While MCP is a craze right now, we continue to simplify things with our Systems AI agent, which can now interact with and manage resources in Kubernetes clusters too. The Systems agent uses natural language to interact with any REST API and now supports those REST APIs that are not exposed to the internet. This is what we will explore in this post. This agent does not store any Kubernetes API token in MechCloud and instead relies on a proxy that you should run in your own network.

System AI agent is a game changer for Developers and DevOps engineers -

  • You need not to install any desktop application/cli (e.g. Lens, k9s) to explore k8s resources and deploy applications on a k8s cluster.
  • Use natural language instructions to query or deploy applications on a k8s cluster.
  • Use your own UI components to display data for an instruction as per your requirements. We will cover this in a separate post.
  • You can also create rich dashboards where you will be able to visualize your k8s resources in a way you want (e.g. displaying all resources of a namespace on a page instead of one page per resource type). We will cover this in a separate post.
  • A simple abstraction to deploy your applications on kubernetes will be released in coming weeks.

This AI agent is available free of cost for local/remote development environments.

In this post, we will see how you can use this agent to interact with a local Minikube cluster. We will use Minikube in this post, but you can also use any other Kubernetes distribution (e.g., MicroK8s, K3s, etc.).

🛠️ Install minikube

Ensure that minikube is installed in your local development environment. Next, start the kubectl proxy using the following command:

minikube kubectl -- proxy

The above command will start the kubectl proxy on localhost:8001.

🚀 Run MechCloud proxy

Before MechCloud can connect to your local Kubernetes API server, make sure the Kubernetes API is served on an HTTPS port and that CORS is configured correctly. We have created a Flask-based proxy to handle these requirements for the Kubernetes API server or any other API that does not meet these two conditions. This proxy is provided for convenience, but you are free to expose the Kubernetes API server (and other APIs) using a reverse proxy of your choice, as long as it is exposed on an HTTPS port and CORS is configured correctly.

Clone the proxy Git repository and follow the instructions in the README file to run it. Make sure the proxy.yaml file of this proxy includes the following entry before starting it.:

'/minikube/':
  url: http://127.0.0.1:8001/

If you want this proxy to connect to a secured Kubernetes API server with an SSL certificate signed by a well-known CA, you can use the following configuration:

'/k8s-1/':
  url: https:///
  token:

This will ensure that your API server is now available at the base URL https://127.0.0.1:6443/minikube. If the path in the proxy.yaml file is different, replace minikube with the correct path (e.g., k8s-1). We will need to use this base URL when creating a system account for the Kubernetes API server in MechCloud.

🔐 Create a system account for k8s api server

  • Log in to the MechCloud console.

  • Go to Infrastructure → System Accounts.

  • Choose a team from the dropdown menu.

  • Click the New System Account button.

  • Enter or select the following details:

    • Account - Enter a name for the account (e.g., Minikube).
    • System - Choose Kubernetes from the dropdown menu.
    • System Base URL - Enter https://127.0.0.1:6443/minikube in this field. Note that it should not have a trailing slash.
    • Private API - Make sure the flag is turned on. This means the API is only available on a private network and should be accessed from the MechCloud UI, not from the backend.

Image 1

  • Open the URL https://127.0.0.1:6443/minikube/version in the same browser where you are running the MechCloud application. You will see a certificate warning because we are using a self-signed certificate. Make sure to accept the self-signed certificate; otherwise, the MechCloud UI will not be able to communicate with the proxy.

🤖 Query resources in the your k8s server

  • Navigate to AI Agents → Systems Agent in the MechCloud console.

  • Select the team where you created a system account for your Kubernetes API server.

  • Choose Kubernetes from the System dropdown.

  • Select the account you created earlier from the System Account dropdown.

  • Enter a prompt and click the blue button on the right. Sample prompts include:

    • list all nodes
    • list namespaces
    • list services
    • list services in the default namespace

You can find a list of all supported resource types and operations here. We will be adding support for more operations and resource types in the coming days / weeks, so this URL will help you see what is supported at any time.

▶️ Demo

📊 Creating a dashboard for Kubernetes resources

Follow the instructions in https://dev.to/mechcloud/how-to-build-comprehensive-dashboards-for-your-saas-and-cloud-apps-5bol post but instead of adding four cards, just add one card using mc system info component and configure it to display one or more resource types from a Kubernetes cluster. E.g. you can create a dashboard using following prompt which will display nodes, namespaces and services for a k8s cluster -

list nodes
list namespaces
list services