DEV.co
Open-Source Observability · GoogleCloudPlatform

khi

KHI is an open-source log visualization tool for Kubernetes troubleshooting that transforms audit logs into interactive timelines and cluster diagrams. It runs agentless and requires no cluster-side agents, making it easy to deploy for post-incident analysis and real-time cluster state inspection.

Source: GitHub — github.com/GoogleCloudPlatform/khi
2.1k
GitHub stars
93
Forks
Go
Primary language
Apache-2.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryGoogleCloudPlatform/khi
OwnerGoogleCloudPlatform
Primary languageGo
LicenseApache-2.0 — OSI-approved
Stars2.1k
Forks93
Open issues22
Latest releasev0.56.7 (2026-07-03)
Last updated2026-07-08
Sourcehttps://github.com/GoogleCloudPlatform/khi

What khi is

KHI ingests kube-apiserver audit logs (JSONlines format) and Cloud Logging, rendering timeline visualizations of resource state changes, manifest diffs, and cluster topology diagrams. Built in Go with a web UI, it requires only read access to audit logs and no modifications to cluster configuration.

Quickstart

Get the khi source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/GoogleCloudPlatform/khi.gitcd khi# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Post-incident root cause analysis

Visualize the sequence of events across multiple resources during an incident by timeline, dramatically reducing time spent reading text logs line-by-line.

Kubernetes cluster state forensics

Reconstruct cluster topology and resource relationships at a specific point in time using only audit logs, without needing live cluster access.

Multi-component troubleshooting

Correlate state changes across Pods, Nodes, Services, and other resources to understand failure propagation in complex deployments.

Implementation considerations

  • Requires kube-apiserver audit log access in JSONlines format or integration with Cloud Logging; OSS clusters need manual log export setup.
  • Latest Google Chrome is the only officially tested browser; remote desktop users without GPU may need WebGL workaround (Chrome flag change).
  • No authentication built in—deploy only on trusted networks or behind an auth proxy; localhost binding by default mitigates exposure.
  • Audit log retention window directly limits historical analysis depth; verify your cluster audit policy captures sufficient `DATA_WRITE` events for detailed container status.
  • Requires Go 1.25+ and Node.js 22.13+ for source builds; Docker image simplifies deployment but carries standard container supply-chain considerations.

When to avoid it — and what to weigh

  • Real-time continuous monitoring needed — KHI is designed for log analysis after events, not real-time alerting or continuous metric streaming. For live dashboards, use Prometheus or commercial observability platforms.
  • Minimal audit log retention — KHI depends entirely on kube-apiserver audit logs. If your cluster retains audit logs for fewer than 24–48 hours, historical analysis becomes limited.
  • Complex authentication/authorization required — KHI explicitly lacks built-in auth/authz and is intended for local user access only. Do not expose it on the internet or use in multi-tenant scenarios without an external gateway.
  • Application-level log correlation — KHI focuses on Kubernetes infrastructure logs. If you need to correlate application logs, traces, or metrics from multiple services, you need a full observability platform.

License & commercial use

Licensed under Apache License 2.0 (SPDX: Apache-2.0), a permissive OSI-approved license allowing commercial use, modification, and distribution with attribution and license inclusion.

Apache 2.0 is a permissive license that permits commercial use without royalties. However, verify your organization's legal/compliance policy on third-party OSS dependencies and Google Cloud Platform affiliation before production deployment.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

KHI has no built-in authentication or authorization; it is intended for local, trusted-network access only. Do not expose on the internet. Requires read-only access to audit logs containing sensitive cluster activity; control IAM permissions tightly. Audit log data itself may contain sensitive workload information; secure storage of exported logs if used offline. No known security audit or third-party penetration test data provided in the README.

Alternatives to consider

Kubernetes Dashboard

Built-in Kubernetes web UI; covers real-time cluster state but lacks deep historical log analysis and timeline visualization.

Commercial platforms (Datadog, New Relic, Grafana Cloud)

Full observability stacks with real-time monitoring, alerting, traces, logs, and metrics; higher cost but broader feature set for production environments.

kubectl + jq / manual audit log parsing

Free and requires no new tooling but labor-intensive; suitable only for very small teams or one-off analyses.

Software development agency

Build on khi with DEV.co software developers

Deploy KHI in minutes—no agents required. Visualize Kubernetes audit logs as interactive timelines to resolve incidents faster.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

khi FAQ

Can I use KHI on a non-Google Cloud Kubernetes cluster?
Yes. KHI supports any Kubernetes cluster by ingesting kube-apiserver audit logs in JSONlines format. You must export or forward audit logs manually or via an external log aggregator. See the OSS Kubernetes setup guide in the repo.
Does KHI require any agents or sidecar deployments?
No. KHI is completely agentless. It reads only kube-apiserver audit logs and optionally pulls metadata from the control plane. No workload modifications needed.
What happens if I expose KHI on the internet?
Not recommended. KHI has no authentication or authorization. Anyone with network access can view all audit log data, which may contain sensitive cluster and workload information. Deploy only on trusted internal networks or behind an auth proxy.
How far back in time can I analyze?
Limited by your kube-apiserver audit log retention window, typically 24–48 hours by default. Extend retention via audit policy configuration if you need longer historical analysis.

Software development & web development with DEV.co

Adopting khi is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source observability software in production.

Simplify Kubernetes Troubleshooting with KHI

Deploy KHI in minutes—no agents required. Visualize Kubernetes audit logs as interactive timelines to resolve incidents faster.