Skip to main content

A read-only Kubernetes natural-language CLI agent using LangGraph

Project description

k8agent — Kubernetes Natural-Language Agent (MVP)

k8agent is a read-only, session-safe CLI tool designed to help you interactively diagnose and query your Kubernetes clusters in natural language. It uses a LangGraph ReAct agent and LangChain to interface with Kubernetes clusters.

Features

  • Secure Session-Only Credentials: LLM keys and configurations are held strictly in memory.
  • Strict Read-Only Access: Never modifies cluster state (no delete, apply, patch, scale, etc.).
  • Namespace Allowed List: Restricts the LLM agent to a user-approved set of namespaces.
  • Evidence-Gathering Agent: Calls tools in sequence (e.g. list pods -> check logs) before coming to a conclusion.

1. Quick Start

Prerequisites

  • Python 3.11+
  • A working Kubernetes context configured in ~/.kube/config

Installation

Clone the repository and install the dependencies:

# Initialize a virtual environment
python -m venv .venv
.\.venv\Scripts\activate

# Install the package in editable mode
pip install -e .[dev]

Starting the REPL

k8agent
# Or alternatively
python -m k8agent.cli

2. Configuring RBAC (Recommended Security Boundary)

To restrict the agent to read-only actions and specific namespaces, apply the provided template.

  1. Customize the template: Open k8s/rbac-template.yaml and replace {{NAMESPACE}} with the namespace you wish to grant access to (e.g. default).

  2. Apply the template:

    kubectl apply -f k8s/rbac-template.yaml
    
  3. Generate Kubeconfig for the ServiceAccount: Use the following commands to create a temporary token and generate a dedicated kubeconfig context pointing to this ServiceAccount:

    # Create a token for the ServiceAccount
    kubectl create token k8agent-sa --namespace=<YOUR_NAMESPACE>
    

    You can then configure this token in a separate kubeconfig file to guarantee the cluster-side RBAC boundary.


3. Tool Reference

The agent has access to the following explicit list of tools:

  • list_allowed_namespaces: Get the namespace scope of the current session.
  • list_pods: Get names, status, and restart counts.
  • describe_pod: Get detailed container statuses and conditions.
  • get_pod_logs: Retrieve container logs (supports tail_lines and previous).
  • list_deployments: View desired vs ready replicas.
  • describe_deployment: View rolling status and conditions.
  • list_services: View type, cluster IP, and ports.
  • list_events: View recent events sorted by last-seen.
  • list_configmaps: View names and keys only.
  • get_node_status: View node names and cluster resource conditions (cluster-scoped).

4. Running Tests

To run unit tests against a mocked Kubernetes API:

pytest tests/

5. Publishing to PyPI

To build and upload the package to PyPI so it can be installed globally via pip:

  1. Install build tools:

    pip install build twine
    
  2. Build the source and binary wheels:

    python -m build
    

    This generates .tar.gz and .whl files in the dist/ directory.

  3. Upload to PyPI:

    python -m twine upload dist/*
    

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

k8agent-0.1.0.tar.gz (14.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

k8agent-0.1.0-py3-none-any.whl (12.2 kB view details)

Uploaded Python 3

File details

Details for the file k8agent-0.1.0.tar.gz.

File metadata

  • Download URL: k8agent-0.1.0.tar.gz
  • Upload date:
  • Size: 14.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.6

File hashes

Hashes for k8agent-0.1.0.tar.gz
Algorithm Hash digest
SHA256 2450cea2072da3b73c888f6c0974c94cd9cb22e49066745557b2b74ebe2b87fe
MD5 0507f9e9d46bfc2efd686a4a2802fabd
BLAKE2b-256 ad100218b572a7e8988c064fa2b5e8d9a97577e5e9218d93eee2ec911ea8c010

See more details on using hashes here.

File details

Details for the file k8agent-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: k8agent-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 12.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.6

File hashes

Hashes for k8agent-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 5cb2c8aa3fd899ba94e8d91a9d6b8b6a1c6c161ad371ea7fcec6c62a2951ab4e
MD5 3d0784d1bb09c8509faff826346cabfa
BLAKE2b-256 facb7f51ff5d8cb811993907483e8aafbac558014b8539419fc43200bb93268c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page