KubeStellar Console

KubeStellar Console: A Guided Tour of AI-Driven Multi-Cluster Kubernetes Management

Coverage
ACMM
OpenSSF Scorecard
OpenSSF Best Practices
MTTR

AI-powered multi-cluster Kubernetes dashboard with guided install missions for 250+ CNCF projects. This is the hub where teams observe, learn, and act across Kubernetes environments with guided workflows that bring order to complexity. From onboarding to real-time insights, KubeStellar Console blends intelligence with practical, mission-based steps to help operators deploy and manage applications across multiple clusters with confidence.

A visual snapshot of the project appears here to set the stage for the journey:

Introduction: What the KubeStellar Console Is and Why It Matters

In modern Kubernetes operations, teams grapple with multiple clusters, diverse CNCF projects, and a flood of telemetry. The KubeStellar Console arrives as a unifying leadership console that doesn’t just display data; it guides you through a series of missions tailored to hundreds of CNCF projects. The aim is to accelerate adoption, reduce risk, and improve the speed at which AI-assisted decisions translate into real deployments. Whether you’re evaluating the product, connecting the console to your own clusters, or running the console inside a cluster, this tool embraces both the breadth of multi-cluster management and the depth of guided, step-by-step installations.

What You Can Expect from the Console

• An AI-enabled, multi-cluster dashboard designed to surface the most relevant information about your Kubernetes estate.
• Guided missions that walk you through install and validation steps for hundreds of CNCF projects, making complex setups approachable even for teams with diverse expertise.
• Flexible hosting options, from a hosted demo that requires no Kubernetes cluster to self-hosted deployments that connect to your real clusters.
• A bridge architecture that connects your local console to your kubeconfig contexts via kc-agent, enabling secure, controlled access to your clusters and AI providers.
• A pluggable AI layer that can incorporate third-party AI providers, enabling adaptive card suggestions, mission optimization, and contextual guidance.

Try It Now: A Quick Look at the Hosted Demo

If you want to evaluate the console without the friction of a local install or a cluster, you can begin with the hosted demo. The hosted version is a self-contained showcase that ships with canned demo data and is designed to be zero-config. It does not reach out to a local agent, and the LOCALAGENTHTTP_URL is disabled in the Netlify build to ensure the browser cannot access a kc-agent on your laptop. This arrangement makes it ideal for exploring the UI, perusing the available missions, and testing cards without making any changes to your own environment.

Key notes about the hosted demo:

• It requires no Kubernetes cluster and no installation.
• Demo data is baked in to provide a realistic feel for the dashboards, cards, and mission flows.
• You can experiment with AI features in a sandboxed environment without introducing your real credentials or clusters.
• If you later want the convenience of the hosted UI with your actual cluster data and AI keys, you’ll typically switch to a self-hosted setup to connect to your own kubeconfig contexts.

If you’d like a hands-on tour against your own clusters or with AI features tied to your own keys, you’ll want to move to a local or self-hosted deployment. The next sections walk you through how to reach that capability.

Which Path Should You Take?

The console offers several clear paths to fit differing goals, from quick evaluation to production-grade deployment. The decision matrix below is distilled from the official guidance and reflects what you’ll likely need to do for each scenario.

• Explore the UI and evaluate the product
• Access: console.kubestellar.io
• Need a cluster? No
• Install needed? No
• Connect the console to your own clusters
• Path: Self-host the console and install kc-agent
• Need a cluster? Yes
• Install needed? Yes (curl + kc-agent)
• Self-host the console in a restricted environment (air-gapped, custom OAuth, etc.)
• Path: Local install
• Need a cluster? Optional
• Install needed? Yes
• Run the console inside a cluster
• Path: Deploy via the provided deploy.sh script
• Need a cluster? Yes
• Install needed? Yes

Local Install: Self-Hosted as the Quickest Path

If you want to bring the console to your own data and environment, the local install is the fastest route. The self-hosted path is designed to be straightforward and reproducible, letting you run the console on your hardware while connecting to your Kubernetes clusters and AI providers.

What happens in a typical local install?

• The start script (start.sh) downloads a pre-built console binary and a pre-built kc-agent, then starts both and opens http://localhost:8080 in a browser. This orchestration makes it simple to test drive the console with your own data.
• The single-command experience minimizes the setup surface: curl -sSL https://raw.githubusercontent.com/kubestellar/console/main/start.sh | bash.
• If you need to deploy into a Kubernetes cluster instead of a local run, there is a deploy.sh script with options to tailor the installation, including OpenShift compatibility, ingress configuration, GitHub OAuth, and uninstallation steps.

kc-agent: The Bridge Between Your Browser and Clusters

The kc-agent is a small, but critical, component in the self-hosted path. It is a local HTTP/WS daemon that the console talks to in order to forward browser requests to your kubeconfig contexts and to AI providers. When you use the hosted demo, kc-agent isn’t involved—the demo intentionally does not reach a local agent. But for self-hosted deployments, kc-agent is the gateway that connects your in-browser UI to your real clusters.

What kc-agent does and why it matters:

• It bridges the browser to kubeconfig contexts and AI providers, enabling secure, local access to your cluster state.
• It runs locally (or within your own host) and typically listens on http://127.0.0.1:8585, routing requests to the actual Kubernetes endpoints and to AI services you’ve configured.
• The hosted demo environment is designed to be self-contained, so kc-agent is not used there. You’ll only need kc-agent if you want the console to work against your own clusters with AI features enabled.
• Cross-platform considerations: kc-agent supports macOS, Linux, and Windows with WSL2. Windows native environments aren’t supported directly; the recommended approach is to use Windows Subsystem for Linux (WSL2) with an Ubuntu shell.

Getting kc-agent Running on Your Platform

Prerequisites for kc-agent include a working kubeconfig that points at your clusters, plus a compatible operating system. The quick-start steps include:

• macOS: Use a Homebrew formula to install kc-agent.
• Linux: Build kc-agent from source if you aren’t using a pre-built binary.
• Windows: Use WSL2 for a compatible environment since native Windows support isn’t provided in the current builds.

A typical development or local build workflow involves cloning the repository, building kc-agent, and running it alongside the local console. The official docs provide exact commands for each platform, including how to start both components and verify connectivity to your clusters from the browser UI.

GitHub Authentication: Sign-In and Access Control

Security and access in the console are supported by two GitHub credentials, though most hosted users don’t need them. The two credentials are designed to cover both self-hosted deployments and interactive experiences.

• GitHub OAuth App (GITHUBCLIENTID + GITHUBCLIENTSECRET): Sign-in for the self-hosted console when you’re running locally on localhost:8080.
• Consolidated GitHub PAT (FeedbackGitHubToken): A personal access token that powers internal dashboards, issue creation, nightly status checks, and various community widgets. It’s optional for basic usage. Without it, the /issue endpoint reverts to demo data and some widgets fall back to the hosted demo’s data.

There are two primary ways to supply the consolidated PAT:

• Environment variable: FEEDBACKGITHUBTOKEN in the repo root or on startup (e.g., FEEDBACKGITHUBTOKEN=ghp_…).
• Settings UI: In a self-hosted setup, an admin can paste the token in Settings → GitHub Token. This path is gated by an admin role and persists to the local backend settings file.

For GitHub OAuth, you can create a GitHub OAuth App in your GitHub developer settings, supply the client ID and secret in a .env file, and run a startup script that wires the OAuth flow into the console. The hosted demo will not persist these settings, so the configuration is mainly relevant for self-hosted deployments where user sign-in is desired.

AI Configuration: Optional, Yet Powerful

The console supports AI features to enhance card suggestions, mission help, and adaptive guidance. AI is optional and does not block the basic use of the UI, missions, cards, and dashboards. If you don’t configure AI keys, the console will operate deterministically with rule-based behavior, which remains fully functional for management tasks.

How to configure AI in a self-hosted environment:

• The supported approach is to set environment variables read by the kc-agent at startup. Examples include ANTHROPICAPIKEY, OPENAIAPIKEY, and GOOGLEAPIKEY for Claude, OpenAI, and Gemini-like providers.
• The UI also exposes a Settings → API Keys modal, but in current builds that modal may render no providers. In practice, you would use the environment-variable approach to supply keys and enable AI features.
• If no AI keys are configured, you still have access to all mission flows and cards; the AI-provided optimizations are simply unavailable, and the behavior remains deterministic.
• A security and architecture note: the current setup supports self-hosted deployments with air-gapped configurations and local LLMs in separate follow-ups. The data flow, security model, and deployment options are documented in dedicated security guidance.

Onboarding, Real-Time Interactions, and Adaptive Card Suggestions

How the console works can be summarized in a few core phases:

1) Onboarding

• Sign in (GitHub) or proceed with the hosted demo if you don’t require sign-in.
• Answer role-related questions to tailor a personalized dashboard that matches your responsibilities.
• The dashboard becomes a stable platform to observe your clusters and the missions available to you.

2) Adaptive AI

• The system tracks card interactions and user focus, then uses this information to swap in more relevant cards or adjustments to the missions.
• If you enable AI integration with Claude, OpenAI, or Gemini, the suggestions become increasingly contextual, guiding you toward faster problem resolution and more efficient onboarding.

3) MCP Bridge

• The “MCP Bridge” queries cluster state, including pods, deployments, events, drift, and security aspects, by coordinating with kubestellar-ops and kubestellar-deploy services.
• This bridge is what powers real-time insight into the health and configuration of your environment across clusters.

4) Missions

• Missions are guided installation plans that walk you through pre-flight checks, installation validation, troubleshooting steps, and rollback options.
• They are designed to reduce the cognitive load that typically accompanies multi-project deployments, making it easier to stay aligned with best practices.

5) Real-Time Experience

• The console provides live updates via WebSocket streams, delivering events and status changes from connected clusters as they happen.
• Real-time feedback helps operators make timely decisions and respond to incidents promptly.

Architecture: A Bird’s-Eye View

The architecture is designed to balance ease of use with robust, scalable integration across clusters and AI providers. For a complete, technical overview, the architecture documentation on the KubeStellar site provides a detailed mapping of components and data flows. Here is a high-level mental picture:

• Frontend: The in-browser user interface that renders dashboards, missions, and interactive cards.
• kc-agent: A local bridge that securely connects the browser to kubeconfig contexts and AI providers. It runs in the user’s environment and acts as a proxy to the cluster endpoints.
• Backend/API: The server-side components that expose APIs for missions, cards, settings, and widgets. It coordinates with the agent and external AI providers as configured.
• Kubestellar-ops and Kubestellar-deploy: Microservices that query and manage the state of clusters, deployments, and configurations, supporting the Mission-driven installation workflow and validation.
• AI Providers: The optional AI integrations (Claude, OpenAI, Gemini) that provide adaptive card suggestions, prompts, and guidance to the user.

Related Repositories and Ecosystem

KubeStellar Console sits in a growing ecosystem of related tools and knowledge resources that complement the core console experience:

• console-kb: A knowledge base of guided installers for 250+ CNCF projects and knowledge to resolve Kubernetes issues.
• console-marketplace: A collection of community-contributed monitoring cards for various CNCF projects.
• kc-agent: The local agent that bridges the browser to kubeconfig contexts and AI services, including support for coding assistants, Copilot-like experiences, and integration with MCP servers.
• claude-plugins: Claude Code marketplace plugins for Kubernetes.
• homebrew-tap: Homebrew formulae that simplify installation on macOS.
• KubeStellar: The broader brand known for multi-cluster configuration management.

Quality Assurance: How the Console Maintains High Standards

Quality is built into the development process through layered feedback loops and automated checks. The project emphasizes consistent checks across the lifecycle, from pre-commit builds to production validation. A snapshot of this approach includes:

• Pre-commit checks: TypeScript build, Go build, post-build safety checks, and lint.
• Pre-merge checks: Null-safety, TS-null-safety, array-safety, API contract tests, Playwright E2E tests, coverage gates, performance checks, CodeQL, Copilot code review, UI/UX standards scanning, and visual regression testing.
• Post-merge: Targeted Playwright tests run against production endpoints, with failures prompting issue reopenings to preserve traceability.
• Continuous checks: Hourly test coverage, daily QA runs, nightly E2E tests, nightly security scans, and real-time error tracking via GA4.
• Storybook and visual regression: UI components are documented in Storybook with theme support; screenshots and diffs are captured for UI changes.

Security, Air-Gapped Deployments, and Data Flows

Security is a core concern, especially given the potential for air-gapped deployments and locally hosted AI components. The project maintains a security model document that outlines data flows: from the browser to the Go backend, then to kc-agent, and finally to AI providers or cluster endpoints. It describes how to run the console with no external AI access and outlines the supported self-hosted paths. The document also discusses the planned path toward local LLM endpoints (for example, Ollama, vLLM, LM Studio) and how to configure base URLs to direct requests to private AI services.

Getting Started: A Practical Step-by-Step Guide

If you’re ready to explore the console hands-on, here is a practical path:

• Start with the hosted demo to get a feel for the UI and missions.
• If you want to connect to your own clusters, set up a self-hosted deployment:
• Prepare a kubeconfig that can reach your clusters.
• Use the local install flow to run start.sh and launch kc-agent.
• Access http://localhost:8080 in your browser and confirm your clusters appear in the cluster picker.
• If you want to deploy in a Kubernetes cluster, use deploy.sh with the appropriate flags (for example, --openshift or --ingress, --github-oauth, and --uninstall).
• For GitHub authentication in a self-hosted environment, create a GitHub OAuth App and configure GITHUBCLIENTID and GITHUBCLIENTSECRET, or supply a consolidated PAT via FEEDBACKGITHUBTOKEN or the Settings UI.
• To enable AI features, export the desired API keys in the environment where kc-agent runs, then start the agent so the console can leverage AI-assisted recommendations.

Images Included from the Input

• The intro section includes a prominent console screenshot to illustrate the UI and its mission-driven layout.
• A series of badges at the top reflect coverage, security, and best-practices signals, providing a quick visual cue of the project’s quality posture.

Conclusion: A Path Toward Simplified, AI-Enhanced Kubernetes Management

KubeStellar Console positions itself as more than a dashboard. It is a guided, adaptive, and multi-cluster platform that helps teams manage Kubernetes across numerous projects with confidence. By combining real-time cluster awareness with mission-based installation flows, self-hosted secure connectivity through kc-agent, and optional AI-powered enhancements, the console lowers the barriers to efficient multi-cluster operations. Whether you’re evaluating the hosted demo, wiring up your own clusters, or deploying inside a cluster for maximum security and control, the architecture and workflow are designed to scale with your needs.

As the Kubernetes landscape grows increasingly complex, tools like the KubeStellar Console offer a thoughtful approach to orchestration: a blend of guided, tactical steps with a high-level, strategic view of your multi-cluster environment. If you’re seeking a way to accelerate onboarding, reduce risk in complex deployments, and unlock AI-assisted productivity for your operations teams, the console provides a compelling platform to explore. The project’s ongoing enhancements—especially around AI configurations, security postures, and agent-based bridging—promise to keep pace with evolving best practices in Kubernetes and cloud-native management. Consider starting with the hosted demo today, and if your goals require deeper integration, move toward a self-hosted configuration to connect with your real clusters and data, while enjoying the guided missions that help you ship faster and with greater confidence.