Kube-pilot – AI engineer that lives in your Kubernetes cluster

Name: Kube-pilot – AI engineer that lives in your Kubernetes cluster
Availability: InStock
Author: noobernetes

by noobernetes·Mar 14, 2026·2 points·0 comments

Visit Project View on HN

AI Analysis

●●SolidBold BetBig BrainShip It

Autonomous agent inside Kubernetes handles code, builds, and ArgoCD deploys directly from GitHub issues.

Strengths

•GitOps safety model ensures all changes are auditable and reversible via ArgoCD.
•Leverages Tekton and Kaniko for builds instead of relying on external CI.
•Vault integration prevents agent from touching raw credentials via ExternalSecret object references.

Weaknesses

•Explicitly labeled proof of concept with rough edges and missing Slack integrations.
•Autonomous deployment loops risk causing production outages without mandatory human approval gates.

Post Description

I built kube-pilot — an autonomous AI agent that runs inside your Kubernetes cluster and does the full dev loop: writes code, builds containers, deploys services, verifies they're healthy, and closes the ticket. You file a GitHub issue, it does the rest.

What makes this different from AI coding tools: kube-pilot doesn't just generate code and hand it back to you. It lives inside the cluster with direct access to the entire dev stack — git, Tekton (CI/CD), Kaniko (container builds), ArgoCD (GitOps deployments), kubectl, Vault. Every tool call produces observable state that feeds into the next decision. The cluster isn't just where code runs — it's where the agent thinks.

The safety model: all persistent changes go through git, so everything is auditable and reversible. ArgoCD is the only thing that writes to the cluster. Secrets stay behind Vault — the agent creates ExternalSecret references, never touches raw credentials. Credentials are scrubbed before reaching the LLM.

Live demo: I filed GitHub issues asking it to build a 4-service office suite (auth, docs API, notification worker, API gateway). It built and deployed all of them autonomously. You can see the full agent loop — code, builds, deploys, verification, comments — on the closed issues:

- https://github.com/fbongiovanni29/clouddesk-auth-service/iss... - https://github.com/fbongiovanni29/clouddesk-docs-api/issues/... - https://github.com/fbongiovanni29/clouddesk-notifications-wo... - https://github.com/fbongiovanni29/clouddesk-web-gateway/issu...

One helm install gives you everything — the agent, Gitea (git + registry), Tekton, ArgoCD, Vault, External Secrets. No external dependencies.

Coming next: Slack and Jira integrations (receive tasks and post updates where your team already works), Prometheus metrics and Grafana dashboards for agent observability, and Alertmanager integration so firing alerts automatically become issues that kube-pilot investigates and fixes.

Early proof of concept. Rough edges. But it works.