Skip to main content
InfraAudit treats Kubernetes clusters as a first-class provider type alongside AWS, GCP, and Azure. Connect a cluster to browse deployments, pods, services, and namespaces — and run drift detection and vulnerability scanning against your Kubernetes workloads.

Connecting a cluster

1

Open Cloud Providers

In the sidebar, click Cloud Providers.
2

Choose Kubernetes

Click Connect provider → Kubernetes.
3

Upload your kubeconfig

Upload a kubeconfig file or paste its contents into the form. Give the cluster a display name.
4

Connect

Click Connect. InfraAudit reads the active context in the kubeconfig and connects to that cluster.
If you have multiple clusters to register, connect each one separately. Minimum RBAC permissions: 
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: infraudit-reader
rules:
  - apiGroups: ["", "apps", "batch"]
    resources:
      - deployments
      - pods
      - services
      - namespaces
      - replicasets
      - daemonsets
      - statefulsets
      - jobs
      - cronjobs
    verbs: ["get", "list", "watch"]
The service account or user in the kubeconfig should be read-only. Via CLI: 
infraudit kubernetes register --kubeconfig ~/.kube/config --name production

What InfraAudit collects

After connecting a cluster, InfraAudit syncs the following workload data:
ViewWhat’s shown
ClustersAll registered clusters with health status and resource counts
NamespacesNamespaces per cluster with pod counts
DeploymentsDeployments across all clusters with replica status
PodsIndividual pods with status, namespace, and node assignment
ServicesClusterIP, NodePort, and LoadBalancer services
All Kubernetes resources appear in the main Resources and inventory view alongside your cloud resources, and can be filtered by cluster.

Drift detection for Kubernetes

InfraAudit detects two types of Kubernetes drift: Baseline snapshots — InfraAudit captures a baseline of your workloads on first sync. Subsequent scans flag configuration changes including:
  • Image tag changes (e.g. nginx:1.24nginx:latest)
  • Replica count changes made outside of a deployment rollout
  • Resource limits removed or modified
  • Environment variables added or changed
Manifest uploads — upload a Kubernetes YAML manifest via IaC in the sidebar. InfraAudit parses it and compares the declared configuration against the live cluster state to detect IaC drift.

Vulnerability scanning for Kubernetes

For Kubernetes workloads, Trivy scans the container images referenced in your pods and deployments. Trigger a scan: 
infraudit vuln scan --provider <kubernetes-cluster-id>
Or configure the scheduled vulnerability_scan job under Jobs to run against your Kubernetes providers automatically.

Multi-cluster management

InfraAudit shows a unified view across all registered clusters. Use the Cluster dropdown at the top of any workload view to filter by cluster.

CLI reference

# List registered clusters
infraudit kubernetes clusters

# List namespaces for a cluster
infraudit kubernetes namespaces --cluster <cluster-id>

# List deployments
infraudit kubernetes deployments --cluster <cluster-id>

# List pods in a specific namespace
infraudit kubernetes pods --cluster <cluster-id> --namespace production

# List services
infraudit kubernetes services --cluster <cluster-id>

Next steps