đ It started with a quiet notification at 3:14 AMânot an outage, but a billing alert. Our Kubernetes cluster in `us-east-1` had silently doubled its node count over the weekend, yet the application throughput hadnât budged. The standard Horizontal Pod Autoscaler (HPA) was doing its job technically, but it was acting reactively to fragmented resource requests, spinning up expensive `m5.4xlarge` nodes for pods that requested 4GB of RAM but used 200MB. By the time the DevOps team logged in on Monday, we had burned through $4,000 in unnecessary compute. The traditional solution would be to tweak `requests` and `limits` manually or install a commercial tool like Karpenter or Cast AI. But today, we can build something far more adaptable: an autonomous rightsizing engine that doesnât just react to metrics but plans capacity changes using the new reasoning capabilities of Kiro-cli 1.23.0 and the orchestration power of n8n 2.0.
đ§ The Orchestrator: n8n 2.0 and the AI Agent Node
The backbone of this autonomous system is the newly released n8n 2.0. While previous versions of n8n were excellent for linear automation, the 2.0 release introduces the AI Agent Tool Node, which fundamentally shifts how we handle logic. Instead of building rigid `If-Then` branches for every possible cluster state, we can now define a high-level objectiveâ”Maintain cluster utilization above 80% without violating PDBs”âand let the agent decide the implementation details.
In our rightsizing architecture, n8n acts as the central nervous system. It ingests metrics from Prometheus via webhook and, crucially, connects to our ticketing system (JIRA) to understand context. A CPU spike during a known load test requires a different response than a spike during a quiet Sunday. The n8n 2.0 agent uses the LangChain integration to “think” before acting. It doesn’t just fire off a script; it first checks if a freeze period is active in Google Calendar (using the new native integrations) or if a deployment is currently rolling out.
Here is how we configure the primary Orchestrator Agent in n8n. Note the use of the `decision_maker` tool which wraps our policy logic:
# n8n AI Agent Definition (Simplified YAML representation)
agent:
name: "ClusterCapacityManager"
model: "claude-3-5-sonnet"
temperature: 0.1
system_prompt: |
You are a Senior SRE responsible for cluster cost optimization.
Do not disrupt production workloads.
If utilization drops below 60% on any node pool, initiate a drain plan.
Check the #ops-announcements Slack channel for maintenance windows first.
tools:
- name: "get_prometheus_metrics"
description: "Fetches avg_cpu_usage and memory_pressure over 1h"
- name: "check_freeze_window"
description: "Returns true if we are in a deployment freeze"
- name: "trigger_kiro_plan"
description: "Delegates complex CLI tasks to Kiro-cli"
đ¤ The Architect: Kiro-cli 1.23.0 and the Plan Agent
Once n8n identifies a candidate for rightsizingâsay, a node pool that is heavily fragmentedâit hands the tactical execution over to Kiro-cli. This is where the release of version 1.23.0 becomes critical. We utilize the new Plan Agent (accessible via `kiro-cli chat –agent plan` or Shift+Tab in the terminal), which is capable of breaking down a high-level directive into a multi-step execution strategy.
Standard scripts fail at rightsizing because they lack situational awareness. A script might try to drain a node that contains a single replica of a critical service with a strict Pod Disruption Budget (PDB), causing the drain to hang indefinitely. The Kiro Plan Agent, however, operates differently. It first queries the cluster state, identifies the PDBs, and then formulates a plan to cordon the node, scale up a replacement node in a cheaper pool, wait for readiness, and then evict the pods sequentially.
Crucially, we leverage the new MCP (Model Context Protocol) Registry support in Kiro 1.23.0. This allows Kiro to pull context from disparate sources without us needing to write custom API wrappers. We register a local MCP server that interfaces with our cloud billing API (AWS Cost Explorer or GCP Billing). This enables Kiro to “see” the dollar cost of the current nodes versus the target nodes.
# Kiro-cli MCP Configuration (~/.kiro/settings/mcp.json)
{
"mcpServers": {
"k8s-cost-estimator": {
"command": "uvx",
"args": ["mcp-server-cost-estimator", "--region", "us-east-1"],
"env": {
"AWS_PROFILE": "production-read-only"
}
},
"argocd-inspector": {
"command": "docker",
"args": ["run", "-i", "--rm", "argocd-mcp:latest"]
}
}
}
With this configuration, the Kiro agent can reason: “Moving these 5 pods to spot instances will save $0.45/hour, but the `argocd-inspector` warns that these are stateful workloads. Aborting plan.” This level of autonomous “Safety II” thinkingâwhere the tool focuses on what could go wrongâis what separates modern AI automation from brittle bash scripts.
âď¸ The Hands: Headless Claude and Multi-Session Support
While Kiro plans the strategy, the actual manipulation of manifests and GitOps repositories is handled by Claude Code in headless mode. The newest features in Claude Code allow for “Computer Use” capabilities, but for a DevOps pipeline, we prefer the headless CLI approach (`claude -p`). This allows us to pipe the output of Kiro’s plan directly into a Claude instance that has write access to our infrastructure repository.
We use Kiro’s Multi-session support to keep the context isolated. One session handles the “Safety Check” (scanning logs for errors), while a parallel session handles the “GitOps Commit”. If the Safety Session detects a regression in the canary deployment, it signals n8n to halt the Commit Session. This mimics the separation of duties between a QA engineer and a Release engineer.
In this workflow, Claude Code doesn’t just edit a YAML file; it refactors it. If we are moving from a standard Deployment to a KEDA-based ScaledObject, Claude understands the schema differences. It can verify that the new configuration matches the CRD (Custom Resource Definition) versions present in the cluster.
# Example Prompt for Headless Claude
claude -p "
Review the node_pool.yaml in the current directory.
Refactor the instance type from 'm5.2xlarge' to 't3.xlarge'.
Ensure that the 'taints' and 'tolerations' are preserved.
Run 'kubectl dry-run' to validate the manifest against the current cluster context.
If successful, commit the change to a new branch named 'optimization/node-pool-01'.
"
đĄ The Future: Google Workspace Studio and Lovable
While the combination of n8n, Kiro, and Claude Code offers a powerful toolkit for engineering teams today, we must look at what is coming next. The release of Google Workspace Studio (Dec 2025) presents a threatâor an opportunityâto this bespoke approach. Workspace Studio allows non-technical users to build AI agents using natural language that live directly inside the Google ecosystem.
Imagine a Finance Director who doesn’t know what a Kubernetes pod is, but knows that the cloud bill is too high. Using Workspace Studio, they could create an agent simply by typing: “Monitor the monthly GCP invoice in Drive. If it exceeds $10,000, ask the Engineering Lead in Chat for a cost-saving plan.” This democratizes the trigger for automation, moving it out of Prometheus and into the business layer. Similarly, tools like Lovable are pushing the concept of “vibe coding,” where the entire dashboard for managing these operations is generated on the fly. Instead of maintaining a complex n8n dashboard, a DevOps engineer might simply prompt Lovable: “Build me a React admin panel that shows Kiro’s active plans and allows me to approve them with one click.” This suggests a future where the “glue” code we write in n8n is eventually replaced by transient, AI-generated applications tailored to the specific problem at hand.
đť Conclusion
The convergence of n8n 2.0’s agentic nodes, Kiro-cli’s planning capabilities, and Claude Code’s headless execution creates a closed-loop system for Kubernetes operations that was previously impossible. We are moving away from static automationâscripts that break when the environment changesâtoward predictive orchestration. By implementing the “Plan Agent” pattern, we ensure that our automated systems don’t just execute commands, but actually reason about the consequences of those commands against cost and stability constraints. For the DevOps engineer, the goal is no longer to write the script that drains the node, but to architect the agent that decides when and how to drain it safely.