Skip to main content

On This Page
← AI News
AI News Cloud Native Kubernetes

Accelerating Kubernetes Package Creation with KIRO and AMDF MCP

3 min read
Share

These articles are AI-generated summaries. Please check the original sources for full details.

Using KIRO and AMDF MCP to Build Reusable Kubernetes KRO Packages

KIRO and AMDF MCP automate the generation of reusable Kubernetes packages from CRDs, reducing a multi-hour process to a conversation lasting only minutes. This system utilizes the KCL language to provide strong typing and validation at development time, ensuring that infrastructure as data is robust and maintainable. The demo showcases a migration from Crossplane to KRO, orchestrating RDS, EC2, and External Secrets within a single ResourceGraphDefinition.

Why This Matters

In modern cloud-native environments, managing complex infrastructure through traditional YAML often leads to repetitive configurations and manual errors. By shifting to KCL-based ResourceGraphDefinitions via KRO, developers can abstract multiple resources into a single claim, providing a scalable alternative to manual CRD management.

This approach bridges the gap between raw infrastructure definitions and high-level developer abstractions. By leveraging the Model Context Protocol (MCP) to bridge AI-driven prompting with local development tools, engineers can generate infrastructure code that is not only fast but also strictly validated against existing cluster CRDs.

Key Insights

  • KIRO + AMDF MCP reduces Kubernetes package creation time from hours to minutes through AI-assisted prompting.
  • KCL replaces traditional YAML to provide strong typing, validation at development time, and abstraction capabilities.
  • The ResourceGraphDefinition (RGD) in KRO enables the creation of custom APIs, such as the KeycloakStack, which automatically manages multiple underlying resources.
  • Integration with AWS Controllers for Kubernetes (ACK) and External Secrets Operator (ESO) allows for seamless management of RDS instances and AWS Secrets Manager.
  • CEL expressions within KCL enable conditional resource inclusion, such as switching between local PostgreSQL and AWS RDS based on the localTest boolean.

Working Examples

KCL ResourceGraphDefinition using helper functions and conditional logic to define a Keycloak stack.

import blueprints

_buildPostgresContainer = lambda image: str, secretName: str -> any {
{
name = "postgres"
image = image
ports = [{
containerPort = 5432
}]
env = [
{
name = "POSTGRES_DB"
value = "keycloak"
}
]
}
}

blueprints.ResourcegraphdefinitionBlueprint {
_metadataName = "keycloak-stack"
_schema = {
apiVersion = "v1alpha1"
kind = "KeycloakStack"
group = "kro.run"
spec.projectName = "string | default=demo"
spec.localTest = r"""boolean | required=true"""
}
_resources = [
{
id = "postgresSecret"
includeWhen = [r"${schema.spec.localTest}"]
template = {
apiVersion = "v1"
kind = "Secret"
metadata.name = r"postgres-secrets-${schema.spec.projectName}"
stringData = {
password = r"${schema.spec.postgresPassword}"
}
}
}
]
}

Sample KeycloakStack custom resource manifest for deploying to AWS RDS.

apiVersion: kro.run/v1alpha1
kind: KeycloakStack
metadata:
  name: keycloak-dev
  namespace: default
spec:
  projectName: "dev"
  environment: "dev"
  keycloakMode: "start-dev"
  keycloakReplicas: 1
  localTest: false
  rdsInstanceClass: "db.t3.micro"
  rdsAllocatedStorage: 20
  rdsEngineVersion: "17"
  rdsDBName: "keycloak"
  rdsUsername: "keycloak"
  rdsManageMasterUserPassword: true
  rdsSubnetIDs:
    - "subnet-0436a5657992422d2"
    - "subnet-03fc372cafad1feec"
  rdsVPCID: "vpc-0d7e4425ca4d23f89"
  rdsAllowedCIDRs:
    - "10.0.0.0/16"

Practical Applications

  • Use Case: Automating Keycloak deployment with RDS backend using the KeycloakStack API to handle database provisioning and secret syncing via External Secrets Operator. Pitfall: Hardcoding environment-specific values in KCL templates leads to non-reusable packages; use schema parameters instead.
  • Use Case: Migrating infrastructure from Crossplane to KRO using helper functions to construct reusable container and service templates. Pitfall: Over-complicating KCL logic with nested lambdas can make debugging ResourceGraphDefinitions difficult without proper validation tests.

References:

Continue reading

Next article

Pinghawk: Automating Root Cause Analysis with Hawk Mode Snapshots

Related Content

Nov 17, 2025

KubeCon NA 2025 - Erica Hughberg and Alexa Griffith on Tools for the Age of GenAI

KubeCon 2025 highlighted the need for new tools to support GenAI, with speakers advocating for Kubernetes, Envoy AI Gateway, and KServe.

Read article
May 15, 2026

Optimizing Mac Kubernetes Labs: Migrating from Multipass to OrbStack

Learn how OrbStack reduces Kubernetes VM boot times from 60 seconds to under 3 seconds while optimizing resource allocation on Apple Silicon.

Read article
Mar 17, 2026

Optimizing AKS Deployments via Centralized Azure DevOps YAML Templates

Streamline Azure Kubernetes Service deployments using centralized YAML templates and Helm to reduce manual configuration errors and standardize API delivery.

Read article