This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Faros Documentation

Faros strives to be the best platform as a service for your remote Kubernetes clusters. Where we can do a lot of things, we will structure our documentation around core features. If you have any questions, please reach out to us at Contacts.

For now Faros is predominantly a CLI tool, so we will focus on the CLI documentation. We will also provide some examples of how to use the CLI tool.

1 - Overview

Faros - Platform as a Service for Kubernetes like experience.

Overall Faros is built, so you can build your own platforms on top of it. While we understand that it is not for everyone, we believe that it can be a great tool for those who want to build their own platforms.

In addition we will be working for some core features “out of the box” that can be used by everyone. And hope with time we will be able to provide more features that can be used by everyone.

What is it?

Faros is distributes control-plane for Kubernetes-like control planes.

Why do I want it?

For now we are focusing on the following use-case:

  1. I have remote k8s cluster and I want to access it from my local machine without exposing it to the internet.

  • What is it good for?: You have k3s, k0s, k8s, or any other kubernetes cluster and you want to access it from your local machine without exposing it to the internet.

  • What is it not yet good for?: We will enable more features in the future that will make it more useful for other use-cases. In example 0 trust access to the cluster, or multi-tenancy where we can expose only certain namespaces to certain users. This allows you to share your cluster with others without giving them full access to the cluster.

Where should I go next?

To get started, check out the following sections:

2 - Getting Started

How to get started with Faros.

2.1 - Install CLI

How to install and use faros CLI.

Faros CLI is a kubectl plugin that provides a modern, user-friendly interface for managing Kubernetes clusters and AI agents through the Faros platform.

Prerequisites

Plugin Installation

Execute the commands below to add the Faros plugin and install it:

kubectl krew index add faros https://github.com/faroshq/krew-index.git
kubectl krew install faros/faros

To update the plugin, run:

kubectl krew upgrade

Authentication

Before using any Faros commands, authenticate with the Faros platform:

kubectl faros login

This command will:

  1. Start a local authentication server
  2. Open your browser to complete OAuth authentication
  3. Save your credentials to ~/.kube/config-faros
  4. Display next steps for getting started

Available Commands

The Faros CLI provides the following command groups:

Cluster Management

Manage your Kubernetes clusters through Faros:

# List all clusters
kubectl faros clusters
kubectl faros clusters list

# Create a new cluster
kubectl faros clusters init <cluster-name>

# Delete a cluster
kubectl faros clusters delete <cluster-name>

# Get MCP server details for a cluster
kubectl faros clusters mcp <cluster-name>

# Open SSH session to a cluster
kubectl faros clusters ssh <cluster-name>

AI Agent Management

Manage AI agents for cluster analysis and automation:

# List all AI agents
kubectl faros ai-agents
kubectl faros ai-agents list

# Create a new AI agent
kubectl faros ai-agents init \
  --name <agent-name> \
  --backend openai \
  --model gpt-4 \
  --api-key <your-api-key>

User Management

Users can be invited and granted access via Kubernetes RBAC. Use the following role binding template with GitHub-authenticated emails:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: workspace-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: faros-sso-{email}

Explore Kubernetes APIs

The Faros platform extends Kubernetes with custom APIs. Check the supported APIs using:

kubectl api-resources

2.2 - Manage Clusters

How to create and manage Kubernetes clusters in Faros.

Faros allows you to register and manage Kubernetes clusters through a simple CLI interface. Once registered, clusters can be accessed remotely via SSH, monitored by AI agents, and integrated with the Faros platform.

Prerequisites

  • Ensure you have installed the Faros CLI. If not, refer to the CLI installation guide.
  • Authenticate with Faros: kubectl faros login

Listing Clusters

View all clusters registered with Faros:

kubectl faros clusters list
# or simply
kubectl faros clusters

This displays:

  • NAME: Cluster name
  • PHASE: Current status (Pending, Initializing, Ready, Failed)
  • AGE: Time since cluster creation

Creating a New Cluster

Initialize a new cluster in the Faros platform:

kubectl faros clusters init <cluster-name>

The initialization process:

  1. Creates a Cluster resource in Faros
  2. Waits for the cluster to be initialized
  3. Creates an Agent resource for the cluster
  4. Generates a JWT token for agent authentication
  5. Provides a kubectl command to run on your target cluster
  6. Waits for the agent to become ready and establish connection

Example workflow:

kubectl faros clusters init production-us-east

# Output will include a command like:
# kubectl apply -f - <<EOF
# [Agent deployment manifests with JWT token]
# EOF
#
# Run this command on your target cluster to connect it to Faros

Accessing Clusters via SSH

Once a cluster is connected, you can open an interactive SSH session:

kubectl faros clusters ssh <cluster-name>

Features:

  • WebSocket-based SSH connection
  • Full terminal support with resize handling
  • Secure authentication via Kubernetes credentials
  • Signal handling for graceful shutdown

MCP Server Integration

Retrieve Model Context Protocol (MCP) server details for AI/LLM integration:

kubectl faros clusters mcp <cluster-name>

This displays:

  • Server name and type
  • Connection URL
  • Required authentication headers

Deleting a Cluster

Remove a cluster from Faros:

kubectl faros clusters delete <cluster-name>

This removes the cluster registration from Faros but does not affect the actual Kubernetes cluster.

2.3 - Manage AI Agents

How to create and manage AI agents for cluster intelligence and automation.

Faros integrates AI agents powered by LLMs to provide intelligent cluster analysis, recommendations, and automation capabilities. AI agents can be deployed to analyze your clusters and provide actionable insights.

Prerequisites

  • Ensure you have installed the Faros CLI. If not, refer to the CLI installation guide.
  • Authenticate with Faros: kubectl faros login
  • An API key for your chosen AI backend (e.g., OpenAI)

Listing AI Agents

View all AI agents in your namespace:

kubectl faros ai-agents list
# or simply
kubectl faros ai-agents

This displays:

  • NAME: Agent name
  • BACKEND: AI backend (e.g., openai)
  • MODEL: Model being used (e.g., gpt-4)
  • PHASE: Current status (Pending, Initializing, Ready, Failed)
  • AGE: Time since agent creation

Creating a New AI Agent

Initialize a new AI agent with specific configuration:

kubectl faros ai-agents init \
  --name <agent-name> \
  --backend openai \
  --model gpt-4 \
  --api-key <your-api-key>

Configuration Options

  • --name: Name of the AI agent
  • --backend: AI backend provider (default: openai)
  • --model: Model to use (e.g., gpt-4, gpt-3.5-turbo)
  • --api-key: API key for the backend (creates a Kubernetes secret)
  • --secret-name: Use an existing Kubernetes secret instead of creating one
  • --secret-key: Key within the secret containing the API key
  • --namespace or -n: Kubernetes namespace for the agent (default: current namespace)

Using Existing Secrets

If you prefer to manage secrets separately:

# First, create a secret with your API key
kubectl create secret generic openai-credentials \
  --from-literal=api-key=<your-api-key>

# Then reference it when creating the agent
kubectl faros ai-agents init \
  --name my-agent \
  --backend openai \
  --model gpt-4 \
  --secret-name openai-credentials \
  --secret-key api-key

Agent Lifecycle

When you create an agent, the CLI:

  1. Creates an Agent resource in the intelligence.faros.sh/v1alpha1 API group
  2. Creates or references a Kubernetes secret for authentication
  3. Waits for the agent to transition to Ready phase
  4. Displays status and next steps

Example Workflow

# List existing agents
kubectl faros ai-agents list

# Create a new agent for production cluster analysis
kubectl faros ai-agents init \
  --name prod-analyzer \
  --backend openai \
  --model gpt-4 \
  --api-key sk-...

# Wait for agent to be ready
# Output: Agent "prod-analyzer" created and is now Ready

# List agents to verify
kubectl faros ai-agents list

Backend Support

Currently supported AI backends:

  • OpenAI: GPT-4, GPT-3.5-turbo, and other OpenAI models

Additional backends may be supported in future releases.

3 - Concepts

Core concepts and architecture of the Faros platform.

Understanding Faros concepts will help you effectively use the platform for managing Kubernetes clusters and AI-powered analysis.

Overview

Faros is built around two main concepts:

Clusters

Clusters are registered Kubernetes environments that connect to Faros via lightweight agents. Each cluster maintains its own lifecycle, provides secure remote access, and exposes data for analysis.

Learn more about Clusters →

AI Agents

AI Agents are intelligent assistants powered by large language models that analyze your clusters, provide recommendations, and help with troubleshooting and optimization.

Learn more about AI Agents →

3.1 - Clusters

Understanding cluster management in Faros.

Faros provides a centralized platform for managing multiple Kubernetes clusters through a unified interface. Clusters are registered with Faros via lightweight agents that provide secure, read-only access for monitoring and analysis.

What is a Cluster in Faros?

A Cluster in Faros represents a registered Kubernetes cluster that is connected to the Faros platform. Each cluster:

  • Has a unique name within your organization
  • Runs a lightweight Faros agent for connectivity
  • Maintains its own lifecycle and status
  • Can be accessed remotely via SSH or API
  • Exposes metrics and data for AI-powered analysis

Cluster Lifecycle

Clusters in Faros go through the following phases:

  1. Pending: Cluster resource has been created but initialization hasn’t started
  2. Initializing: Cluster is being set up, agent is being configured
  3. Ready: Cluster is fully connected and operational
  4. Failed: Cluster encountered an error during setup or operation
  5. Deleting: Cluster is being removed from Faros
  6. Deleted: Cluster has been successfully removed

Agent Architecture

When you initialize a cluster in Faros, an Agent resource is created. The agent:

  • Runs as a deployment in your Kubernetes cluster
  • Establishes a secure WebSocket tunnel to Faros
  • Uses JWT authentication for secure communication
  • Provides read-only access to cluster resources
  • Exposes MCP (Model Context Protocol) servers for AI integration
  • Sends periodic heartbeats to maintain connection status

Agent Deployment

The agent is deployed to your cluster using standard Kubernetes manifests:

apiVersion: core.faros.sh/v1alpha1
kind: Agent
metadata:
  name: <cluster-name>
spec:
  clusterName: <cluster-name>
  token: <jwt-token>

Remote Access

Faros provides secure remote access to your clusters without exposing them to the internet:

SSH Access

kubectl faros clusters ssh <cluster-name>

This opens an interactive terminal session that:

  • Uses WebSocket-based SSH tunneling
  • Supports full terminal features (colors, resize, signals)
  • Authenticates using your Faros credentials
  • Provides secure access without VPN or direct network exposure

MCP Server Access

For AI and LLM integration, clusters expose MCP servers:

kubectl faros clusters mcp <cluster-name>

This provides connection details for AI agents to query cluster data and metrics.

Multi-Cluster Management

Faros is designed for organizations managing multiple clusters:

  • Unified View: List and manage all clusters from one interface
  • Consistent Tooling: Same CLI commands work across all clusters
  • Centralized Authentication: Single sign-on via OAuth for all clusters
  • RBAC Integration: Kubernetes-native access control using ClusterRoleBindings

Security Model

Faros clusters follow these security principles:

  • Read-Only by Default: Agents provide read-only access to cluster data
  • No Inbound Connections: Clusters initiate outbound connections only
  • Token-Based Authentication: JWT tokens authenticate agents
  • Kubernetes-Native RBAC: Standard Kubernetes roles control access
  • TLS Encryption: All communication is encrypted in transit

Use Cases

Common scenarios for Faros cluster management:

  1. Multi-Cluster Monitoring: Track status of production, staging, and development clusters
  2. AI-Powered Analysis: Connect AI agents to analyze cluster health and performance
  3. Remote Troubleshooting: SSH into clusters without direct network access
  4. Team Collaboration: Share cluster access with team members via RBAC
  5. Compliance Auditing: Centralized access logs and audit trails

3.2 - AI Agents

Understanding AI agents in Faros and their capabilities.

AI Agents in Faros provide intelligent analysis, recommendations, and automation for your Kubernetes clusters. Powered by large language models, they help identify issues, optimize configurations, and provide actionable insights.

What is an AI Agent?

An AI Agent in Faros is a resource that connects a large language model (LLM) to your Kubernetes clusters for intelligent analysis. Each agent:

  • Connects to an AI backend (e.g., OpenAI, Anthropic)
  • Uses a specific model (e.g., GPT-4, Claude)
  • Has secure API key management via Kubernetes secrets
  • Can analyze cluster data and provide recommendations
  • Integrates with Faros clusters via MCP servers

Agent Components

Intelligence Backend

The backend is the AI service provider:

  • OpenAI: GPT-4, GPT-3.5-turbo, GPT-4-turbo
  • Additional backends planned for future releases

Model Selection

Different models offer different capabilities:

  • GPT-4: Advanced reasoning, complex analysis
  • GPT-3.5-turbo: Fast responses, cost-effective
  • GPT-4-turbo: Balanced performance and cost

Agent Lifecycle

AI Agents go through these phases:

  1. Pending: Agent resource created, waiting for initialization
  2. Initializing: Connecting to AI backend, validating credentials
  3. Ready: Agent is operational and available for tasks
  4. Failed: Agent encountered an error (invalid API key, network issues)
  5. Deleting: Agent is being removed
  6. Deleted: Agent has been successfully removed

Authentication and Secrets

AI Agents require API keys to connect to backend services. Faros supports two approaches:

Automatic Secret Creation

When you provide --api-key, the CLI creates a secret:

kubectl faros ai-agents init \
  --name my-agent \
  --backend openai \
  --model gpt-4 \
  --api-key sk-...

This creates a Kubernetes secret: <agent-name>-api-key

Manual Secret Management

For better secret management, create secrets separately:

# Create secret
kubectl create secret generic ai-credentials \
  --from-literal=openai-key=sk-...

# Reference it in the agent
kubectl faros ai-agents init \
  --name my-agent \
  --backend openai \
  --model gpt-4 \
  --secret-name ai-credentials \
  --secret-key openai-key

Cluster Integration

AI Agents connect to clusters through:

MCP (Model Context Protocol) Servers

Clusters expose MCP servers that agents query for data:

# Get MCP server details
kubectl faros clusters mcp production-cluster

The agent uses these endpoints to:

  • Fetch cluster metrics
  • Query resource status
  • Analyze configurations
  • Generate recommendations

Cluster Selector

Agents can target specific clusters:

apiVersion: intelligence.faros.sh/v1alpha1
kind: Agent
metadata:
  name: prod-analyzer
spec:
  backend: openai
  model: gpt-4
  clusterSelector:
    matchLabels:
      environment: production

Use Cases

Common scenarios for AI Agents:

Cluster Health Analysis

Agents analyze resource usage, pod status, and configurations to identify:

  • Resource bottlenecks
  • Misconfigured services
  • Security vulnerabilities
  • Cost optimization opportunities

Troubleshooting Assistant

When issues occur, agents help:

  • Diagnose error patterns in logs
  • Suggest remediation steps
  • Identify root causes
  • Provide runbook recommendations

Configuration Optimization

Agents review configurations and suggest:

  • Resource limit adjustments
  • Scaling policies
  • Network policy improvements
  • Storage optimizations

Compliance and Security

Agents audit clusters for:

  • Security best practices
  • Policy violations
  • Exposed secrets
  • Non-compliant configurations

API Resource Definition

AI Agents are defined in the intelligence.faros.sh/v1alpha1 API group:

apiVersion: intelligence.faros.sh/v1alpha1
kind: Agent
metadata:
  name: production-analyzer
  namespace: default
spec:
  backend: openai
  model: gpt-4
  secretRef:
    name: openai-credentials
    key: api-key
  clusterSelector:
    matchLabels:
      environment: production
status:
  phase: Ready
  lastHeartbeat: "2024-06-02T10:30:00Z"
  conditions:
    - type: Ready
      status: "True"
      lastTransitionTime: "2024-06-02T10:25:00Z"

Best Practices

Secret Management

  • Use separate secrets for different environments
  • Rotate API keys regularly
  • Use RBAC to restrict secret access
  • Never commit secrets to version control

Model Selection

  • Use GPT-4 for complex analysis requiring deep reasoning
  • Use GPT-3.5-turbo for quick checks and simple queries
  • Consider cost vs. capability trade-offs

Agent Naming

  • Use descriptive names: prod-cost-analyzer, staging-security-audit
  • Include environment in name for clarity
  • Use consistent naming conventions

Resource Organization

  • Deploy agents in dedicated namespaces
  • Use labels for grouping and filtering
  • Apply resource quotas to prevent excessive API usage

4 - Examples

See your project in action!

This is a placeholder page that shows you how to use this template site.

Do you have any example applications or code for your users in your repo or elsewhere? Link to your examples here.

5 - API

Faros API documentation.

Top use Swagger Authentication feature use the following swagger instance: https://api.faros.sh/swagger/

We are working on more smooth integration with the API documentation.

When authenticating, use ClientID: faros and mark all scopes.