Is Popeye — Kubernetes Cluster Sanitizer free to use?

Yes. Popeye — Kubernetes Cluster Sanitizer is freely available on TokRepo. Check the Source & Thanks section on the asset page for the specific open-source license.

How do I install Popeye — Kubernetes Cluster Sanitizer?

Visit the asset page on TokRepo and click "Copy for agent" to get the installation instructions. Most assets can be installed with a single command.

ScriptsApr 16, 2026·3 min read

Popeye — Kubernetes Cluster Sanitizer

Scan your live Kubernetes cluster for resource issues, misconfigurations, and best practice violations. Popeye reports problems before they become outages.

Script Depot · Community

TL;DR

Popeye scans live Kubernetes clusters for misconfigurations and reports issues before outages.

§01

What it is

Popeye is a command-line utility that scans a live Kubernetes cluster and reports potential issues with deployed resources. It checks for misconfigurations, unused resources, port mismatches, dead references, and violations of best practices. Think of it as a linter for your running cluster rather than for your YAML files.

Popeye targets Kubernetes operators, SREs, and DevOps engineers who want a quick health check of their clusters without setting up a full policy engine like OPA or Kyverno.

§02

How it saves time or tokens

Popeye runs a comprehensive scan in seconds and produces a color-coded report that highlights issues by severity. Instead of manually inspecting each namespace, deployment, and service for problems, you get an immediate overview of what needs attention. This is especially valuable after cluster upgrades, migrations, or when onboarding a new team to an inherited cluster.

For AI-assisted operations, Popeye's structured output (JSON, YAML, or HTML) can be fed to an LLM for automated triage and remediation suggestions.

§03

How to use

Install Popeye: brew install derailed/popeye/popeye on macOS, or download the binary from GitHub releases. It uses your current kubeconfig context.
Run popeye to scan all namespaces. Use popeye -n my-namespace to scope the scan to a specific namespace.
Review the report. Each resource gets a grade (OK, Info, Warning, Error). Focus on Error and Warning items first.

§04

Example

# Scan the entire cluster
$ popeye

# Output (abbreviated):
# GENERAL [B]
#   Connectivity...................OK
#   k8s Version....................OK
#
# DEPLOYMENTS (default) [C]
#   web-api
#     Container web-api
#       [W] No resource limits defined
#       [W] No liveness probe defined
#       [I] No readiness probe defined
#
# SERVICES (default) [A]
#   web-api-svc....................OK

# Export as JSON for programmatic analysis
$ popeye -o json > cluster-report.json

The letter grades (A through F) give you an instant sense of cluster health at a glance.

§05

Related on TokRepo

DevOps tools — Tools for infrastructure management and operations
Monitoring tools — Observability and alerting solutions

§06

Common pitfalls

Popeye needs read access to cluster resources. Ensure your kubeconfig has sufficient RBAC permissions for the namespaces you want to scan.
Some warnings are intentional in your environment (e.g., no resource limits on development namespaces). Use a Spinach configuration file to suppress known false positives.
Popeye scans the live cluster state, not your YAML manifests. It catches runtime issues that static analysis tools miss, but does not replace pre-deploy validation.

Frequently Asked Questions

Does Popeye modify anything in the cluster?+

No. Popeye is read-only. It scans resources and generates reports but never creates, modifies, or deletes any Kubernetes resources. It is safe to run in production environments.

How does Popeye differ from kube-score?+

kube-score analyzes static YAML manifests before deployment. Popeye scans the live running cluster. They are complementary: kube-score catches issues pre-deploy, Popeye catches runtime drift, unused resources, and cross-resource mismatches.

Can I run Popeye in CI/CD pipelines?+

Yes. Popeye supports JSON and JUnit output formats. You can run it as a post-deployment step to verify cluster health and fail the pipeline if critical issues are found. Set a minimum grade threshold with the --min-score flag.

What resources does Popeye scan?+

Popeye scans deployments, statefulsets, daemonsets, services, pods, configmaps, secrets, PVCs, service accounts, ingresses, network policies, and more. Each resource type has specific checks for common misconfigurations.

Can I customize which checks Popeye runs?+

Yes. Popeye uses a configuration file called Spinach (spinach.yml) where you can exclude namespaces, suppress specific checks, adjust severity levels, and define custom thresholds for resource utilization warnings.

Citations (3)

Popeye GitHub— Popeye scans live Kubernetes clusters for resource issues
Popeye README— Spinach configuration file for customizing scans
Kubernetes Documentation— Kubernetes best practices for resource limits and probes

Related on TokRepo

DevOps tools Monitoring tools Security tools

Discussion

No comments yet. Be the first to share your thoughts.

Popeye — Kubernetes Cluster Sanitizer

What it is

How it saves time or tokens

How to use

Example

Related on TokRepo

Common pitfalls

Frequently Asked Questions

Citations (3)

Related on TokRepo

Discussion

Related Assets

NAPI-RS — Build Node.js Native Addons in Rust

Mamba — Fast Cross-Platform Package Manager

Plasmo — The Browser Extension Framework