A Kubernetes-native Claude Code watcher that monitors pods, detects errors, and applies hotfixes directly, or just writes a report on its findings.
Clopus Watcher runs as a CronJob that:
- Monitors pods in a target namespace
- Detects degraded pods (CrashLoopBackOff, Error, etc.)
- Reads logs to understand the error
- Execs into the pod, explores and applies a hotfix
- Records the fix to SQLite & provides a report
A separate Dashboard deployment provides a web UI to view all detected errors and applied fixes.
Cluster:
- Kubernetes cluster
- Sealed Secrets (for API key / Claude Code Credentials file)
Local (to build the images):
- podman / docker / etc.
- kubectl
- container registry access
| Environment Variable | Description | Default |
|---|---|---|
TARGET_NAMESPACE |
Namespace to monitor | default |
AUTH_MODE |
Auth method: api-key or credentials |
api-key |
WATCHER_MODE |
Watcher mode: autonomous or watcher |
autonomous |
ANTHROPIC_API_KEY |
Claude API key (if AUTH_MODE=api-key) | - |
SQLITE_PATH |
Path to SQLite database | /data/watcher.db |
# 1. Create namespace
kubectl create namespace clopus-watcher
# 2. Create secret with API key
kubectl create secret generic claude-auth \
--namespace clopus-watcher \
--from-literal=api-key=sk-ant-xxxxx
# 3. Ensure AUTH_MODE=api-key in k8s/cronjob.yaml (default)
# 4. Deploy
./scripts/deploy.sh# 1. Create namespace
kubectl create namespace clopus-watcher
# 2. Create secret from credentials file
kubectl create secret generic claude-credentials \
--namespace clopus-watcher \
--from-file=credentials.json=$HOME/.claude/.credentials.json
# 3. Edit k8s/cronjob.yaml:
# - Set AUTH_MODE=credentials
# - Uncomment claude-credentials volume and volumeMount
# 4. Deploy
./scripts/deploy.sh