Governed Kubernetes operations for AI agents with a built-in governance harness (audit, budget, undo, risk tiers)
Project description
k8s-aiops (preview)
Disclaimer: This is a community-maintained open-source project and is not affiliated with, endorsed by, or sponsored by the Cloud Native Computing Foundation, the Kubernetes project, or k3s/Rancher. "Kubernetes" and "k3s" are trademarks of their respective owners. Source code is publicly auditable at github.com/AIops-tools/K8s-AIops under the MIT license.
Governed Kubernetes operations for AI agents — 15 MCP tools, every one wrapped
with the bundled @governed_tool harness: a local unified audit log under
~/.k8s-aiops/, policy engine, token/runaway budget guard, undo-token recording, and
graduated-autonomy risk tiers.
Standalone: the governance harness is bundled in the package (
k8s_aiops.governance) — k8s-aiops has no external skill-family dependency. Preview: common cluster operations, not yet exhaustive.
What works
Any cluster a kubeconfig can reach: standard Kubernetes, k3s, EKS, GKE, AKS, kind, minikube. Authentication (client certs, tokens, EKS/GKE/AKS exec plugins) is delegated entirely to the kubeconfig.
Quick Start
uv tool install k8s-aiops
# Uses your current kube-context out of the box:
k8s-aiops doctor
k8s-aiops pod list
k8s-aiops deployment list -n default
To define named targets (multiple clusters/contexts), create
~/.k8s-aiops/config.yaml:
targets:
- name: prod # used as -t prod
context: prod-eks # a context in your kubeconfig (omit for current-context)
namespace: default # optional default namespace
# kubeconfig: /path/to/alt/kubeconfig # optional explicit path
- name: lab
context: k3s-lab
No secrets live in this file — credentials come from the kubeconfig.
MCP
{
"command": "k8s-aiops",
"args": ["mcp"],
"env": { "K8S_AIOPS_CONFIG": "~/.k8s-aiops/config.yaml" }
}
Audit & Safety
- Every tool call is logged to
~/.k8s-aiops/audit.db(local SQLite; relocate withK8S_AIOPS_HOME). - Reversible writes record an inverse undo descriptor (
scale_deployment→ scale-back to previous;cordon_node↔uncordon_node). delete_deploymentisrisk_level=high; CLI destructive commands require double confirmation and support--dry-run.- All API text passes through
sanitize()(prompt-injection defense).
See skills/k8s-aiops/SKILL.md and SECURITY.md for details.
Companion Skills
| If you want… | Use |
|---|---|
| Kubernetes pods / deployments / nodes | k8s-aiops (this) |
| Hypervisor VM lifecycle | a hypervisor ops skill |
| Backup & restore | a backup ops skill |
License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file k8s_aiops-0.1.0.tar.gz.
File metadata
- Download URL: k8s_aiops-0.1.0.tar.gz
- Upload date:
- Size: 50.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d7c537fd8873f4ca7e26791b9ccfff02651ff32e874188ca144f7228c9ae21f6
|
|
| MD5 |
d0fbb9cb8315063f0d798e2bafef345d
|
|
| BLAKE2b-256 |
0100055e03061a8b87994f99173a3546f91a25374ba8e7d635a6e8e30479e1eb
|
File details
Details for the file k8s_aiops-0.1.0-py3-none-any.whl.
File metadata
- Download URL: k8s_aiops-0.1.0-py3-none-any.whl
- Upload date:
- Size: 57.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2552838915d31183014d5dba8f5b8dfb7c76a090a55b8c5043fa6a65f152f173
|
|
| MD5 |
e47c1951c20ed8ccecac4bbf8eb0a3e1
|
|
| BLAKE2b-256 |
97da9cea8c4cbc35c564ebfecffa987ab9e95016c7071c1b2af32f477f9bce48
|
