# Radar > Documentation for Radar - the open-source Kubernetes visibility tool, and Radar Cloud, the hosted multi-cluster control plane. By Skyhook. ## Docs - [Audit log](https://radarhq.io/docs/cloud/audit-log.md): Org-scoped activity log. Every mutation - cluster CRUD, member ops, billing, auth, PAT lifecycle - is recorded with actor, IP, and metadata. JSON or CSV export. - [Billing & plans](https://radarhq.io/docs/cloud/billing.md): Three plans - Free, Team, Enterprise. Per-cluster pricing on Team, customer Stripe portal, prorated subscriptions. - [Cluster token rotation](https://radarhq.io/docs/cloud/cluster-token.md): Cluster install tokens are bearer credentials. Rotate them when an operator leaves, when a value file leaks, or as part of routine hygiene. - [Connecting a cluster](https://radarhq.io/docs/cloud/connect-cluster.md): Install Radar in your Kubernetes cluster, what each Helm value does, RBAC scope, and how to verify the connection. - [Fleet views](https://radarhq.io/docs/cloud/fleet-views.md): Cross-cluster aggregates - problems, search, audit checks, and package drift across every cluster connected to your org. - [Members & invitations](https://radarhq.io/docs/cloud/members.md): Invite members by email, set their role, and use domain auto-join so the right people land in your org without explicit invites. - [Notifications](https://radarhq.io/docs/cloud/notifications.md): Personal email preferences, the in-app inbox, and org-level Slack / generic webhook destinations for cluster, member, and billing events. - [Organizations & roles](https://radarhq.io/docs/cloud/organizations.md): Organizations are the tenant boundary in Cloud - they own clusters, members, billing, and audit. Three roles: owner, member, viewer. - [Radar Cloud overview](https://radarhq.io/docs/cloud/overview.md): How Radar Cloud is built - the hosted control plane, the in-cluster Radar pod, the tunnel, and what stays in your cluster vs. what goes to the cloud. - [Personal access tokens](https://radarhq.io/docs/cloud/personal-access-tokens.md): Mint per-user PATs for AI clients (Claude, Cursor, Claude Code) and CI scripts. Org-pinned at mint time, SHA-256 hashed at rest, revocable any time. - [RBAC under Cloud mode](https://radarhq.io/docs/cloud/rbac.md): How a Cloud user's role becomes a Kubernetes identity. The cloud:owner / cloud:member / cloud:viewer groups, the X-Forwarded-* headers, and how to override the default ClusterRoleBindings. - [SSO (SAML / OIDC)](https://radarhq.io/docs/cloud/sso.md): Self-serve SAML and OIDC setup via the WorkOS Admin Portal. Owner-only. Once configured, users in your IdP authenticate without going through email magic-link. - [Authentication](https://radarhq.io/docs/configuration/authentication.md): Radar's two auth modes - proxy headers and OIDC. Both use Kubernetes impersonation so per-user RBAC governs every action. - [CLI flags](https://radarhq.io/docs/configuration/cli.md): Every flag accepted by the radar / kubectl-radar binary, including auth, MCP, timeline storage, and Radar Cloud integration flags. - [Configuration files](https://radarhq.io/docs/configuration/files.md): Where Radar stores defaults and preferences, kubeconfig precedence, and how to switch between clusters and contexts. - [In-cluster deployment](https://radarhq.io/docs/configuration/in-cluster.md): Run Radar as a pod in your cluster for shared team access. Helm chart, ingress, RBAC opt-ins, and graceful permission degradation. - [Cluster audit](https://radarhq.io/docs/features/cluster-audit.md): Built-in best-practices scan covering security, reliability, and efficiency. Inspired by Polaris and the NSA / CISA Kubernetes hardening guide. Configurable ignore patterns. No extra installs. - [Cost insights](https://radarhq.io/docs/features/cost.md): OpenCost-powered cost breakdown by namespace, workload, and node. Auto-detected when OpenCost is installed in the cluster. - [Exec & port-forward](https://radarhq.io/docs/features/exec-and-portforward.md): Pod terminal, debug containers, port forwarding, and a local terminal pane - all gated by RBAC and disable-able per install. - [GitOps (Flux & Argo)](https://radarhq.io/docs/features/gitops.md): First-class Argo CD and Flux CD support - sync status, managed resource inventory, reconcile / sync / suspend / resume, and source updates. - [Helm management](https://radarhq.io/docs/features/helm.md): View installed Helm releases, inspect values and rendered manifests, upgrade, rollback, and uninstall - all without leaving Radar. - [Image filesystem](https://radarhq.io/docs/features/image-filesystem.md): Inspect a container image's filesystem without pulling it locally. Browse layers, search, and download files - over the OCI distribution spec, with the cluster's own pull credentials. - [Integrations](https://radarhq.io/docs/features/integrations.md): Argo, Flux, Cilium, Istio, Karpenter, KEDA, cert-manager, OpenCost, Prometheus, Trivy, Velero, Knative, and more - all detected at runtime, zero plugins required. - [Argo Rollouts](https://radarhq.io/docs/features/integrations/argo-rollouts.md): Argo Rollouts provides progressive delivery strategies including blue-green and canary deployments. - [Argo Workflows](https://radarhq.io/docs/features/integrations/argo-workflows.md): Argo Workflows is a container-native workflow engine for orchestrating parallel jobs on Kubernetes. - [cert-manager](https://radarhq.io/docs/features/integrations/cert-manager.md): cert-manager automates TLS certificate management - issuing, renewing, and revoking certificates from Let's Encrypt, Vault, Venafi, and other issuers. - [CloudNativePG](https://radarhq.io/docs/features/integrations/cloudnative-pg.md): CloudNativePG (CNPG) is the Kubernetes operator for PostgreSQL, covering the full lifecycle from bootstrapping to monitoring, with high availability, automated failover, and backup management. - [Cluster API (CAPI)](https://radarhq.io/docs/features/integrations/cluster-api.md): Cluster API is the Kubernetes sub-project for declarative cluster lifecycle management. Used by platform teams to provision and manage workload clusters. - [Contour](https://radarhq.io/docs/features/integrations/contour.md): Contour is a Kubernetes ingress controller using Envoy proxy, providing a powerful HTTPProxy CRD with route delegation, weighted routing, TLS termination, and TCP proxying. - [External Secrets Operator](https://radarhq.io/docs/features/integrations/external-secrets.md): External Secrets Operator (ESO) synchronizes secrets from external providers (AWS Secrets Manager, HashiCorp Vault, Azure Key Vault, GCP Secret Manager, and more) into Kubernetes Secrets. - [Gateway API](https://radarhq.io/docs/features/integrations/gateway-api.md): Gateway API is the next-generation Kubernetes networking API, replacing Ingress with more expressive routing, traffic splitting, and multi-tenant support. - [GitOps](https://radarhq.io/docs/features/integrations/gitops-flux-argo.md): See the main README for GitOps integration details. - [Istio](https://radarhq.io/docs/features/integrations/istio.md): Istio is the most widely adopted service mesh, providing traffic management, security (mTLS), and observability for microservices. - [Karpenter](https://radarhq.io/docs/features/integrations/karpenter.md): Karpenter is the standard node autoscaler for Kubernetes, replacing Cluster Autoscaler on AWS (EKS), Azure (AKS NAP), and generic clusters. - [KEDA](https://radarhq.io/docs/features/integrations/keda.md): KEDA (Kubernetes Event-Driven Autoscaling) is a CNCF graduated project that scales workloads based on external event sources - queues, streams, cron schedules, Prometheus metrics, and 60+ other triggers. - [Knative](https://radarhq.io/docs/features/integrations/knative.md): Knative extends Kubernetes with serverless capabilities: scale-to-zero, request-driven autoscaling, event-driven architectures, and simplified service deployment. - [Kyverno](https://radarhq.io/docs/features/integrations/kyverno.md): Kyverno is a Kubernetes-native policy engine for validation, mutation, generation, and image verification - no new language required, policies are written as Kubernetes resources. - [Network Policies](https://radarhq.io/docs/features/integrations/network-policies.md): Network Policies control pod-to-pod and pod-to-external traffic at the network level. Radar supports standard Kubernetes NetworkPolicy as well as Cilium's CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy CRDs, providing visibility... - [OpenCost](https://radarhq.io/docs/features/integrations/opencost.md): OpenCost is a CNCF tool for Kubernetes cost monitoring, exposing cloud provider pricing and workload resource allocation as Prometheus metrics. - [Prometheus Operator](https://radarhq.io/docs/features/integrations/prometheus.md): Prometheus Operator simplifies Prometheus setup on Kubernetes, providing CRDs for defining monitoring targets, alerting rules, and scrape configurations declaratively. - [Bitnami Sealed Secrets](https://radarhq.io/docs/features/integrations/sealed-secrets.md): Sealed Secrets encrypts Kubernetes Secrets so they can be safely stored in Git. The controller decrypts them in-cluster at deploy time. - [Traefik](https://radarhq.io/docs/features/integrations/traefik.md): Traefik is a modern reverse proxy and ingress controller for Kubernetes, with dynamic configuration, middleware chains, and advanced traffic management via CRDs. - [Trivy Operator](https://radarhq.io/docs/features/integrations/trivy.md): Trivy Operator continuously scans your cluster for vulnerabilities, misconfigurations, exposed secrets, and license compliance issues. - [Velero](https://radarhq.io/docs/features/integrations/velero.md): Velero provides backup and restore capabilities for Kubernetes cluster resources and persistent volumes. - [Vertical Pod Autoscaler (VPA)](https://radarhq.io/docs/features/integrations/vpa.md): VPA automatically adjusts CPU and memory requests/limits for pods based on observed usage. - [AI via MCP](https://radarhq.io/docs/features/mcp.md): Built-in Model Context Protocol server. Token-optimized cluster context for Claude, Cursor, Claude Code, Windsurf, VS Code Copilot, and any other MCP-aware AI tool. - [Resource browser](https://radarhq.io/docs/features/resources.md): Table view of every Kubernetes resource - smart columns per kind, search, filter, drill-down, and direct YAML edit. - [Event timeline](https://radarhq.io/docs/features/timeline.md): Unified, queryable timeline of cluster events and resource changes. Memory or SQLite storage, scoped per resource or cluster-wide. - [Topology view](https://radarhq.io/docs/features/topology.md): Interactive graph of every resource in your cluster and how they're connected - workloads, services, ingresses, traffic flows, and integration-aware edges from Argo, Flux, Karpenter, and more. - [Traffic visualization](https://radarhq.io/docs/features/traffic.md): Live request flows on the topology graph from Hubble (Cilium), Caretta, or Istio - auto-detected, no extra config. - [Radar documentation](https://radarhq.io/docs/index.md): Install and operate Radar - the open-source Kubernetes visibility tool, and Radar Cloud, the hosted multi-cluster control plane. - [Install Radar (local)](https://radarhq.io/docs/install.md): Install the Radar CLI or desktop app to run Radar against any cluster reachable from your kubeconfig. No account, no in-cluster install, no cloud. - [OSS vs Cloud](https://radarhq.io/docs/oss-vs-cloud.md): How Radar OSS and Radar Cloud differ - features, deployment model, and when to pick which. - [Quickstart with Radar Cloud](https://radarhq.io/docs/quickstart-cloud.md): Sign up, create an organization, install Radar in your cluster with one Helm command, and start using fleet views. - [HTTP API](https://radarhq.io/docs/reference/api.md): Radar's HTTP API - the same surface the UI uses. Listed by area, with notes on Cloud-tunnel access. - [Keyboard shortcuts](https://radarhq.io/docs/reference/keyboard-shortcuts.md): Every keybinding in the Radar UI - view switching, navigation, search, topology, and more. Identical between OSS and Cloud. ## OpenAPI Specs - [openapi](https://radarhq.io/docs/api-reference/openapi.json) ## Optional - [radarhq.io](https://radarhq.io) - [GitHub](https://github.com/skyhook-io/radar) - [Open app](https://app.radarhq.io) - [Discord](https://radarhq.io/community/chat) - [Community](https://radarhq.io/community)