CLI reference
Every subcommand and every flag of the kubehero binary.
The kubehero binary is a Go single-static binary. Install with brew install kubehero, apt install kubehero, or download from GitHub Releases.
Global flags
| Flag | Default | Description |
|---|---|---|
--cluster | Target cluster name. Falls back to current-context from kubeconfig. | |
--context | current | kubeconfig context to use. |
--output, -o | table | table, json, yaml, wide. |
--verbose, -v | Verbose logging. | |
--dry-run | true for mutating commands | Preview changes without applying. |
kubehero scan
Scan a cluster for rightsizing opportunities.
kubehero scan --cluster prod-us-east-1 --report waste
kubehero scan --report gpu| Flag | Values | Notes |
|---|---|---|
--report | waste · gpu · overcommit | Which signal to rank by. |
--namespace, -n | Narrow to a single namespace. | |
--since | 7d | Observation window (1h, 24h, 7d, 30d). |
kubehero rightsize
Recommend or apply rightsizing for a workload.
kubehero rightsize vectordb-ingress --dry-run=true
kubehero rightsize vectordb-ingress --dry-run=false| Flag | Default | Notes |
|---|---|---|
--dry-run | true | When false, mutates the workload. Safety caps from the matching RightsizingPolicy still apply. |
--target-utilization | policy | Override targetUtilization for this call. |
kubehero apply
Apply a BudgetPolicy, CeilingPolicy, or RightsizingPolicy from a YAML file.
kubehero apply -f policies/prod-budget.yamlkubehero cap --arm
Arm a CeilingPolicy so its escalation plan can execute when triggered. No-op if the policy already has humanArm: false.
kubehero cap --arm --policy prod-monthly-ceilingkubehero undo
Reverse the last action for an audit-log entry, within the cooldown window (default 10 minutes).
kubehero undo <audit-id>