Insigh8s
01Architecture 02Tools 03Why 04Blog 05GitHub
Contribute →
v0.1 Open source / MCP-native / Apache 2.0

Insights inside
your cluster.

One MCP server. Every pillar of your cluster: cost, security, reliability, policy. Ask the questions your team actually asks. Get answers that cross product boundaries, not another dashboard to babysit.

Join as contributor → Star on GitHub
◆ v0.1 tools one tool per intent
  • SRE · investigate root cause
  • 01 investigate_namespace 5 sources
  • FinOps · spend cost only
  • 02 namespace_cost opencost
  • Audit · compliance framework-based
  • 03 audit_namespace pss · cis
investigate_namespace("payments") 3 pods unhealthy · deploy d4c7f19 api-gateway restart loop · OOMKilled elevated errors from 14:32 UTC ✓ likely cause + rollback ready
◆ AKS · EKS · GKE CNCF native Works with any MCP client Tallinn · 2026
//The problem
You can wire a dozen MCPs to your AI. What you can't wire in is the judgement. Knowing which data to join, what thresholds matter, how to rank findings, and what to fix first. That still lives in the head of the engineer on call at 2am.
01Architecture

One prompt. Every source. One answer.

Insigh8s sits between your AI assistant and your Kubernetes stack. Each team asks the question they care about. The MCP fans out to the right sources, joins the data, and returns one answer with remediation guidance.

01 · PERSONAS Four teams · four languages · one MCP DEVELOPER "why is my pod crashlooping?" "what's in the queue?" SRE / PLATFORM "where's the latency from?" "audit prod namespace" SECURITY "pods running as root?" "policy drift in 24h?" FINOPS "top spend by namespace" "where's the waste?" ▸ AI ASSISTANT Claude · GitHub Copilot · Cursor · your agent MCP PROTOCOL 02 · THE MCP Composite tools. Cross product boundaries. insigh8s-mcp One tool per intent · v0.1 ships 3 composite tools · graceful degradation investigate_namespace namespace_cost audit_namespace list_audit_frameworks 03 · DATA SOURCES Your existing CNCF stack. Nothing new to install. KUBECTL Pod · Deployment PolicyReport CRDs workload state OPENCOST Allocation API Assets · Cloud cost data PROMETHEUS PromQL metrics · SLOs observability HUBBLE Flow logs · L7 NetworkPolicy network SECURITY SIEM · alerts CVE · posture security events RUNS ON → AKS  ·  EKS  ·  GKE  ·  ANY CNCF-CONFORMANT CLUSTER
Workload
Network
Metrics
Cost
Security
Insigh8s MCP
Developer
my deploy failed. what broke?
investigate_namespace · ~3s
SRE
something's wrong in payments
investigate_namespace · ~6s
Security
audit payments against CIS
audit_namespace(cis) · ~4s
FinOps
what does payments cost us?
namespace_cost · ~2s
02The tools

One tool per intent.

Each tool answers one clear question. An SRE investigating a problem, a FinOps engineer tracking spend, and a compliance reviewer running an audit all want different answers, so they get different tools. No god-tool that tries to do everything.

◆ 01
Investigate: what's wrong?
For SREs and platform engineers · root-cause triage
i.1
investigate_namespace(namespace, window)
Unhealthy pods, recent deploys that correlate, error log patterns, unusual flows, admission denials. The 2am triage call, correlated.
kubectl prometheus hubble logs
◆ 02
Spend: what does this cost?
For FinOps and platform leads · cost-only, nothing else
c.1
namespace_cost(namespace, window)
Spend for this namespace over the window, broken down by workload. Week-over-week delta. Top cost drivers ranked.
opencost
◆ 03
Audit: is this compliant?
For security and compliance · pass/fail against a named framework
a.1
audit_namespace(namespace, framework)
Check compliance against a specific framework. v0.1 ships with pod-security-standards-restricted and cis-kubernetes-benchmark. Returns pass/fail per control, violator pods, remediation patches.
kubectl pss cis
a.2
list_audit_frameworks()
Returns the frameworks this server knows how to check, with short descriptions. Your AI calls this first when the user hasn't specified which framework.
metadata

Not raw data. Real triage.

Anyone can call an API. The hard part is knowing what to look at, in what order, with what thresholds, and which finding actually matters. Insigh8s encodes that judgement into every tool.

03Why architecture matters

Judgment belongs in code.
Not in the AI's head.

With a pile of raw MCPs, the AI has to guess which tools to call, how to stitch the results, and what matters. That guess changes every time. With Insigh8s, the orchestration lives inside a tested tool, so the answer is the same whether you're on Claude, GPT, Gemini, or a local Llama.

Six raw MCPs

Intelligence in the AI's head.

Judgment lives in: LLM reasoning
  • × Different AIs give different answers. Claude, GPT-4, Gemini, and Llama all choose tools and weigh findings differently.
  • × Same AI, same question, different answer tomorrow. "Audit payments" and "check the payments namespace" produce two different results.
  • × Can't be tested, versioned, or audited. A compliance team can't review an LLM's reasoning. They need code they can read.
  • × AI forgets steps. Picks wrong tools. Writes bad queries. Raw JSON dumps back to the AI's context window. Slow, expensive, unreliable.
Insigh8s MCP

Intelligence in the code.

Judgment lives in: tested Go, versioned, auditable
  • Deterministic across every model. Claude, GPT, Gemini, local Llama: same question in, same answer out.
  • Prompt variations don't change the result. The AI calls one tool. The orchestration happens in code, not in interpretation.
  • Versioned, testable, auditable. audit_namespace v1.2 is a reviewable diff. Your security team can read what it checks.
  • One tool call. Pre-joined, pre-ranked, pre-formatted. Tokens spent on the answer, not on raw JSON bouncing through the AI's context.
Kubernetes triage shouldn't live in an LLM's guess. It should live in code your team can read, test, and trust.
· why we're building this ·

Every team has its own dashboard. Every dashboard answers one question. And when something breaks at 2am, you're still the correlation engine.

You could install a dozen MCP servers. But raw data isn't triage. Answers are.

beforeRaw MCPs
You drive every step.
# you, manually:
kubectl_get_pods("payments")
 which pods are failing?

kubectl_describe("api-gw-...")
 OOMKilled, but why now?

kubectl_rollout_history(...)
 3 recent deploys, which one?

prometheus_query("rate(...)")
# you're writing PromQL at 2am.
Raw primitives. You still need to know the thresholds, the priorities, what "good" looks like.
with insigh8sOne call
Intent-based tool, pre-joined output.
# your AI, once:
investigate_namespace(
  namespace="payments",
  window="15m"
)

 api-gateway OOMKilled x3
 correlates to deploy
    d4c7f19 (14:32 UTC)
 error rate: 3% → 47%
 likely cause + rollback
# ~6 seconds.
One intent, one tool. Cost and compliance questions have their own tools. Each answers what was actually asked.
Built by practitioners · Open source from day one · Apache 2.0
04Writing

Notes from the build.

All posts
Intro 5 min read
Insigh8s: an opinionated MCP server for Kubernetes triage.

Your AI can already call kubectl. What it can't do is tell you which 40 pods to look at first. Here's what we're building, and why composite tools beat raw MCPs.

Read post
Design Coming soon
Why `investigate_namespace` is the first tool we're shipping.

A walkthrough of what a single SRE triage call actually does under the hood: the data sources, the join logic, and the opinions encoded in Go.

Follow on Hashnode
Platform Coming soon
Wiring OpenCost, Kyverno, and Prometheus to one MCP.

How Insigh8s talks directly to the underlying CNCF tools (not their MCPs) and what happens when one of them isn't installed on the cluster.

Follow on Hashnode
Work in progress · v0.1 coming soon

Open source from day one.
Help build it.

Insigh8s is a community project, Apache 2.0 licensed. The design is open, the roadmap is public, and the first release is taking shape. If the composite-tool approach resonates with you, there are a few ways to get involved.

· 01 ·
Star the repo.

Following the repo is the best way to track progress, see the roadmap take shape, and be notified when v0.1 drops. No commitment.

GitHub
· 02 ·
Shape the design.

What composite tools would you find useful? What thresholds should be defaults? The early decisions are still open. Join the GitHub Discussions and help set direction.

Discussions
· 03 ·
Write code.

Good-first-issue labels, a simple architecture, and a roadmap you can pick from. Platform engineers, FinOps folks, security people, and writers all welcome.

Contribute
Or just get notified when v0.1 ships

One email. No marketing. Sent when the first release lands and is stable enough to install.

No spam · Unsubscribe anytime