// the find
doitintl/kube-no-trouble
Easily check your clusters for use of deprecated APIs
kubent scans your Kubernetes cluster (or Helm releases, or local manifests) for resources using deprecated or removed APIs, so you know what needs updating before you upgrade the control plane. It's a pre-upgrade sanity check tool, not a continuous auditor. Aimed at platform teams and anyone running Kubernetes upgrades with Helm-managed workloads.
OPA/Rego rules mean adding new deprecation rules is clean and doesn't require Go changes — just drop in a new .rego file. Auto-detection of the target cluster version is useful so you don't have to manually track what you're upgrading to. The --exit-error flag and JSON output make it straightforward to gate CI pipelines on deprecated API usage. Covers all three major resource sources (live cluster, Helm secrets, local files) in one pass.
Rules only go up to 1.32 — if you're tracking a cluster that's on a pre-release or the tool lags behind a release, you're flying blind. No support for ArgoCD or Flux manifests stored in Git; the 'file' collector works but you have to wrangle the file list yourself. The install script is a curl-pipe-to-sh with a note saying 'don't do this' immediately after — that's not a great look. Last-applied-configuration annotation approach means resources applied by tools that don't set that annotation (Crossplane, some operators) will be missed silently.