely resources and removes duplicate Kubernetes API calls.

3

Rule engine

Compiled rules inspect explicit workload, event, network, storage, and RBAC signals.

4

Ranking

Severity and confidence decide what responders should read first.

5

Renderers

Text, JSON, and Markdown keep the same finding model for humans and automation.

Install

Use the release flow that matches your environment.

Releases ship as signed binaries with SBOMs. Source installs use the public module path, and kubectl plugin mode is built into the same binary.

Pull a signed release asset from GitHub Releases.

install:binary
curl -L https://github.com/khvedela/triage/releases/latest/download/triage_darwin_arm64.tar.gz | tar xz
chmod +x triage
mv triage /usr/local/bin/triage

Release trust

Distribution details that matter in production environments.

Signed artifacts

GoReleaser publishes checksums and cosign signatures so teams can verify exactly what they install.

SBOMs included

Each archive ships with SBOM material so provenance and dependency review do not require a second pipeline.

GitHub-native releases

Binary downloads, release notes, and future package integrations all anchor on the public GitHub Releases feed.