Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Magic Happens – let ChatGPT manage your Kubernetes cluster (github.com/empath-nirvana)
48 points by empath-nirvana 64 days ago | hide | past | favorite | 32 comments
I built this kubernetes operator as a proof of concept this weekend.. It only has a single required item in the spec, a freeform description field. The operator will use chatgpt to generate a spec, then immediately apply it to the cluster. It makes some attempt to correct errors if there's a problem with the syntax. It will leave additional comments, questions or instructions in the status field of the object. I built this in a weekend and it's still quite unrefined. It's in no way production ready, please don't use it for anything real, but it works better than you would think, considering how simple it is. If you're going to use it, run it on a local cluster like 'kind'.

Some descriptions to try:

* install a redis namespace with a redis cluster and a service in it * create an argocd application in the argocd namespace to install velero. * write a python script that lists all ec2 instances in us-east-1, and run it as a k8s job with the aws credentials already saved in the default namespace..

a somewhat longer description that also worked: given the following spec: --- kind: MagicHappens apiVersion: gptmagic.io/v1 metadata: name: foo spec: description: this is a freeform description field that will be sent to chatgpt to generate kubernetes resources dryRun: false --- Can you create more magic happens resources, each of which describes an argocd application that needs to be created to install a helm chart for one of the standard cluster addons that need to be installed on a cluster for it to be production ready. The description should be be freeform text like the following: "Create an argocd application in the argocd namespace to install istio from the helm chart with all the defaults" or "Create an argocd application in the argocd namespace to install prometheus and grafana, with an ingress enabled for grafana". Be very thorough and included as many apps that might be needed for a prod ready cluster using industry standard CNCF projects if possible.

(this produces a list of additional resources for the operator, which the operator then goes on to create argocd applications for -- it also left comments with instructions on one of the resources for how configure it to work with your cloud provider

something to note is that since you can run arbitrary containers with arbitrary commands, and chatgpt can write arbitrary code, you don't have to limit yourself to k8s stuff.. if you've got saas credentials on the cluster, you can just tell it to run a python script as a job to do whatever you want.

Since most people are cowards, there's a dryRun field that defaults to true, so it only attaches the spec to the object.

It is scary how well this works.




I just had GPT-4 try to add my ssh key into a docker image to run git clone - which would work but would leave my private ssh key in the final image!

And it's suggested fix had the same issue!

So yeah idk about trusting it more then as an assistant - its too good at making incredibly convincing (even working) solutions that have massive security/other issues.


To be clear, this would be an insane thing to actually run as it is. But you can run everything in dryRun if you just want to see what it would install. Although, and i just realized this, it'll possibly generate different code after you set dryRun to false, so i need to fix that somehow.


The idea I've had for things like this is a "run once and memoize" approach instead of regenerating each time.

Kinda like a template, but with one key difference: if you only store the "template prompt" and modify that prompt you may get something pretty substantially different (and overly destructive a change!) from the original, so my idea there is to record the history of prompts + artifacts but always do modifications by asking GPT to apply a change to the memoized output, which then gets itself reviewed in dry-run before being saved.


yeah that was what i was going to do, this is a spare time project though so it'll have to wait for the weekend.

It does return the previous output on requests to update it, but it's by no means guaranteed to return the same results. It does most of the time, though, if the description hasn't changed.


So ask it to review the result for issues and then send it to rework.

You know, like everyone does. Why are you expecting it to be better than us?


I'd settle for "as good as", not "better."

I've had several similar experiences as the above poster. Most recently, I was playing around with an interview question and removed a constraint and asked it to update its solution for it.

It gave a new solution, but it still didn't work on the new, harder input.

I pointed out exactly how it failed, and it said "ah, yes, you are right, that should produce True, not false"... and spit out exactly the same code.

...

So now the question is, is it overly mean to pick interview questions based on which ones can be extended in ways that GPT-4 doesn't understand? ;)


I wouldn't say it's overly mean.

I guess if they find some hard limits to transformer based intelligence, questions like that will be how we decide which things are worth learning.


I've encountered it agreeing I am correct then proceeding to serve the same code, or even worse, regressing and losing corrections made earlier. The longer you "talk" to it in a conversation, the worse the output becomes. It can feel like you're getting somewhere, but you're usually not.

It's largely a waste of time, anybody who knows what they're doing will just do it properly. Anybody who doesn't know what they're doing will waste their time and likely never learn how to do things correctly, and their Dunning-Kruger complex will be in full-effect.


> So ask it to review the result for issues and then send it to rework.

I did, and it made the same mistake just in a slightly different way. I've seen it do this before with other problems where it just can't understand what it's mistake was.

Also because the image would have built correctly and have works, it wouldn't even know there's a problem with the autogpt/langchain setups people have been doing.

The scary part to me is most newbies wouldn't be able to recognize the problem - adding a file embeds it into the image layer, even if you remove the file later in the build process.


Sorry, I think I phrased the question poorly.

I meant that everyone makes dumb mistakes (and sometimes catches them) all the time, not that everyone asks GPT multiple times.

And sometimes those mistakes are hard to catch.


the problem is if the error that it makes are subtle enough to be missed by the guy/gal who decided that "now I can take care of the Kubernetes install without even having to go to StackOverflow or whatever... you know, a place where other people with some experience can point out errors in the proposed solutions".


Yeah exactly.

I'm not sure how many people would recognize that adding a file in one RUN and then removing it in another RUN during a Dockerfile build would result in the file still existing in one of the layers.

IMO that's a good example of a critical bug (leaked private ssh key) that would be difficult to spot for even someone who's semi-comfortable with Dockerfiles and just isn't familiar with exactly how the build processes works and realizes that it will be an issue. Again it looks really correct and I think would have worked with no errors.


Some of us don’t understand how to accept mistakes and think we have to be perfect but we will never be perfect so we work harder and … how do I make burnout a prompt?


> Some of us don’t understand how to accept mistakes

I might be miss-interpreting you and the parent but - this mistake results in leaking my personal private ssh key into a docker image that could be made public.

This is not a mistake that should be acceptable. If you made it accidentally that's one thing, but I'm not accepting GPT4's first, second, or third attempts (I gave up on that prompt) that make that mistake.


I was joking that for most people, we can't do what the parent post wants, which is to learn from our mistakes. For people this often leads to burnout. :)


Why are you personally offended that someone on the internet found GPT inadequate?


Interesting, I wrote a bot to debug Kubernetes issues. You wrote a bot to generate them ;)

https://github.com/robusta-dev/kubernetes-chatgpt-bot/

Just kidding on that. This looks very cool.


they should be friends!


I'm happy to take feature requests or PRs, btw, there's a ton of low hanging fruit here. one thing I want to add is the option to commit the results to a github repo so you can still say you're doing gitops. obviously with a force push straight to main.

I also barely understand how kopf works and i'm not that great with python, so if someone wants to clean up the code for me that would be great.


When you think that: Complexity is the ultimate sophistication. jajajajjajaja


Well, "sophistication" can be both a positive and pejorative word. The root "soph" is quite interesting.


Shouldn't it be called ChaosHappens.


> (you can use gpt-3.5 if you don't have access to gpt-4, but the results aren't as reliable

How reliable are the results GPT-4 vs GPT-3.5?


The problem is that gpt-3.5 has a tendency to ignore system prompts in the api call, that i've noticed, so it'll ignore the instructions and send back yaml plus a bunch of plain text that the controller can't process


You have to teach 3.5 how to respond by including example user/assistant response pairs in your request. Once you do this it pretty reliably follows the structure. I made a vscode extension to help with this https://marketplace.visualstudio.com/items?itemName=jaaxxx.l... (mentioned in an earlier ask-hn that seems to have gone missing from the site entirely?)

This does bite into your 4096 token limit, unfortunately.


if you look at the code, i did do that, it still fairly reliably ignored it and sent me lengthy explanations with the yaml


Ah. I wonder if Kubernetes configurations are so frequently accompanied with lengthy explanation text that it is unable to separate the two concepts.


How does it handle k8s API versions that were not yet released when the model was released?


it doesn't!

it will attempt to fix it if the error indicates that the version isn't installed though.. Sometimes it'll guess the right version.

the error will be returned on the object, though, so you can add the correct version in the description.

you can also use the expectedObjects field to put in some kubernetes yaml you want it to start with, and it'll attempt to adapt it rather than generating all new yaml


In the future you can use a vector embedding database to pull relevant bits of documentation from version specific documentation. With GPT4's 8k context it should be enough to get most things in there


Yeah, i'm working on that for another project, i might port it into this, but that would risk turning this into a real thing and less a possibly fun way to destroy your cluster.


Very cool!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: