Analyze Kubernetes Events for Anomalies
Fetches the most recent cluster-wide Kubernetes events and uses Claude to identify critical errors or scheduling failures.
Setup
- → kubectl configured with cluster access
- → claude CLI installed
- → ANTHROPIC_API_KEY environment variable set
Cost per run
$0.01 - $0.05 per run
The one-liner
$ kubectl get events -A --sort-by='.lastTimestamp' | tail -n 100 | claude -p "Review these Kubernetes events. Identify any critical errors, crash loops, or scheduling failures, and provide a brief summary."What each stage does
- [01] kubectl
kubectl get events -AFetches all events across all namespaces in the Kubernetes cluster. - [02] kubectl
--sort-by='.lastTimestamp'Sorts the events chronologically so the most recent ones appear at the bottom. - [03] tail
| tail -n 100Limits the output to the last 100 events to keep the LLM context window small and focused. - [04] claude
| claude -p "Review these Kubernetes events..."Pipes the event log into Claude with a prompt instructing it to summarize critical issues like crash loops.
Expected output (sample)
Summary of Kubernetes Events: - ⚠️ Warning: 3 instances of 'BackOff' for pod 'payment-service-xyz' in namespace 'prod' (CrashLoopBackOff). - ⚠️ Warning: 'FailedScheduling' for pod 'worker-node-abc' due to insufficient CPU. - ✅ Normal: 96 events are routine image pulls, container starts, and successful scheduling. Recommendation: Investigate the 'payment-service' logs and check cluster CPU allocation.
Caveats & tips
- Footgun: Events in Kubernetes are ephemeral (usually kept for 1 hour). This won't find issues from yesterday.
- Permission/Cost: Requires cluster-wide read permissions for events. Sending logs to an external LLM may violate data privacy policies if events contain sensitive resource names.