Skip to main content
The Cloud AI Copilot lets you investigate your infrastructure by asking questions in plain English. Query Kubernetes clusters, cloud resources, metrics, costs, and code — from the Kestrel dashboard or directly in Slack with the /kestrel command. No query syntax, no CLI flags, no context-switching between dashboards.

What the Copilot Can Do

  • Investigate Kubernetes — pod status, crash reasons, resource usage, network policies, recent changes
  • Query cloud resources — AWS EC2, S3, IAM, VPC, and more
  • Analyze metrics — pull Datadog or OpenTelemetry data into the conversation
  • Analyze costs — identify expensive resources, cost trends, and optimization opportunities
  • Investigate code — trace infrastructure changes back to PRs and commits
  • Generate config changes — produce YAML manifests, Terraform plans, and Helm values on demand

Prerequisites

The copilot answers are only as good as the integrations connected. At minimum:
The more integrations you connect, the more context the copilot has. Connect your notification and knowledge source integrations too — Slack history, Confluence, and Jira give the copilot organizational context that improves answers.

Using the Dashboard Chat

  1. Open the Kestrel dashboard at platform.usekestrel.ai
  2. Navigate to Cloud AI Copilot → Chat in the sidebar
  3. Type your question and press Enter
Use @cluster-name to target specific Kubernetes clusters and @cloud:connection-name to target specific AWS or OCI accounts. You can mention multiple targets in a single query. The copilot maintains conversation context across messages, so you can ask follow-up questions naturally. Example conversation:
You: @prod-eks-cluster Why are pods in the payments namespace restarting? Cross-reference with Datadog APM latency metrics for the payments-api service over the last 2 hours. Kestrel: There are 2 pods in CrashLoopBackOff in the payments namespace: payments-api-7f8b9c-x4k2m and payments-worker-6d4a8b-j9n3p. Both started crashing 23 minutes ago after deployment payments-api was updated to image tag v2.14.0. Datadog shows P99 latency for payments-api spiked from 120ms to 4.2s at 14:32 UTC, coinciding with the deployment… You: What PR caused that deployment change, and who approved it? Kestrel: The deployment was updated via ArgoCD sync at 14:32 UTC. The change originated from PR #847 in acme/payments-service, authored by @jane.doe and approved by @john.smith. The PR modified the database connection pool settings, reducing maxConnections from 50 to 10…

Using via Slack

Once the Slack integration is connected, use the /kestrel slash command in any channel or DM:
/kestrel @prod-eks-cluster @staging-eks-cluster compare the resource limits for the auth-service deployment across both clusters — are there any discrepancies in CPU or memory requests?
/kestrel @cloud:prod-aws-380983552929 which EC2 instances in us-east-1 and eu-west-1 have been running for more than 90 days without being part of an auto-scaling group? Include estimated monthly cost for each.
/kestrel @prod-eks-cluster show me all pods that have been OOMKilled in the last 48 hours, grouped by deployment, with their current memory limits vs actual peak usage from Datadog metrics
/kestrel @cloud:prod-aws-380983552929 @cloud:staging-aws-131131252671 compare the IAM role policies attached to the EKS node groups across both accounts — flag any permissions that exist in staging but not in production
Kestrel responds in-thread so conversations stay organized. Other team members can see the answers and ask follow-ups in the same thread.

Example Questions

Kubernetes Investigations

  • @prod-eks-cluster “Why is the auth-service deployment failing readiness probes? Check the container logs, recent config changes, and any related network policy updates in the last 6 hours”
  • @prod-eks-cluster “Show me all pods consuming more than 80% of their memory limit across the payments and checkout namespaces, sorted by how close they are to OOMKill”
  • @staging-gke-cluster “What Helm releases were upgraded in the last 24 hours and did any of them cause pod restart spikes?”
  • @prod-eks-cluster “Trace the full request path from the frontend ingress to the database for the order-service — which services are involved and what network policies apply at each hop?”

Cloud Resource Queries

  • @cloud:prod-aws-380983552929 “Which security groups in the production VPC have inbound rules allowing 0.0.0.0/0 on ports other than 80 and 443?”
  • @cloud:prod-aws-380983552929 “Show me all RDS instances that don’t have automated backups enabled, multi-AZ deployment, or encryption at rest”
  • @cloud:prod-aws-380983552929 @cloud:staging-aws-131131252671` “Compare the Lambda function configurations between prod and staging for the payment-processor functions — are there memory, timeout, or environment variable differences?”

Cost Analysis

  • @cloud:prod-aws-380983552929 “Break down our top 10 most expensive services this month compared to last month, and flag any that increased by more than 20%”
  • @cloud:prod-aws-380983552929 “Estimate how much we’d save if we right-sized all EC2 instances in us-east-1 that have averaged less than 15% CPU utilization over the last 30 days”
  • @cloud:prod-aws-380983552929 “What’s our projected EKS spend for the next quarter based on current growth trends? Break it down by cluster.”

Code Investigations

  • “What PRs were merged to the main branch of acme/infrastructure-terraform in the last 48 hours that touched any IAM policy or security group definitions?”
  • “Show me the git blame for the Kubernetes resource limits in acme/payments-service — when were they last changed and what was the reasoning in the PR description?”
  • “Search across all connected repos for any Terraform code that references the prod-vpc VPC ID — I need to understand all resources deployed into it”

Configuration Changes

When you ask the copilot to make a change — for example, “scale the checkout deployment to 5 replicas” or “add a network policy to block egress from the sandbox namespace” — it generates the configuration change and presents it for your review. You can:
  • Apply directly to the cluster from the dashboard
  • Create a PR to your GitOps repository via GitHub or GitLab
  • Copy the manifest to apply manually
The copilot never applies changes without your explicit approval. All generated configurations are presented for review first.

Enhancing Copilot Context

Connect additional integrations to improve the quality and depth of copilot answers:
IntegrationWhat It Adds
DatadogMetrics, APM traces, and monitor status
OpenTelemetryTraces and custom metrics
ConfluenceRunbooks and architecture documentation
JiraRelated tickets and known issues
GleanCross-tool enterprise knowledge search
GitHub / GitLabCode context, PR history, IaC definitions