Kubernetes Operations
Skyflo exposes 22 typed Kubernetes tools via MCP. All read operations auto-execute. All mutating operations require explicit approval before execution.
Workflow: Discovery
List namespaces, resources, nodes, and events. Context-aware filtering by namespace, label selector, and field selector.
| Operation | Purpose |
|---|---|
| List namespaces | Enumerate namespaces with optional label/field filters |
| List resources | List pods, deployments, services, configmaps, secrets by type |
| List nodes | Cluster nodes with status and capacity |
| List events | Namespace or cluster-wide events for troubleshooting |
Use discovery to scope the agent's view. "What pods are failing in production?" starts with listing pods in the production namespace, filtered by status.
Workflow: Inspection
Get and describe resources, view pod logs, exec into containers. No approval required.
| Operation | Purpose |
|---|---|
| Get resource | Fetch a specific resource by name |
| Describe resource | Full describe output for debugging |
| Pod logs | Stream or tail logs from a pod |
| Exec | Run a command inside a container (treated as read-only by default, depends on command executed) |
Inspection answers "what is wrong?" before proposing changes. The agent can read logs, describe a failing pod, and exec to run diagnostics before suggesting a fix.
Workflow: Mutations (Approval-Gated)
Apply manifests, scale deployments, restart rollouts, cordon/uncordon nodes, drain nodes, delete resources. Every mutation pauses for explicit approval.
| Operation | Purpose |
|---|---|
| Apply | Apply manifests with dry-run render + manifest comparison before execution. |
| Scale | Scale deployments, statefulsets, replicasets |
| Restart rollout | Restart deployments (rolling restart) |
| Cordon/uncordon | Mark nodes unschedulable or schedulable |
| Drain | Evict pods from a node before maintenance |
| Delete | Remove resources (destructive, flagged) |
The agent runs a dry-run, renders the manifest comparison, and waits for approval before applying.
Workflow: Rollback
View rollout history and rollback to previous revisions. Approval-gated.
| Operation | Purpose |
|---|---|
| Rollout history | List revisions for a deployment |
| Rollback | Revert to a previous revision |
"Rollback the frontend to the previous version" triggers a rollout history lookup, then a rollback proposal. You approve or deny.
Example Workflows
"What pods are failing in production?"
- Agent lists pods in production namespace with status filter.
- Identifies CrashLoopBackOff or Error pods.
- Describes pods and fetches logs.
- Summarizes root cause. No approval needed (read-only).
"Scale the payment service to 5 replicas"
- Agent finds the deployment.
- Proposes scale operation with before/after replica count.
- Pauses for approval.
- Executes on approval. Verifies replica count matches intent.
"Rollback the frontend to the previous version"
- Agent fetches rollout history.
- Proposes rollback to previous revision.
- Pauses for approval.
- Executes on approval. Verifies rollout status.
Safety Summary
| Type | Approval | Notes |
|---|---|---|
| Discovery (list) | Auto | Read-only |
| Inspection (get, describe, logs) | Auto | Read-only |
| Exec | Auto | Treated as read-only by default; depends on command executed |
| Apply, scale, restart, cordon, uncordon | Required | Dry-run render + manifest comparison before apply |
| Drain, delete | Required | Destructive, flagged for extra caution |