khi
KHI is an open-source log visualization tool for Kubernetes troubleshooting that transforms audit logs into interactive timelines and cluster diagrams. It runs agentless and requires no cluster-side agents, making it easy to deploy for post-incident analysis and real-time cluster state inspection.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | GoogleCloudPlatform/khi |
| Owner | GoogleCloudPlatform |
| Primary language | Go |
| License | Apache-2.0 — OSI-approved |
| Stars | 2.1k |
| Forks | 93 |
| Open issues | 22 |
| Latest release | v0.56.7 (2026-07-03) |
| Last updated | 2026-07-08 |
| Source | https://github.com/GoogleCloudPlatform/khi |
What khi is
KHI ingests kube-apiserver audit logs (JSONlines format) and Cloud Logging, rendering timeline visualizations of resource state changes, manifest diffs, and cluster topology diagrams. Built in Go with a web UI, it requires only read access to audit logs and no modifications to cluster configuration.
Get the khi source
Clone the repository and explore it locally.
git clone https://github.com/GoogleCloudPlatform/khi.gitcd khi# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires kube-apiserver audit log access in JSONlines format or integration with Cloud Logging; OSS clusters need manual log export setup.
- Latest Google Chrome is the only officially tested browser; remote desktop users without GPU may need WebGL workaround (Chrome flag change).
- No authentication built in—deploy only on trusted networks or behind an auth proxy; localhost binding by default mitigates exposure.
- Audit log retention window directly limits historical analysis depth; verify your cluster audit policy captures sufficient `DATA_WRITE` events for detailed container status.
- Requires Go 1.25+ and Node.js 22.13+ for source builds; Docker image simplifies deployment but carries standard container supply-chain considerations.
When to avoid it — and what to weigh
- Real-time continuous monitoring needed — KHI is designed for log analysis after events, not real-time alerting or continuous metric streaming. For live dashboards, use Prometheus or commercial observability platforms.
- Minimal audit log retention — KHI depends entirely on kube-apiserver audit logs. If your cluster retains audit logs for fewer than 24–48 hours, historical analysis becomes limited.
- Complex authentication/authorization required — KHI explicitly lacks built-in auth/authz and is intended for local user access only. Do not expose it on the internet or use in multi-tenant scenarios without an external gateway.
- Application-level log correlation — KHI focuses on Kubernetes infrastructure logs. If you need to correlate application logs, traces, or metrics from multiple services, you need a full observability platform.
License & commercial use
Licensed under Apache License 2.0 (SPDX: Apache-2.0), a permissive OSI-approved license allowing commercial use, modification, and distribution with attribution and license inclusion.
Apache 2.0 is a permissive license that permits commercial use without royalties. However, verify your organization's legal/compliance policy on third-party OSS dependencies and Google Cloud Platform affiliation before production deployment.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
KHI has no built-in authentication or authorization; it is intended for local, trusted-network access only. Do not expose on the internet. Requires read-only access to audit logs containing sensitive cluster activity; control IAM permissions tightly. Audit log data itself may contain sensitive workload information; secure storage of exported logs if used offline. No known security audit or third-party penetration test data provided in the README.
Alternatives to consider
Kubernetes Dashboard
Built-in Kubernetes web UI; covers real-time cluster state but lacks deep historical log analysis and timeline visualization.
Commercial platforms (Datadog, New Relic, Grafana Cloud)
Full observability stacks with real-time monitoring, alerting, traces, logs, and metrics; higher cost but broader feature set for production environments.
kubectl + jq / manual audit log parsing
Free and requires no new tooling but labor-intensive; suitable only for very small teams or one-off analyses.
Build on khi with DEV.co software developers
Deploy KHI in minutes—no agents required. Visualize Kubernetes audit logs as interactive timelines to resolve incidents faster.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
khi FAQ
Can I use KHI on a non-Google Cloud Kubernetes cluster?
Does KHI require any agents or sidecar deployments?
What happens if I expose KHI on the internet?
How far back in time can I analyze?
Software development & web development with DEV.co
Adopting khi is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source observability software in production.
Simplify Kubernetes Troubleshooting with KHI
Deploy KHI in minutes—no agents required. Visualize Kubernetes audit logs as interactive timelines to resolve incidents faster.