Kubernaut：基于LLM的Kubernetes智能运维平台，实现从告警到自动修复的闭环

Kubernaut is an open-source AIOps platform that leverages LLM intelligent agents to realize automatic root cause analysis and repair of Kubernetes alerts. It upgrades traditional rule-based operations to intelligent diagnostic operations, forming a complete closed loop from alert detection to automatic repair. Key keywords include AIOps, Kubernetes, LLM, automated operations, root cause analysis, intelligent agent, cloud native, Prometheus, fault self-healing, and open source.

In the cloud-native era, Kubernetes has become the de facto standard for container orchestration. However, with expanding cluster scales and complex applications, operation teams face challenges like late-night alert calls, scattered logs/metrics, outdated operation manuals, and heavy reliance on "tribal knowledge". Traditional rule-based automation tools struggle with complex, changing production environments. Kubernaut was born to address these issues by using LLM agents to form a closed loop from alert to repair.

Core Idea: Traditional rule-based tools are like thermostats (simple if-else), while Kubernaut acts as a diagnostic expert—investigating root causes, choosing context-aware solutions, verifying effects, and providing RCA reports if needed.

Workflow:

1. Detect: Connect to Prometheus AlertManager and K8s Events, filter noise, validate resource scope.
2. Investigate: LLM agent accesses K8s API via client-go, correlates metrics/logs, uses historical repair records for analysis.
3. Remediate: Select repair workflows (Tekton, K8s Jobs, Ansible) with approval gates and OPA security.
4. Close Loop: Evaluate repair effect via health checks, log success/failure and trigger escalation if needed.

Security First:

1. Kubernaut Agent (KA): Go-based service with prompt injection defense.
2. Shadow Agent Audit (v1.4): Parallel audit for prompt injection.
3. Multi-agent Consensus (v1.5 plan): Cross-validate via multiple LLM agents.
4. Workflow Permissions: Minimized ServiceAccount per workflow.
5. Short-term Token Injection: Ansible uses TokenRequest API for limited tokens.

Rich Interaction: Web console (React), natural language queries, MCP-compatible chat interfaces (Slack, IDE Copilot), A2A protocol support.

Extensible Architecture: OCI-packaged prompt packages, searchable workflow directory, Operator deployment via OLM, fleet-level repair (v1.6 plan).

Scenarios:

1. Production Failure Self-healing: Auto-fix CrashLoopBackOff, OOMKilled, network timeouts (reduce MTTR).
2. Config Drift Detection: Monitor config hashes, auto-investigate and rollback.
3. Capacity Planning: Analyze historical data for optimization suggestions.
4. Knowledge Precipitation: Audit logs/repair history as a knowledge base.

Comparison:

Feature	Traditional Rule Engine	Kubernaut
Problem Identification	Predefined rules	LLM-based reasoning
Root Cause Analysis	Limited/manual	Auto multi-dimensional investigation
Adaptability	Manual rule updates	Learn from history
Complex Scenarios	Hard to handle	Context-aware decisions
Human-machine Collaboration	Passive alerts	Active suggestions & approval
Knowledge Management	Scattered docs	Centralized audit & RCA

Community: Kubernaut is an active open-source project with:

1. Official docs (MkDocs Material).
2. Demo scenarios (scripts & screen recordings).
3. Developer guides (environment setup, build/test).
4. Contribution guidelines (code flow & standards).

Roadmap: v1.3: Console, natural language investigation, MCP interaction; v1.4: Prompt injection protection, API frontend, prompt packages; v1.5: Multi-agent consensus, better effect evaluation; v1.6: Fleet-level repair, cross-cluster federation.

Kubernaut represents an important evolution in AIOps. By integrating LLM reasoning with K8s native toolchains, it breaks technical boundaries and redefines intelligent operations. For teams aiming to improve efficiency and reduce MTTR, Kubernaut is a valuable open-source project. As the project's slogan says: "From alert to repair,智能化地完成。" Kubernaut is making this vision a reality.