[HN Gopher] Show HN: Magic Happens - let ChatGPT manage your Kub...
___________________________________________________________________
Show HN: Magic Happens - let ChatGPT manage your Kubernetes cluster
I built this kubernetes operator as a proof of concept this
weekend.. It only has a single required item in the spec, a
freeform description field. The operator will use chatgpt to
generate a spec, then immediately apply it to the cluster. It makes
some attempt to correct errors if there's a problem with the
syntax. It will leave additional comments, questions or
instructions in the status field of the object. I built this in a
weekend and it's still quite unrefined. It's in no way production
ready, please don't use it for anything real, but it works better
than you would think, considering how simple it is. If you're going
to use it, run it on a local cluster like 'kind'. Some
descriptions to try: * install a redis namespace with a redis
cluster and a service in it * create an argocd application in the
argocd namespace to install velero. * write a python script that
lists all ec2 instances in us-east-1, and run it as a k8s job with
the aws credentials already saved in the default namespace.. a
somewhat longer description that also worked: given the following
spec: --- kind: MagicHappens apiVersion: gptmagic.io/v1 metadata:
name: foo spec: description: this is a freeform description field
that will be sent to chatgpt to generate kubernetes resources
dryRun: false --- Can you create more magic happens resources, each
of which describes an argocd application that needs to be created
to install a helm chart for one of the standard cluster addons that
need to be installed on a cluster for it to be production ready.
The description should be be freeform text like the following:
"Create an argocd application in the argocd namespace to install
istio from the helm chart with all the defaults" or "Create an
argocd application in the argocd namespace to install prometheus
and grafana, with an ingress enabled for grafana". Be very thorough
and included as many apps that might be needed for a prod ready
cluster using industry standard CNCF projects if possible. (this
produces a list of additional resources for the operator, which the
operator then goes on to create argocd applications for -- it also
left comments with instructions on one of the resources for how
configure it to work with your cloud provider something to note is
that since you can run arbitrary containers with arbitrary
commands, and chatgpt can write arbitrary code, you don't have to
limit yourself to k8s stuff.. if you've got saas credentials on the
cluster, you can just tell it to run a python script as a job to do
whatever you want. Since most people are cowards, there's a dryRun
field that defaults to true, so it only attaches the spec to the
object. It is _scary_ how well this works.
Author : empath-nirvana
Score : 25 points
Date : 2023-04-17 18:39 UTC (4 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| fraudster wrote:
| Very cool!
| empath-nirvana wrote:
| I'm happy to take feature requests or PRs, btw, there's a ton of
| low hanging fruit here. one thing I want to add is the option to
| commit the results to a github repo so you can still say you're
| doing gitops. obviously with a force push straight to main.
|
| I also barely understand how kopf works and i'm not that great
| with python, so if someone wants to clean up the code for me that
| would be great.
| MuffinFlavored wrote:
| > (you can use gpt-3.5 if you don't have access to gpt-4, but the
| results aren't as reliable
|
| How reliable are the results GPT-4 vs GPT-3.5?
| empath-nirvana wrote:
| The problem is that gpt-3.5 has a tendency to ignore system
| prompts in the api call, that i've noticed, so it'll ignore the
| instructions and send back yaml plus a bunch of plain text that
| the controller can't process
| jakear wrote:
| You have to teach 3.5 how to respond by including example
| user/assistant response pairs in your request. Once you do
| this it pretty reliably follows the structure. I made a
| vscode extension to help with this https://marketplace.visual
| studio.com/items?itemName=jaaxxx.l... (mentioned in an
| earlier ask-hn that seems to have gone missing from the site
| entirely?)
|
| This does bite into your 4096 token limit, unfortunately.
| empath-nirvana wrote:
| if you look at the code, i did do that, it still fairly
| reliably ignored it and sent me lengthy explanations with
| the yaml
| rickette wrote:
| Shouldn't it be called ChaosHappens.
| thewataccount wrote:
| I just had GPT-4 try to add my ssh key into a docker image to run
| git clone - which would work but would leave my private ssh key
| in the final image!
|
| And it's suggested fix had the same issue!
|
| So yeah idk about trusting it more then as an assistant - its too
| good at making incredibly convincing (even working) solutions
| that have massive security/other issues.
| literalAardvark wrote:
| So ask it to review the result for issues and then send it to
| rework.
|
| You know, like everyone does. Why are you expecting it to be
| better than us?
| op00to wrote:
| Some of us don't understand how to accept mistakes and think
| we have to be perfect but we will never be perfect so we work
| harder and ... how do I make burnout a prompt?
| thewataccount wrote:
| > Some of us don't understand how to accept mistakes
|
| I might be miss-interpreting you and the parent but - this
| mistake results in leaking my personal private ssh key into
| a docker image that could be made public.
|
| This is not a mistake that should be acceptable. If you
| made it accidentally that's one thing, but I'm not
| accepting GPT4's first, second, or third attempts (I gave
| up on that prompt) that make that mistake.
| thewataccount wrote:
| > So ask it to review the result for issues and then send it
| to rework.
|
| I did, and it made the same mistake just in a slightly
| different way. I've seen it do this before with other
| problems where it just can't understand what it's mistake
| was.
|
| Also because the image would have built correctly and have
| works, it wouldn't even know there's a problem with the
| autogpt/langchain setups people have been doing.
|
| The scary part to me is most newbies wouldn't be able to
| recognize the problem - adding a file embeds it into the
| image layer, even if you remove the file later in the build
| process.
| Pamar wrote:
| the problem is if the error that it makes are subtle enough
| to be missed by the guy/gal who decided that "now I can take
| care of the Kubernetes install without even having to go to
| StackOverflow or whatever... you know, a place where other
| people with some experience can point out errors in the
| proposed solutions".
| thewataccount wrote:
| Yeah exactly.
|
| I'm not sure how many people would recognize that adding a
| file in one RUN and then removing it in another RUN during
| a Dockerfile build would result in the file still existing
| in one of the layers.
|
| IMO that's a good example of a critical bug (leaked private
| ssh key) that would be difficult to spot for even someone
| who's semi-comfortable with Dockerfiles and just isn't
| familiar with exactly how the build processes works and
| realizes that it will be an issue. Again it looks really
| correct and I think would have worked with no errors.
| majormajor wrote:
| I'd settle for "as good as", not "better."
|
| I've had several similar experiences as the above poster.
| Most recently, I was playing around with an interview
| question and removed a constraint and asked it to update its
| solution for it.
|
| It gave a new solution, but it still didn't work on the new,
| harder input.
|
| I pointed out exactly how it failed, and it said "ah, yes,
| you are right, that should produce True, not false"... and
| spit out exactly the same code.
|
| ...
|
| So now the question is, is it overly mean to pick interview
| questions based on which ones can be extended in ways that
| GPT-4 doesn't understand? ;)
| alienicecream wrote:
| Why are you personally offended that someone on the internet
| found GPT inadequate?
| empath-nirvana wrote:
| To be clear, this would be an insane thing to actually run as
| it is. But you can run everything in dryRun if you just want to
| see what it would install. Although, and i just realized this,
| it'll possibly generate different code after you set dryRun to
| false, so i need to fix that somehow.
| majormajor wrote:
| The idea I've had for things like this is a "run once and
| memoize" approach instead of regenerating each time.
|
| Kinda like a template, but with one key difference: if you
| only store the "template prompt" and modify that prompt you
| may get something pretty substantially different (and overly
| destructive a change!) from the original, so my idea there is
| to record the history of prompts + artifacts but always do
| modifications by asking GPT to apply a change to the memoized
| output, which then gets itself reviewed in dry-run before
| being saved.
| empath-nirvana wrote:
| yeah that was what i was going to do, this is a spare time
| project though so it'll have to wait for the weekend.
|
| It does return the previous output on requests to update
| it, but it's by no means guaranteed to return the same
| results. It does most of the time, though, if the
| description hasn't changed.
| nyellin wrote:
| Interesting, I wrote a bot to debug Kubernetes issues. You wrote
| a bot to generate them ;)
|
| https://github.com/robusta-dev/kubernetes-chatgpt-bot/
|
| Just kidding on that. This looks very cool.
| empath-nirvana wrote:
| they should be friends!
| ecnahc515 wrote:
| How does it handle k8s API versions that were not yet released
| when the model was released?
| empath-nirvana wrote:
| it doesn't!
|
| it will attempt to fix it if the error indicates that the
| version isn't installed though.. Sometimes it'll guess the
| right version.
|
| the error will be returned on the object, though, so you can
| add the correct version in the description.
|
| you can also use the expectedObjects field to put in some
| kubernetes yaml you want it to start with, and it'll attempt to
| adapt it rather than generating all new yaml
| akiselev wrote:
| In the future you can use a vector embedding database to pull
| relevant bits of documentation from version specific
| documentation. With GPT4's 8k context it should be enough to
| get most things in there
| empath-nirvana wrote:
| Yeah, i'm working on that for another project, i might port
| it into this, but that would risk turning this into a real
| thing and less a possibly fun way to destroy your cluster.
| sieabahlpark wrote:
| [dead]
| oznog wrote:
| When you think that: Complexity is the ultimate sophistication.
| jajajajjajaja
___________________________________________________________________
(page generated 2023-04-17 23:01 UTC)