This server watches your Kubernetes cluster for failures, runs LLM-powered root cause analysis through Gemini, and posts diagnostic summaries with remediation steps to Slack. The clever bit is the security model: the agent itself is strictly read-only, and if you approve a fix via Slack button, it executes in an ephemeral Job whose permissions are bounded by OPA Gatekeeper policies at the API admission layer, independent of RBAC. Logs are sanitized before hitting the LLM, and the executor service account is explicitly blocked from touching sensitive namespaces or escalating privileges. You'd reach for this when you want faster MTTR on diagnosable cluster failures without handing an LLM the keys to kubectl apply.
claude mcp add --transport stdio jdoornink-k8gents uvx k8gents