Configuration
The Kubernetes Agent (k8s-autopilot) supports flexible configuration via environment variables and Docker Compose. This page details how to configure the agent for both local development and production usage.
1. Quick Start (Docker Compose)
The recommended way to run k8s-autopilot is via Docker Compose. All MCP servers (Helm, ArgoCD, Traefik, Argo Rollouts, Prometheus, Alertmanager) run in-process via stdio transport — no sidecar containers needed. The only external dependency is the Kubernetes MCP server (npx).
You need two files: docker-compose.yml and .env.
Docker Compose
services:
k8s-autopilot:
image: talkopsai/k8s-autopilot:latest
container_name: k8s-autopilot
ports:
- "10102:10102"
environment:
# Required: API Keys (loaded from .env file in the same directory)
- GOOGLE_API_KEY=${GOOGLE_API_KEY}
- GOOGLE_GENAI_USE_VERTEXAI=${GOOGLE_GENAI_USE_VERTEXAI}
# Github MCP Server Configuration
- GITHUB_MCP_URL=${GITHUB_MCP_URL}
- GITHUB_PERSONAL_ACCESS_TOKEN=${GITHUB_PERSONAL_ACCESS_TOKEN}
- HELM_WORKSPACE=${HELM_WORKSPACE}
# MCP Server Configuration
# Default: stdio transport for TalkOps MCP servers (binaries in the venv).
# Override MCP_SERVERS with an HTTP JSON array to use HTTP transport instead.
- >-
MCP_SERVERS=[
{"name": "github_mcp", "url": "https://api.githubcopilot.com/mcp/", "transport": "http", "disabled": false, "headers": {}, "auth_token_env_var": "GITHUB_PERSONAL_ACCESS_TOKEN"},
{"name": "helm_mcp_server", "command": "helm-mcp-server", "transport": "stdio", "args": [], "env": {"MCP_ALLOW_WRITE": "true"}},
{"name": "argocd_mcp_server", "command": "argocd-mcp-server", "transport": "stdio", "args": [], "env": {"MCP_ALLOW_WRITE": "true"}},
{"name": "traefik_mcp_server", "command": "traefik-mcp-server", "transport": "stdio", "args": [], "env": {}},
{"name": "argo_rollout_mcp_server", "command": "argo-rollout-mcp-server", "transport": "stdio", "args": [], "env": {}},
{"name": "prometheus-mcp-server", "command": "prometheus-mcp-server", "transport": "stdio", "args": [], "env": {}},
{"name": "alertmanager-mcp-server", "command": "alertmanager-mcp-server", "transport": "stdio", "args": [], "env": {}},
{"name": "kubernetes_mcp_server", "command": "npx", "transport": "stdio", "args": ["-y", "kubernetes-mcp-server@latest"]}
]
# LLM Configuration
- LLM_PROVIDER=${LLM_PROVIDER}
- LLM_MODEL=${LLM_MODEL}
- LLM_HIGHER_PROVIDER=${LLM_HIGHER_PROVIDER}
- LLM_HIGHER_MODEL=${LLM_HIGHER_MODEL}
- LLM_DEEPAGENT_PROVIDER=${LLM_DEEPAGENT_PROVIDER}
- LLM_DEEPAGENT_MODEL=${LLM_DEEPAGENT_MODEL}
# Logging & Kubeconfig
- LOG_LEVEL=${LOG_LEVEL}
- KUBECONFIG=/app/.kube/config
# Observability: Prometheus MCP server env vars
# Inherited by the prometheus-mcp-server stdio subprocess
- PROMETHEUS_BASE_URL=${PROMETHEUS_BASE_URL:-http://prometheus-operated.monitoring.svc:9090}
- PROMETHEUS_VERIFY_SSL=${PROMETHEUS_VERIFY_SSL:-false}
- PROMETHEUS_BACKEND_ID=${PROMETHEUS_BACKEND_ID:-default}
- PROMETHEUS_TYPE=${PROMETHEUS_TYPE:-prometheus}
# Observability: Alertmanager MCP server env vars
# Inherited by the alertmanager-mcp-server stdio subprocess
- ALERTMANAGER_BASE_URL=${ALERTMANAGER_BASE_URL:-http://alertmanager-operated.monitoring.svc:9093}
- ALERTMANAGER_VERIFY_SSL=${ALERTMANAGER_VERIFY_SSL:-false}
- ALERTMANAGER_BACKEND_ID=${ALERTMANAGER_BACKEND_ID:-default}
- AM_MAX_SILENCE_MINUTES=${AM_MAX_SILENCE_MINUTES:-1440}
- AM_SILENCE_WARNING_THRESHOLD=${AM_SILENCE_WARNING_THRESHOLD:-50}
# ArgoCD: env vars inherited by the argocd-mcp-server stdio subprocess
- ARGOCD_SERVER_URL=${ARGOCD_SERVER_URL:-https://argocd-server.argocd.svc:443}
- ARGOCD_AUTH_TOKEN=${ARGOCD_AUTH_TOKEN}
- ARGOCD_INSECURE=${ARGOCD_INSECURE:-true}
volumes:
- ./workspace/helm-charts:/app/workspace/helm-charts
- ${HOME}/.kube/config:/app/.kube/config:ro
restart: unless-stopped
networks:
- k8s-autopilot-net
talkops-ui:
image: talkopsai/talkops:latest
container_name: talkops-ui
environment:
- K8S_AGENT_URL=http://localhost:10102
- TALKOPS_ENABLE_LOGGING=false
ports:
- "8080:80"
depends_on:
- k8s-autopilot
restart: unless-stopped
networks:
- k8s-autopilot-net
networks:
k8s-autopilot-net:
driver: bridge
Environment File (.env)
Create a .env file in the same directory as your docker-compose.yml:
# LLM Provider (choose one: google_genai, openai, anthropic, azure)
GOOGLE_API_KEY=your_google_api_key_here
LLM_PROVIDER=google_genai
LLM_MODEL=gemini-3.1-flash-lite-preview
LLM_HIGHER_PROVIDER=google_genai
LLM_HIGHER_MODEL=gemini-3.1-pro-preview
LLM_DEEPAGENT_PROVIDER=google_genai
LLM_DEEPAGENT_MODEL=gemini-3.1-pro-preview
# GitHub (for Helm chart commits)
GITHUB_PERSONAL_ACCESS_TOKEN=your_github_pat_with_repo_scope
# Helm workspace
HELM_WORKSPACE=./workspace/helm-charts
# ArgoCD (update to match your cluster)
ARGOCD_SERVER_URL=https://argocd-server.argocd.svc:443
ARGOCD_AUTH_TOKEN=your_argocd_auth_token_here
# Prometheus & Alertmanager (update to match your cluster)
PROMETHEUS_BASE_URL=http://localhost:9090
ALERTMANAGER_BASE_URL=http://localhost:9093
Using OpenAI or Anthropic instead? Set
LLM_PROVIDER=openaiandLLM_MODEL=gpt-4o(oranthropic/claude-3-5-sonnet-latest) in your.env. The system supports all of them out of the box.
Start Everything
docker compose up -d
# k8s-autopilot Agent running at http://localhost:10102
# TalkOps UI running at http://localhost:8080
Open http://localhost:8080 and start talking to the orchestrator.
2. LLM Multi-Model Strategy
The agent uses a three-tier LLM configuration — different models for different cognitive jobs — to optimize cost and performance.
Configuration Variables
| Tier | Variable | Purpose | Default | Why |
|---|---|---|---|---|
| Standard | LLM_MODEL | Fast parsing, repetitive tasks | gpt-4o-mini | Fast and cost-effective for validation parsing |
| Higher | LLM_HIGHER_MODEL | Supervisor routing, HITL context | gpt-5-mini | Stronger reasoning for accurate routing |
| Deep Agent | LLM_DEEPAGENT_MODEL | Coordinators, code generation | o4-mini | Maximum capability for complex execution planning |
| Provider | LLM_PROVIDER | Default provider backend | openai | openai, anthropic, google_genai, azure |
Each tier can use a different provider. Set LLM_HIGHER_PROVIDER and LLM_DEEPAGENT_PROVIDER separately if you want to mix providers.
Switching LLM providers: Set
LLM_PROVIDER(orLLM_HIGHER_PROVIDER,LLM_DEEPAGENT_PROVIDER) toanthropic,google_genai,openai, orazure. The system supports all of them natively.
Example: Cost-Optimized Setup (OpenAI)
LLM_PROVIDER=openai
LLM_MODEL=gpt-4o-mini
LLM_HIGHER_PROVIDER=openai
LLM_HIGHER_MODEL=gpt-5-mini
LLM_DEEPAGENT_PROVIDER=openai
LLM_DEEPAGENT_MODEL=o4-mini
Example: Google Gemini Setup
LLM_PROVIDER=google_genai
LLM_MODEL=gemini-3.1-flash-lite-preview
LLM_HIGHER_PROVIDER=google_genai
LLM_HIGHER_MODEL=gemini-3.1-pro-preview
LLM_DEEPAGENT_PROVIDER=google_genai
LLM_DEEPAGENT_MODEL=gemini-3.1-pro-preview
3. MCP Server Configuration
All MCP servers are configured via the MCP_SERVERS environment variable — a JSON array that defines each server's connection details. All TalkOps-native servers default to stdio transport (in-process communication). Docker Compose deployments can override to HTTP transport if needed.
MCP Servers Reference
| MCP Server | Package / Command | Transport | Domain |
|---|---|---|---|
helm_mcp_server | helm-mcp-server | stdio | Helm chart operations |
argocd_mcp_server | argocd-mcp-server | stdio | ArgoCD GitOps |
traefik_mcp_server | traefik-mcp-server | stdio | Traefik edge routing |
argo_rollout_mcp_server | argo-rollout-mcp-server | stdio | Argo Rollouts progressive delivery |
prometheus-mcp-server | prometheus-mcp-server | stdio | Prometheus monitoring & PromQL |
alertmanager-mcp-server | alertmanager-mcp-server | stdio | Alertmanager alerting & silences |
github_mcp | GitHub Copilot API | HTTP | GitHub file operations |
kubernetes_mcp_server | npx kubernetes-mcp-server@latest | stdio | Raw Kubernetes cluster ops |
Do I need all MCP servers running? No. The agent can operate with a subset of servers. If a server is unavailable, the relevant deep agent will politely inform you that the capability is disabled.
Observability Environment Variables
These environment variables are inherited by the Prometheus and Alertmanager MCP servers via the stdio subprocess:
| Variable | Default | Purpose |
|---|---|---|
PROMETHEUS_BASE_URL | http://prometheus-operated.monitoring.svc:9090 | Prometheus server URL |
PROMETHEUS_VERIFY_SSL | false | SSL verification |
PROMETHEUS_BACKEND_ID | default | Multi-backend identifier |
PROMETHEUS_TYPE | prometheus | Backend type |
ALERTMANAGER_BASE_URL | http://alertmanager-operated.monitoring.svc:9093 | Alertmanager server URL |
ALERTMANAGER_VERIFY_SSL | false | SSL verification |
ALERTMANAGER_BACKEND_ID | default | Multi-backend identifier |
AM_MAX_SILENCE_MINUTES | 1440 | Maximum silence duration (24 hours) |
AM_SILENCE_WARNING_THRESHOLD | 50 | Blast radius warning threshold |
ArgoCD Environment Variables
| Variable | Default | Purpose |
|---|---|---|
ARGOCD_SERVER_URL | https://argocd-server.argocd.svc:443 | ArgoCD server URL |
ARGOCD_AUTH_TOKEN | — | ArgoCD authentication token |
ARGOCD_INSECURE | true | Skip TLS verification |
GitHub Environment Variables
| Variable | Default | Purpose |
|---|---|---|
GITHUB_PERSONAL_ACCESS_TOKEN | — | GitHub PAT with repo scope |
GITHUB_MCP_URL | https://api.githubcopilot.com/mcp/ | GitHub MCP endpoint |
4. Local Development (From Source)
If you want to run it directly (for development or customization):
-
Install uv for dependency management.
-
Clone & setup:
git clone https://github.com/talkops-ai/k8s-autopilot.git
cd k8s-autopilot
uv venv --python=3.12
source .venv/bin/activate # On Unix/macOS
# or
# .venv\Scripts\activate # On Windows -
Install dependencies from
pyproject.toml:uv pip install -e . -
Environment Setup:
cp .env.example .env
# Edit .env — at minimum set your LLM API keyAll available configuration options can be found in
k8s_autopilot/config/default.py. You can set any of these via your.envfile. -
Start the A2A server:
k8s-autopilot --host localhost --port 10102 -
Start the UI (in a separate terminal):
docker run -d \
--name talkops-ui \
-p 8080:80 \
-e K8S_AGENT_URL=http://host.docker.internal:10102 \
talkopsai/talkops:latestThen open http://localhost:8080 in your browser.
5. Helm & Cluster Configuration
⚠️ Important Dependency: All operational sub-agents rely on their respective MCP servers to perform cluster actions. The MCP servers connect to your Kubernetes cluster via the mounted kubeconfig.
For specific configuration details regarding:
- Kubeconfig paths
- RBAC Permissions
- Helm Repository setup
- Cluster connectivity
Please refer to the Integrations & MCP Servers documentation or the specific MCP Server guides.