Docs / Integrations / Adapters

Kubernetes Adapter

Gate cluster changes (manifest apply, scale, config references) with structural risk metadata.

Back to Directory Integration Hub Policy Guides API Reference

What it does

Gate cluster changes (manifest apply, scale, config references) with structural risk metadata.

How it works

1. Validate intent

Adapter checks structure only (required fields, types, unknown fields). It does not run policy logic.

2. Normalize action

Intent is mapped to a generic NormalizedAction with action type CLUSTER_CHANGE.

3. Evaluate policy

Governor evaluates centrally with fail-closed semantics. Any uncertainty returns deny.

4. Build plan + execute

Execution plan is descriptive. Default path is dry-run and returns planned external calls.

5. Emit evidence

Decision output includes deterministic evidence packet and stable evidence hash.

Why this is useful

Removes adapter-specific policy drift by centralizing decisions.

Creates one audit and evidence model across all integrations.

Supports safe rollout with dry-run first and explicit approval paths.

Improves incident response because every decision has a deterministic hash.

Use it for

Production cluster safety and release governance

Tier: Tier 1 · Critical Infra

Adapter ID: kubernetes

Action family: CLUSTER_CHANGE

Example intent

{
  "action": "scale_deployment",
  "cluster": "prod-cluster",
  "namespace": "payments",
  "deployment": "api",
  "replicas": 5,
  "requested_by": "deploy-agent"
}

Where to monitor

Integration Runtime View

Adapter health, evaluation outcomes, and dry-run execution traces.

Incidents + Deny Analysis

Investigate denied actions and policy matches with evidence references.

Evidence Docs

Validate evidence hashes and export packets for audits.

Policy Docs

Define allowlists, thresholds, manual gates, and environment controls.