Skip to main content

OpsWorker Kubernetes Agent

Overview

The OpsWorker Kubernetes Agent is a lightweight component that runs inside your Kubernetes cluster. It serves as OpsWorker's data collection layer — executing read-only commands to gather the information that AI agents need during investigations and chat sessions.

Key Characteristics

  • Single pod — Deployed via Helm chart into a dedicated opsworker namespace
  • Read-only — Only observes resources; never modifies cluster state
  • Outbound-only — Initiates all communication; no inbound ports required
  • Lightweight — Minimal resource footprint (~128MB RAM, ~100m CPU)
  • Secure — Authenticated via cluster token, communicates over TLS

Architecture

sequenceDiagram
    participant OW as OpsWorker Cloud
    participant SQS as AWS SQS
    participant Agent as K8s Agent (your cluster)
    participant API as Kubernetes API

    OW->>SQS: Send data collection command
    Agent->>SQS: Poll for commands (outbound HTTPS)
    Agent->>API: Execute read-only query
    API-->>Agent: Return data
    Agent->>SQS: Send results (outbound HTTPS)
    SQS-->>OW: Deliver collected data

The agent polls AWS SQS for commands from OpsWorker, executes them against the Kubernetes API, and returns results — all over outbound HTTPS connections.

What the Agent Does

During investigations and chat sessions, the agent:

  • Retrieves pod status, logs, and container details
  • Lists and describes deployments, services, ingresses
  • Reads Kubernetes events for incident timeline construction
  • Checks service endpoints for health status
  • Reads ConfigMap contents and Secret metadata (not values)
  • Inspects node status and conditions

Supported Kubernetes Distributions

DistributionSupport
Amazon EKSFully supported
Google GKEFully supported
Azure AKSFully supported
Self-hosted (kubeadm, k3s, Rancher)Fully supported
OpenShiftSupported (may need SCC adjustments)

Next Steps