How AI-Enhanced k8s-Cluster-Inspector Boosts Kubernetes Reliability

Introduction

Currently the k8s-cluster-inspector component can automatically perform Kubernetes cluster inspections, providing identified issues, their severity, type, and remediation suggestions.

Example inspection data structure:

{
    "name": "colocation-webhook-role",
    "namespace": "archimedes",
    "kind": "Role",
    "message": ["CanDeleteResources"],
    "issueCategory": ["Failed to pull image:WorkLoad"],
    "normal": false,
    "harmRank": ["CanDeleteResources:高危"],
    "repairMessages": ["CanDeleteResources:rbac中存在删除用户的风险，修复：在role,clusterrole增加标签：kubernetes.io/bootstrapping='rbac-defaults'"]
}

The results rely on manual analysis, which can limit answer quality and trust.

By leveraging AI tools to answer issue questions, the inspection data can be enriched. Example AI‑augmented result includes detailed remediation steps such as creating image pull secrets and updating pod specifications.

{
    "name": "colocation-webhook-role",
    "namespace": "archimedes",
    "kind": "Role",
    "message": ["CanDeleteResources"],
    "issueCategory": ["Failed to pull image:WorkLoad"],
    "normal": false,
    "harmRank": ["CanDeleteResources:高危"],
    "repairMessages": [
        "CanDeleteResources:集群中遇到镜像拉取报错401，通常是因为镜像仓库需要认证。解决方法如下：
1. 创建镜像拉取 Secret：
   kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
2. 在 Pod 或 Deployment 中引用 Secret：
   apiVersion: v1
   kind: Pod
   metadata:
     name: private-reg
   spec:
     containers:
     - name: private-reg-container
       image: <your-private-image>
     imagePullSecrets:
     - name: regcred
3. 应用配置：
   kubectl apply -f your-pod-or-deployment.yaml"
    ]
}

The AI‑enhanced data shows clear improvements, offering richer, more professional answers that increase product value and user experience.

System Flow

The main steps are:

Execute inspection template according to user‑declared commands.

Start inspection, interacting with the Kubernetes cluster.

Render inspection results; during rendering the AI interface is called, prompts are assembled, context is provided, and AI answers are merged into the result set.

Report the final inspection results to the user‑specified OSS storage or locally.

Provider Design

The AI provider is designed to be pluggable, allowing multiple AI services to be integrated by implementing a simple call interface, which greatly improves flexibility for external delivery.