Kubernetes Architecture Prover MCP Connector for Claude
A+An AI generated Kubernetes manifests for a payment service. No resource requests or limits. No PodSecurityStandards. Single replica, no PDB. Zero NetworkPolicies — every pod could reach every other pod. The payment pod got OOM-killed at 3 AM by a logging sidecar with no memory ceiling. This tool forces resource governance, security hardening, reliability design, observability instrumentation, and network restriction on every workload.
AI agents generate Kubernetes manifests that deploy successfully — until they cause production outages. They skip resource requests and limits. They run containers as root. They deploy single-replica services with no disruption budgets. They configure zero NetworkPolicies — flat L3 means a compromised pod reaches everything. They skip probes entirely. The deployment works. The architecture is a liability.
The Problem
LLMs commit five Kubernetes architecture failures that compound in production:
- Resource Anarchy — No requests, no limits, no LimitRanges, no ResourceQuotas. A logging sidecar with no memory ceiling OOM-kills the payment service at 3 AM. The node runs out of allocatable capacity. Pods get evicted by priority — and yours has none set.
- Security Theater — Containers run as root. No PodSecurityStandards enforced. Capabilities not dropped. hostPID and hostNetwork enabled 'for debugging.' A container escape gives the attacker node-level access.
- Single Point of Failure — One replica. No PodDisruptionBudget. No anti-affinity. A node drain during maintenance takes down the service. Rolling updates with maxUnavailable=1 on a single replica mean zero availability during deploy.
- Blind Operations — No liveness probe — Kubernetes cannot detect deadlocks. No readiness probe — traffic routes to unready pods. No structured logging — 'kubectl logs' across 40 pods at 3 AM. No metrics — you learn about failures from users.
- Flat Networking — No NetworkPolicies. Every pod can reach every other pod on every port. No ingress TLS termination. No egress restrictions. A compromised pod scans the entire cluster and exfiltrates data over any port.
How It Works
Kubernetes Architecture Prover validates workload architecture through 5 Decision Pivots:
- resourcesGoverned — CPU/memory requests AND limits on every container. LimitRanges for namespace defaults. ResourceQuotas for namespace ceilings. Not 'the cluster handles it.'
- securityHardened — runAsNonRoot=true, runAsUser≥1000, PodSecurityStandard baseline/restricted, drop ALL capabilities, readOnlyRootFilesystem=true, no hostPID/hostNetwork. Not 'behind a firewall.'
- reliabilityDesigned — ≥2 replicas for production, PodDisruptionBudget with minAvailable, anti-affinity across nodes/zones, HPA or VPA autoscaling. Not 'Kubernetes restarts pods.'
- observabilityInstrumented — Liveness probe (deadlock detection), readiness probe (traffic gating), startup probe (slow boot), structured JSON logging aggregated centrally, Prometheus metrics with SLO-based alerting. Not 'we check the dashboard.'
- networkingRestricted — Deny-all default NetworkPolicies with explicit allow rules, ingress TLS via cert-manager, egress whitelist, mTLS between services. Not 'flat network is simpler.'
The Verdict Matrix
| First Failing Pivot | Verdict | Meaning |
|---|---|---|
| resourcesGoverned = false | RESOURCES_UNGOVERNED | No limits. Noisy neighbors will OOM-kill your workloads. |
| securityHardened = false | SECURITY_UNHARDENED | Running as root. Container escape = node compromise. |
| reliabilityDesigned = false | RELIABILITY_UNDESIGNED | Single replica. Node drain = full outage. |
| observabilityInstrumented = false | OBSERVABILITY_ABSENT | No probes, no metrics. You find out from users. |
| networkingRestricted = false | NETWORKING_EXPOSED | Flat L3. Compromised pod reaches everything. |
| All pivots pass | ARCHITECTURE_PROVEN | Governed, hardened, reliable, observable, restricted. |
Why It Works
- Tool calls are obligations. The agent cannot skip resource definitions or claim security without specifying runAsUser and PodSecurityStandard. Filling the fields IS the architecture work.
- Consistency engine catches contradictions. If the agent claims
securityHardened=truebut mentions 'containers need root for setup,' the engine rejects with a specific coaching message. - Semantic traps detect hand-waving. Phrases like 'the cluster handles it,' 'Kubernetes restarts pods,' or 'flat network is simpler' trigger automatic rejection. Name the value. Name the policy. Name the probe endpoint.
Related Connectors
Drop Rate Calculator MCP
Calculate item drop probabilities, pity mechanics, and expected resource usage for loot-based systems.
Pediatric Dose Calculator MCP
Calculate safe pediatric medication dosages based on weight and frequency.
Flight Emissions Calculator MCP
Estimate the carbon footprint of air travel based on distance, seat class, and radiative forcing.
Pesticide Dilution Calculator MCP
Calculate precise pesticide dilution, tank loads, and safety intervals.