← All one-liners·#049·DevOps·llm cli·beginner

Analyze Kubernetes Events for Anomalies

Fetches the most recent cluster-wide Kubernetes events and uses Claude to identify critical errors or scheduling failures.

Setup
  • → kubectl configured with cluster access
  • → claude CLI installed
  • → ANTHROPIC_API_KEY environment variable set
Cost per run
$0.01 - $0.05 per run
The one-liner
$ kubectl get events -A --sort-by='.lastTimestamp' | tail -n 100 | claude -p "Review these Kubernetes events. Identify any critical errors, crash loops, or scheduling failures, and provide a brief summary."
What each stage does
  1. [01] kubectlkubectl get events -A
    Fetches all events across all namespaces in the Kubernetes cluster.
  2. [02] kubectl--sort-by='.lastTimestamp'
    Sorts the events chronologically so the most recent ones appear at the bottom.
  3. [03] tail| tail -n 100
    Limits the output to the last 100 events to keep the LLM context window small and focused.
  4. [04] claude| claude -p "Review these Kubernetes events..."
    Pipes the event log into Claude with a prompt instructing it to summarize critical issues like crash loops.
Expected output (sample)
Summary of Kubernetes Events:
- ⚠️ Warning: 3 instances of 'BackOff' for pod 'payment-service-xyz' in namespace 'prod' (CrashLoopBackOff).
- ⚠️ Warning: 'FailedScheduling' for pod 'worker-node-abc' due to insufficient CPU.
- ✅ Normal: 96 events are routine image pulls, container starts, and successful scheduling.
Recommendation: Investigate the 'payment-service' logs and check cluster CPU allocation.
Caveats & tips
  • Footgun: Events in Kubernetes are ephemeral (usually kept for 1 hour). This won't find issues from yesterday.
  • Permission/Cost: Requires cluster-wide read permissions for events. Sending logs to an external LLM may violate data privacy policies if events contain sensitive resource names.