clu
A Kubernetes operations copilot — troubleshooting, monitoring, scaffolding, and IaC generation. Runs inside your cluster. Your data never leaves.
$ kubectl exec -it clu -- clu chat clu> why are payments-api pods restarting? analyzing... checking events, logs, resource limits, recent deploys → 14 OOMKilled events in 6h. memory limit 256Mi vs p99 usage 412Mi. → recommend: bump limits to 512Mi or investigate leak in v1.4.2.
What Clu Does
Kubernetes is powerful and unforgiving. Clu lives inside your cluster, builds a knowledge graph of your resources and conventions, and gives your team a single conversational interface for the operations work that used to be spread across a dozen dashboards.
Real-time Troubleshooting
Ask why a pod is failing. Clu reads events, logs, metrics, and recent deploys to give you a root cause in seconds — not hours.
Knowledge Graph
Clu maps every resource, owner, dependency, and convention in your cluster so it can answer questions about your environment, not generic Kubernetes.
Prometheus & CloudWatch Integration
Native integration with the metrics tools you already run. Health reports and anomaly detection without a parallel observability stack.
Scaffolding & IaC Generation
Generate Helm charts, manifests, and infrastructure-as-code from a conversation. Stay aligned with your team's existing conventions.
Approval-gated Writes
Every mutating operation runs as a dry-run first. Nothing changes in your cluster without explicit human approval and a hash-chained audit log.
Bring Your Own Model
Connect to Amazon Bedrock or any OpenAI-compatible endpoint. Your prompts and cluster data stay inside your account — never sent to a third party.
Cost & Topology Insight
See where money is going, where traffic flows, and what managed services (RDS, ElastiCache, S3) your workloads actually depend on.
Tool-aware
Clu auto-detects Argo, Kyverno, external-secrets, and other ecosystem tools you've already adopted, then works with them rather than around them.
IAM-native
Identity mapping that respects your existing IAM and Kubernetes RBAC. Clu acts within the permissions of the user asking, not a god-mode service account.
Designed for Production Clusters
Clu was built for teams who already have hard-won Kubernetes setups and can't accept "AI moved a thing and we don't know what." Every operation is dry-run-first. Every change is approval-gated. Every action lands in a hash-chained audit log you can verify after the fact.
- In-cluster execution — your data never leaves your environment.
- Dry-run-first — see what would change before anything does.
- Hash-chained audit log — tamper-evident record of every action.
- IAM & RBAC respect — Clu can't do anything the calling user can't already do.
Ready to put Clu in your cluster?
Subscribe through AWS Marketplace and your first 30 days are free. Billing flows through your existing AWS account — no separate invoice, no per-hour metering surprises.