// the find
KusionStack/karpor
Intelligence for Kubernetes. World's most promising Kubernetes Visualization Tool for Developer and Platform Engineering teams.
Karpor is a multi-cluster Kubernetes search and visualization tool that syncs resources across clusters into a searchable index (backed by Elasticsearch), adds compliance scanning via kubeaudit, resource topology views, and an AI layer for natural language queries and event diagnosis. It targets platform engineering teams managing multiple clusters across cloud providers. It's a CNCF sandbox project built in Go with a React frontend.
- The search architecture is well thought out: resources are synced into Elasticsearch with a custom query language (documented in design_docs/search_language.md), making cross-cluster queries actually fast rather than fan-out kubectl calls.
- Proper Kubernetes-native extension design — uses custom CRDs (SyncRegistry, SyncResources, TransformRule, TrimRule) with generated clientsets, informers, and listers rather than bolting on a sidecar-only approach.
- Resource topology graph that traces parent-child relationships across resource kinds (Pod → ReplicaSet → Deployment → Service, etc.) is genuinely useful and not something the standard dashboard provides.
- Multiple AI backend support (OpenAI, Azure OpenAI, DeepSeek, HuggingFace) with contextual diagnosis prompts — the prompt.go and diagnosis.go files show it actually injects real resource state rather than just passing user text.
- Hard Elasticsearch dependency is a significant operational burden — you can't run this without standing up and maintaining an ES cluster, and there's no alternative storage backend despite an interface abstraction that suggests one was planned.
- Still at v0.6.x with cost optimization listed as 'coming soon' — the feature surface feels unfinished, and the compliance scanning is limited to whatever kubeaudit covers with no way to plug in custom policy engines (OPA, Kyverno, etc.).
- Authentication story is thin: the default config ships anonymous RBAC and there's no built-in SSO/OIDC integration documented — for a multi-cluster tool that potentially has read access to all your clusters, this is a gap that will bite production adopters.
- Test coverage is spotty — unit tests exist for some manager packages but the infra/search/storage/elasticsearch layer has essentially no tests visible in the tree, which is exactly where query correctness bugs will hide.