{
  "content": "Kagent namespace workload improvement findings (analyzed 2026-05-15):\n\nHIGH PRIORITY:\n1. Missing CPU Limits: helm-agent, k8s-agent, kagent-controller, kagent-grafana-mcp, kagent-querydoc, kagent-kmcp-controller-manager, and kagent-ui all lack CPU limits. Only kagent-tools (1 CPU) and kagent-oauth2-proxy (100m) have CPU limits set.\n2. kagent-grafana-mcp uses image tag 'latest' (mcp/grafana:latest) with imagePullPolicy: Always — should be pinned to a specific version tag and use imagePullPolicy: IfNotPresent.\n\nMEDIUM PRIORITY:\n3. Missing Liveness Probes: helm-agent, k8s-agent, kagent-grafana-mcp, kagent-querydoc, kagent-tools, kagent-controller, and kagent-ui all lack liveness probes. Only kagent-kmcp-controller-manager (/healthz) and kagent-oauth2-proxy (/ping) have liveness probes.\n4. Missing Security Context hardening (runAsNonRoot, readOnlyRootFilesystem, allowPrivilegeEscalation: false, seccompProfile) on helm-agent and k8s-agent. kagent-oauth2-proxy and kagent-kmcp-controller-manager are the best hardened. kagent-controller and kagent-ui have partial hardening (runAsNonRoot: true, readOnlyRootFilesystem: true).\n\nAll 9 pods were healthy and running at time of analysis. Deployments are Helm-managed (release: kagent, namespace: kagent)."
}
{"error":"failed to generate embedding: failed to invoke Bedrock model for text 0: operation error Bedrock Runtime: InvokeModel, https response error StatusCode: 400, RequestID: 2599be3c-793c-43b6-a930-d39fa16b67bd, ValidationException: messages: Field required"}