aicoolies logo

kagent Review 2026: Kubernetes-Native Agent Platform

kagent is a CNCF Kubernetes-native platform for declarative agents, model configuration, MCP tools, approvals, memory, and A2A workflows. It offers substantial control for platform teams, but its CRDs, databases, model infrastructure, and security policy create real operational overhead.

reviewed by Raşit Akyol July 13, 2026

78/100

overall

Speed76
Privacy83
Dev Experience76

Verdict: an agent control plane, not a smarter kubectl prompt

kagent is a Kubernetes-native platform for declaring, running, and interacting with AI agents. Its resources cover agent definitions, model configuration, tool connections, memory, remote execution, and agent-to-agent communication, while a controller and UI turn those resources into an operational system. That makes it fundamentally different from K8sGPT or kubectl-ai: the goal is not only to answer a troubleshooting question, but to give platform teams a repeatable way to package agents and tools for Kubernetes environments. This review is based on current documentation and source material, not an independent production benchmark.

The product is best suited to platform teams already comfortable operating controllers, Helm releases, CRDs, Secrets, service accounts, databases, and observability. For those teams, declarative resources make agent configuration reviewable and reusable. For an individual who only wants to ask why a Pod is failing, kagent is likely excessive. A controller, tool servers, model providers, UI, database, and governance policy create more operational surface than a local CLI. The value appears when several teams need governed agents, shared tools, consistent model configuration, and a Kubernetes lifecycle rather than a one-off assistant.

Agents, models, tools, and Kubernetes resources

kagent defines agents through Kubernetes APIs and connects them to a ModelConfig that identifies the provider, model, credentials, and generation settings. Declarative agents can receive system instructions, skills, tool references, memory, context-compaction behavior, and A2A configuration. The platform also supports bring-your-own agent deployments and longer-running harnesses. This separation lets a platform team standardize approved models and tools while application teams define task-specific behavior. Changes can move through normal manifest review and deployment controls rather than being hidden in a developer's local chat configuration.

The benefit depends on resisting uncontrolled resource growth. Every custom agent becomes software that needs an owner, evaluation set, access policy, upgrade path, and retirement decision. Shared ModelConfig objects can simplify credential rotation, but a poor default can spread cost or unsafe behavior across many agents. Namespaces offer useful boundaries, yet cluster-scoped controllers and cross-service integrations still need threat modeling. Treat agent manifests like production automation: require code review, pin versions where possible, document tool permissions, and verify behavior before promoting a resource from a sandbox to production namespaces.

MCP tools and human approval controls

The current tool ecosystem includes Kubernetes resource reads and patches, pod command execution, Helm, Istio, Cilium, Argo, Grafana, Prometheus, Loki, incident, and on-call operations through MCP servers. Custom and remote MCP servers can extend the catalog. The API supports listing specific tool names and marking selected tools as requiring approval, so an agent can pause before a high-impact call. This is a valuable control because read and write operations should not share the same default trust level. Tool approval also gives the user a visible decision point inside the agent workflow.

Approval is not a substitute for least privilege. A tool that can patch resources, execute commands in Pods, create incidents, or call a remote system should run with credentials limited to its intended environment and operation. Tool descriptions, logs, Kubernetes objects, and remote MCP responses can contain untrusted instructions that influence the model. Platform teams should use allowlists, network policy, workload identity, short-lived credentials, and audit logs, then test denial and cancellation paths. The safest design makes an unsafe call impossible at the authorization layer even if the model or reviewer makes a mistake.

Architecture, upgrades, and production operations

Installation is available through the kagent CLI or Helm, and the current documentation includes kmcp by default. The project has evolved from earlier tool resources to newer v1alpha2 APIs and separate resources for remote MCP services, which shows active development but also creates migration work. Release notes should be part of every upgrade because CRD schemas, Secret references, database assumptions, and tool packaging can change. Production clusters should separate the controller and agents from application workloads, apply resource requests and limits, and monitor controller reconciliation, tool-server errors, model latency, and failed approvals.

Current guidance uses PostgreSQL for production and can add pgvector-backed memory, while the bundled database is convenient for evaluation. Long-term memory has a configurable retention period, with a documented default of 15 days, and embedding models can differ from the agent's main model. These features are powerful but introduce storage, backup, schema migration, vector cost, privacy, and deletion requirements. A memory entry can preserve sensitive operational context beyond the original conversation, so retention must match policy. Teams that do not need memory should leave it disabled rather than accepting extra data and infrastructure by default.

Pricing and total cost of a self-operated platform

kagent is free open-source software under Apache 2.0, but a production deployment is not free to operate. Costs include model inference, embedding models, PostgreSQL and optional vector storage, controller and tool-server compute, persistent volumes, network egress, observability, security review, and engineering ownership. The Helm defaults make a lab easy to start, while enterprise requirements often demand an external managed database, workload identity, private networking, backups, high availability, and approved model endpoints. Those costs should be compared with the number of teams and workflows the platform will actually support.

A pilot should track successful task completion, incorrect or rejected tool calls, approval frequency, model tokens, latency, memory growth, controller errors, and the operational effort required per agent. It should also test upgrades across CRD versions, expired provider credentials, unavailable MCP servers, and a failed database. The platform can be economical when it replaces several bespoke agent runtimes with one governed foundation. It is poor value when only one or two engineers need occasional diagnostics, because a simpler local tool avoids the control-plane and database burden.

Alternatives and adoption criteria

Choose K8sGPT for deterministic analyzer-driven diagnosis, kubectl-ai for an interactive natural-language operations interface, and Robusta for alert-centered investigation and collaboration. General-purpose agent frameworks may offer a larger programming ecosystem outside Kubernetes, while managed enterprise agent platforms can transfer support and control-plane operations to a vendor. kagent's distinctive value is the combination of Kubernetes reconciliation, declarative configuration, cloud-native tools, MCP, A2A, memory, and approval-aware execution under one open-source project.

Adopt kagent when there is a named platform owner, several repeatable agent use cases, a clear model and database strategy, and a security team willing to define tool permissions. Wait when use cases are still experimental, credentials would be broadly shared, or the organization cannot support CRD and database upgrades. The project provides strong building blocks, but it does not remove the need for evaluations, safe prompts, observability, and incident response. A successful deployment treats agents as governed production workloads rather than clever chat configurations.

Pros

  • Declarative Kubernetes resources for agents, models, tools, and runtimes
  • CNCF project licensed under Apache 2.0
  • Built-in Kubernetes, Helm, Istio, Cilium, Argo, Grafana, Prometheus, and Loki tools
  • Per-tool human approval support for high-impact actions
  • Supports custom MCP servers, A2A agents, skills, memory, and BYO agents
  • Model-provider and self-hosting flexibility suits platform engineering

Cons

  • More infrastructure and lifecycle work than a CLI assistant
  • CRD and tool API changes require careful upgrade planning
  • Production database, vector memory, and model costs are buyer-owned
  • Broad MCP and cluster tools can create a large privilege surface
  • Agent quality still depends on prompts, models, context, and evaluation
  • The platform is evolving rapidly and requires strong operational ownership

Verdict

Choose kagent when a platform team wants to operate reusable AI agents and tools as Kubernetes resources with explicit model, memory, and approval controls. Choose a simpler CLI assistant when the goal is only occasional cluster troubleshooting.

View kagent on aicoolies

Pricing, platforms, and community stacks — explore the full tool page

Alternatives to kagent

OpenManus logo

OpenManus

Open-source general AI agent framework from the MetaGPT team

OpenManus is an open-source framework for building general-purpose AI agents, developed by core contributors from the MetaGPT community. It provides a modular architecture with planning agents, reactive agents, and tool-calling agents that can execute code, browse the web, search for information, and handle files. Built as the open alternative to Manus AI, it gained over 55,000 GitHub stars and supports multi-agent collaboration with real-time execution feedback.

open-sourceOpen Source
Agent Zero logo

Agent Zero

Transparent AI agent framework with 100+ skills and real-time visibility

Agent Zero is an open-source general-purpose AI agent framework with 16,700+ GitHub stars that uses the computer itself as a tool. Unlike structured orchestration frameworks, it provides full transparency where every thought, action, and tool call is visible and editable in real time, supporting 100+ extensible skills.

open-sourceOpen Source
OpenFang logo

OpenFang

Rust-based agent OS with built-in security, WASM sandboxing, and multi-agent runtime

OpenFang is an open-source agent operating system built in Rust that provides a secure multi-agent runtime with WASM sandboxing, auditability layers, and multi-channel communication. It goes beyond typical orchestration SDKs by treating agent security and operational isolation as first-class concerns, making it suitable for teams deploying agents in environments where trust boundaries and audit trails matter.

open-sourceOpen Source