Services / KubeAudit

Know exactly what's wrong with your cluster

KubeAudit is a read-only assessment of your Kubernetes setup across security, reliability, cost, and compliance — returning a prioritised remediation plan. Findings and priorities, not changes.

Book a Call Next: KubeCare →
Read-only · Lifecycle stage 4 / 5
What we inspect

The breadth of the inspection

We examine every dimension that matters in production — then hand you a prioritised plan, not a flat list of complaints.

Prioritised Remediation Plan

Not just a list of findings — a prioritised plan with effort estimates so you know exactly what to fix first.

Security Posture Review

CIS benchmark assessment, RBAC audit, network policy review, secrets management evaluation, and supply chain analysis.

Reliability Assessment

HA configuration, resource requests/limits, PodDisruptionBudgets, HPA/VPA setup, and readiness/liveness probe review.

Cost & Efficiency Audit

Resource utilisation analysis, rightsizing opportunities, spot usage, and cluster autoscaler configuration review.

Storage & Networking Review

StorageClass configuration, PV/PVC sizing, CNI setup, ingress architecture, and service mesh evaluation.

Compliance Gap Analysis

Map your cluster against GDPR, SOC2, ISO27001, or industry-specific requirements. Know exactly what is missing.

How it runs

Read-only, no changes made

Three steps from read-only access to an agreed set of priorities. Safe to run against your live cluster.

01 / Step

Access

Read-only access to your cluster. No changes are made during the audit — safe to run on production.

02 / Step

Assessment

Two to five days of deep analysis across security, reliability, cost, and compliance.

03 / Step

Report & Debrief

Detailed findings with severity ratings and remediation guidance, walked through with your team until priorities are agreed.

The findings package

A prioritised punch-list, not a flat checklist

Every finding carries a severity and an effort estimate, ordered so the highest-impact fix sits at the top. This sample shows the shape — your report is built from your cluster.

Severity Area Finding Effort
P1 Security Cluster-admin RBAC over-granted; no network policies enforced. High
P2 Reliability No PodDisruptionBudgets; single-zone node distribution. Medium
P2 Cost Over-provisioned requests; no cluster autoscaler. Medium
P3 Compliance Audit logging incomplete for SOC2 evidence. Low

P1 = fix first · severities and effort estimates are advisory, scoped to your cluster.

Deliverables

What you walk away with

Four written artefacts, not a verbal summary: the security findings, the reliability gaps, the cost picture, and a roadmap that tells you what to fix first.

Prioritised remediation roadmap
01

Security Audit Report

CIS benchmark results, RBAC analysis, and CVE exposure assessment.

02

Reliability Gap Analysis

HA posture, single points of failure, and missing reliability patterns.

03

Cost Optimisation Report

Specific rightsizing recommendations with projected savings.

04

Remediation Roadmap

Prioritised action plan with effort estimates and quick wins highlighted.

Related services

Where this leads

KubeCare

Ongoing operations post-audit.

KubeDesign

Architecture from scratch.

Platform Engineering

Full platform rebuild.
KubeAudit

Find out exactly what's wrong.

Tell us about your cluster and we'll scope a read-only KubeAudit.

Book a Call Browse case studies →