Module 8: Configure, Wire, and Test Your Kubernetes Agent
Duration: 90 minutes
Day: Day 3, Session 2
This module combines the former Module 8 (tool wiring, 75 min) and Module 10 Track C (testing, 90 min) into a single BUILD-AND-TEST lab (90 min). The 5-phase flow — Configure (20 min) → Test Clean (15 min) → Test Failures (30 min) → Report (10 min) → Safety (5 min) — lets you configure your agent and immediately evaluate it against real failure scenarios on a KIND cluster.
Why consolidated: Eliminate repeated environment setup, create an immediate feedback loop (config → test → evaluate in one session), reduce cognitive burden by using real Kubernetes instead of mock mode environment variables.
What This Module Is About
Your SKILL.md from Module 7 tells the agent what to do. This module gives the agent the tools to actually do it.
Tools are how agents reach beyond their context window to interact with the real world: executing shell commands, calling APIs, reading files, browsing documentation. Without tools, an agent is a conversation. With tools, it is an operator.
This module covers three tool integration patterns (CLI, API, MCP), safety boundary configuration, and SOUL.md — the identity file that defines who your agent is and what it is allowed to do.
Learning Objectives
By the end of this module, you will be able to:
- Configure three tool integration patterns in Hermes: direct CLI subprocess, API HTTP calls, and MCP server protocol
- Set safety boundaries using allowed/blocked command lists and credential protection — so your agent cannot accidentally (or maliciously) run destructive operations
- Write a SOUL.md identity file that shapes your agent's role, tone, and behavioral constraints
- Explain MCP as a standardized tool protocol and why it matters for tool interoperability across different AI systems
Prerequisites
- Module 7 Track C completed (you have a working SKILL.md)
- Hermes installed and running
- KIND cluster running and accessible via
kubectl cluster-info --context kind-lab - Anthropic API token (obtain via
claude setup-tokenin Claude Code)
Module Contents
| Section | Content | Time |
|---|---|---|
| Reading | Concepts: Tool Types, MCP, and Safety | 15 min |
| Reading | Reference: Tool Configuration and Safety Setup | 10 min |
| Lab | Track C: Build and Test Your Kubernetes Agent (5 phases: Config, Test Clean, Test Failures, Report, Safety) | 90 min |
| Quiz | Module 8 Assessment | 10 min |
| Exploratory | Stretch Projects | Optional |
Key Concept: Tools Define What Agents Can Do
Think of tool configuration as your agent's access control policy. You define:
- Allowed tools: What categories of action are permitted (terminal, web, files)
- Allowed commands: Which specific commands the agent can run
- Blocked commands: Explicit denials — destructive operations that should never execute autonomously
- Credential scope: Which secrets the agent can access and from where
This is context engineering at the access control layer: you are not just defining what the agent knows, you are defining what it is allowed to do. The discipline is identical to RBAC — principle of least privilege applied to agent capabilities.