# KubeViz

No-Node Kubernetes manifest visualizer built with Go + server-rendered HTML (HTMX + Alpine.js).

## Features

- Upload one or more Kubernetes manifest files, or paste YAML/JSON text
- Import manifests directly from a Git repository path
- Render Helm charts directly from Git repositories (`helm template`) and visualize output
- Parse multi-document manifests and `List.items`
- Visual graph with resource relationships and details panel
- Grouping/collapsing by namespace or kind
- Security and validation checks (privileged containers, missing limits/requests, unresolved refs, selector mismatch, duplicates)
- Configurable checks in UI (enable/disable individual rules)
- Manifest diff between base and target states
- Supported first-class resources:
  - Deployment, StatefulSet, DaemonSet
  - Service, Ingress
  - ConfigMap, Secret
  - PersistentVolumeClaim
  - HorizontalPodAutoscaler
- Generic CRD/custom resource nodes
- Secret redaction (never exposes decoded secret values)
- Session-scoped in-memory dataset storage (no DB)
- SVG and PNG graph export endpoints

## Run locally

```bash
go run ./cmd/server
```

Open [http://localhost:8080](http://localhost:8080).

## Run locally with Docker

Build and run directly:

```bash
docker build -t kubeviz:local .
docker run --rm -p 8080:8080 \
  -e ADDR=:8080 \
  -e SESSION_TTL=30m \
  -e MAX_UPLOAD_SIZE=5242880 \
  -e COOKIE_SECURE=false \
  -e LOG_LEVEL=info \
  kubeviz:local
```

Optional Helm version override during build:

```bash
docker build --build-arg HELM_VERSION=v3.16.4 -t kubeviz:local .
```

Or with Compose:

```bash
docker compose up --build
```

Then open [http://localhost:8080](http://localhost:8080).

## Environment variables

- `ADDR` (default `:8080`)
- `SESSION_TTL` (default `30m`)
- `MAX_UPLOAD_SIZE` (bytes, default `5242880`)
- `COOKIE_SECURE` (`true`/`false`, default `true`)
- `APP_CSP_ENABLED` (`true`/`false`, default `true`) - disable when CSP is enforced by reverse proxy
- `GIT_ALLOWED_HOSTS` (CSV allowlist, default `github.com,gitlab.com,bitbucket.org`)
- `LOG_LEVEL` (default `info`)

## API endpoints

- `POST /api/manifests/parse`
- `POST /api/git/import`
- `POST /api/helm/render`
- `GET /api/graph`
- `POST /api/diff`
- `GET /api/resources/{id}`
- `GET /api/export/svg`
- `GET /api/export/png`
- `POST /api/session/clear`

## Test

```bash
GOCACHE=$(pwd)/.gocache go test ./...
```

## Deploy to Kubernetes

Manifests are in `deploy/k8s/`:

```bash
kubectl apply -f deploy/k8s/namespace.yaml
kubectl apply -f deploy/k8s/configmap.yaml
kubectl apply -f deploy/k8s/deployment.yaml
kubectl apply -f deploy/k8s/service.yaml
kubectl apply -f deploy/k8s/ingress.yaml
```

## Notes

- The built-in YAML parser is dependency-free and optimized for common Kubernetes manifest structures.
- v1 scope is visualization only (no apply/edit back to cluster).
- Container images use `dhi.io/golang:1.26` (builder and runtime) with a non-root runtime user.
- Runtime image includes `git` and `helm` for Git/Helm import endpoints.

## Deploy via Gitea (Podman + Quadlet on same VM)

- Workflow: `.gitea/workflows/deploy-kubeviz.yml`
- Script: `scripts/deploy-with-podman.sh`

Pipeline flow:
1. Build image locally on server with Podman
2. Tag as `localhost/kubeviz:prod`
3. Restart `kubeviz.service`

Use this in your Quadlet:

```ini
Image=localhost/kubeviz:prod
Pull=never
```