Skip to main content

Agent Capabilities

The Kubernetes Agent (k8s-autopilot) acts as both an Expert Architect (Writer) and a Reliable Operator (Manager), bridging the gap between abstract requirements and running infrastructure. As of v0.3.0, it also includes a dedicated ArgoCD onboarding sub-agent for safe GitOps operations.

🏗ī¸ 1. Helm Chart Generation (The Architect)​

The agent doesn't just "write YAML"; it architects solutions through a rigorous Planning → Generation → Validation pipeline.

Intelligent Planning​

  • Gap Detection: Automatically identifies missing critical information (e.g., "You didn't specify a container port") and interviews the user to fill gaps.
  • Complexity Analysis: Classifies requests (Simple/Medium/Complex) to determine the necessary resource depth (e.g., needing HPA vs. simple Deployment).
  • Architecture Design: Selects the right workload pattern (Deployment vs. StatefulSet) based on application semantics (stateless vs. stateful).

Orchestrated Generation​

  • Multi-File Assembly: Generates a complete chart structure (Chart.yaml, values.yaml, templates/*.yaml) in one go.
  • Dependency Management: Understands resource dependencies (e.g., Service must exist before Ingress references it).
  • Best Practices: Applies industry standards by default (e.g., Bitnami-style _helpers.tpl, resource limits, liveness probes).

Validation & Self-Healing​

  • Triple-Check Validation:
    1. Lint: Generic syntax checking.
    2. Template: Verifies logic flow and variable interpolation.
    3. Dry-Run: Checks server-side compatibility against the live cluster.
  • Autonomous Self-Healing: If validation fails (e.g., "Indent error on line 42"), the agent automatically fixes the file and retries without pestering the user.

🕹ī¸ 2. Helm Management (The Operator)​

The agent manages the lifecycle of applications with a "Safety First" philosophy, using a Dual-Path Architecture.

Discovery & Context​

  • Smart Search: Finds charts across multiple repositories (Bitnami, internal, etc.).
  • State Inspection: Checks if a release already exists to switch automatically between "Install" and "Upgrade" modes.
  • Schema Analysis: Reads values.schema.json to understand valid configuration options.

Safe Execution Pipeline​

For every state-changing operation (Install/Upgrade/Uninstall), the agent enforces a 5-Phase Safety Pipeline:

  1. Discovery: Gather facts.
  2. Values Confirmation: Show user the diff between "Current" and "Proposed" config.
  3. Planning: Generate a detailed execution plan.
  4. Approval: Wait for explicit human sign-off ("The Nuclear Button").
  5. Execution: Perform the atomic Helm operation.

Lifecycle Management​

  • Atomic Upgrades: Uses helm upgrade --atomic to ensure automatic rollback on failure.
  • Instant Rollback: Can revert to any previous revision if an upgrade introduces bugs.
  • Release History: Audits the deployment timeline to understand evolution.

🧭 3. ArgoCD Onboarding Operations (GitOps Operator)​

The ArgoCD onboarding sub-agent manages projects, repositories, and applications with human-in-the-loop safety.

What it can do​

  • Projects: Create / get / list / update / delete ArgoCD projects.
  • Repositories: List / get / onboard (HTTPS/SSH) / delete repositories.
  • Applications: List / get / create / update / delete, sync apps, preview diffs, check sync status.
  • Debug: Fetch application logs and events when troubleshooting.

Safety & Workflow Guarantees​

  • Plan Preview: Shows a human-friendly plan before any state changes.
  • Prerequisite Validation: Always checks project/repo/app state via MCP before acting.
  • Deterministic HITL Gates: Approval interrupts for risky operations (create/delete/sync).
  • Exact-Name Confirmation: Required for destructive deletes.

🔍 4. Troubleshooting & Observability​

The agent acts as a Level-1 SRE to diagnose cluster issues.

Diagnosis​

  • Log Correlation: Fetches logs from crashing pods and correlates them with Kubernetes Events to find root causes (e.g., OOMKilled vs. Application Error).
  • Resource Inspection: Deep-dives into Pod/Node descriptions to find scheduling bottlenecks or quota limits.

Remediation​

  • Actionable Advice: Doesn't just dump logs; analyzes them to suggest fixes (e.g., "Increase memory limit by 20%").
  • Safe Exploration: Uses read-only tools to explore the cluster without risk of breaking production.

🛡ī¸ Security & Governance​

CapabilityDescription
RBAC-AwareOperates strictly within the permissions of its Service Account.
Secret ManagementCan generate and manage Kubernetes Secrets (Opaque, DockerRegistry).
Network IsolationCapable of generating NetworkPolicy resources for traffic control.
Approval GatesHuman-In-The-Loop (HITL) is enforced hard-coded in the middleware for any destructive action.

🔌 Integration Ecosystem​

The agent extends its reach via MCP (Model Context Protocol).

  • ArgoCD Integration: Manages projects, repos, and apps via ArgoCD MCP with approval gates.
  • GitOps Ready: Can commit generated charts to Git repositories instead of applying them directly.
  • Helm Ecosystem: Compatible with any standard Helm Chart repository.