AI-Powered Operations

4 AI providers, 80+ Kubernetes tools — the AI never touches your cluster directly.

Architecture

How AI Operations Works

Three layers separate the AI from your cluster, ensuring safe, auditable, read-only operations.

QueryNatural language

AI RouterModel selection

LLMGPT / Claude / Gemini

ResponseFix & Runbook

SRE CLI Pod

Deploys as a pod inside your cluster via Helm. Connects to the SRExpert backend API — the AI never touches your Kubernetes API directly.

Helm-deployed

AI Gateway

The backend validates every AI request against a strict allowlist, executes read-only operations, and returns sanitized results.

Allowlist enforced

Read-Only

No write operations — ever. Scaling, deleting, and editing stay in the UI or kubectl. Every query is audit-logged with full context.

Audit logged

SRE CLI · Multi-Provider Intelligence

Choose Your AI Provider

SRExpert ships with Qwen as the default AI provider — a capable open-weight model that runs efficiently and handles the vast majority of Kubernetes analysis tasks. If you need the reasoning depth of Anthropic's Claude, the breadth of OpenAI's GPT-4, or Google's Gemini, you can switch providers at any time. All providers use the same 80+ tool set and are subject to the same security constraints: every request goes through the SRExpert backend, never directly to your cluster.

Qwen

Claude

GPT-4

Gemini

SRE CLI

Online · Qwen (default provider)

80+Tools

4Providers

AuditLogged

Show pods with high memory in production that restarted more than 3 times

Found 2 pods matching your criteria in production:

1. redis-cache-0 — OOMKilled, 847Mi/512Mi limit, 5 restarts
2. worker-3 — OOMKilled, 1.2Gi/1Gi limit, 4 restarts

Both pods exceed their memory limits. I recommend increasing limits or investigating memory leaks. Want me to analyze resource trends?

Run a CIS compliance scan on this cluster

CIS Kubernetes Benchmark scan complete — 11 checks evaluated:

✓ 8 passed · ✗ 2 failed · ⚠ 1 warning
Score: 72/100

Failed: API server anonymous auth enabled (CIS 1.2.1), etcd encryption at rest disabled (CIS 1.2.29). Want remediation steps?

Ask anything about your clusters...

80+ Specialized Tools

What the SRE CLI Can Do

Not a chatbot bolted onto kubectl. The SRE CLI ships with purpose-built, read-only tools across six domains — the AI picks the right ones and synthesizes results into clear answers.

80+Specialized ToolsPurpose-built for Kubernetes

6Domains

Read-OnlyZero write access

Audit LogEvery query tracked

Workload Analysis

List pods, deployments, services, jobs. View status, replicas, age, and configuration across namespaces.

Monitoring & Metrics

CPU/memory metrics per pod and node, resource trends, recent events, and node readiness checks.

Security Analysis

Ask the AI to run vulnerability scans, check CIS/NSA compliance, analyze RBAC permissions, and detect misconfigurations — all via natural language.

Network Analysis

Network policies, exposed services, traffic flow analysis, and namespace isolation verification.

Storage Management

PVCs, PVs, storage classes — view capacity, usage, and binding status across clusters.

Troubleshooting

Describe resources, search logs, analyze errors, get root cause analysis, and best practice recommendations.

Root Cause AnalysisRunbook GenerationYAML GenerationLog AnalysisCost OptimizationSecurity AuditTroubleshootingCapacity PlanningRoot Cause AnalysisRunbook GenerationYAML GenerationLog AnalysisCost OptimizationSecurity AuditTroubleshootingCapacity Planning

GPT-4ClaudeGeminiOpenRouterNatural LanguageRead-OnlyAudit LogSRE CLIGPT-4ClaudeGeminiOpenRouterNatural LanguageRead-OnlyAudit LogSRE CLI

Natural Language

Just Ask

No kubectl flags or PromQL to memorize. Describe what you need — the CLI does the rest.

Show all pods in production

Found 47 pods across 3 namespaces — 38 Running, 6 Pending, 3 Failed. The failed pods are in the payments namespace.

Why is nginx pod in CrashLoopBackOff?

Root cause: OOM Killed. Container exceeded 256Mi memory limit. Last 3 restarts in 8 minutes. Recommendation: increase limit to 512Mi.

Run a vulnerability scan on production

Trivy scan complete — 2 Critical, 4 High, 8 Medium CVEs found across 12 images. Remediation plan generated with prioritized fix order.

Who has admin access in this cluster?

3 ClusterRoleBindings with cluster-admin: system:admin, ci-deployer, legacy-sa. Warning: legacy-sa has not been used in 90 days.

Check CIS Benchmark compliance

CIS Kubernetes Benchmark v1.8: Score 87/100. 6 checks failed (2 critical). Auto-fix available for 4 items. Full report exported.

Ask anything about your cluster...█

Zero Direct Access

Security by Architecture

SRExpert addresses AI trust at the architectural level — not with guardrails or prompt engineering, but by physically separating the AI from your cluster. Every interaction is audit-logged and validated.

Zero Access

Read-Only

Full Audit

RBAC-Aware

No Direct Cluster Access

AI communicates only with the SRExpert backend — never with the Kubernetes API or etcd directly.

Read-Only by Design

All 80+ tools are read-only. Write operations require the SRExpert UI or kubectl.

Full Audit Trail

Every query, tool invocation, and response is logged with user, timestamp, and provider.

RBAC-Aware

The CLI respects your existing RBAC policies. Users only see data they are authorized to access.

Ready to simplify your workflows?

Start with SRExpert today

Connect your first cluster in 5 minutes. See every workload, enforce security policies, and let AI handle the noise.

Replace your monitoring stack, alerting tools, and compliance spreadsheets with one platform built for Kubernetes teams.

Free tier available — no credit card needed.

Book a Call Read the Docs

Start with SRExpert today