Slack App Integration
Manage the full incident response lifecycle from Slack - get notified, ask questions, apply fixes, and validate resolutions without leaving your chat.
Incident response shouldn't require context-switching between dashboards. Today, we're launching the Kestrel Slack App - manage the entire incident response lifecycle without leaving your chat.
Real-Time Notifications
When Kestrel detects an incident - whether in Kubernetes or your cloud environment (AWS, GCP, Azure, OCI) - namespace owners and admins are instantly notified in Slack. Each notification includes:
- Incident type, severity, and affected resources
- Full root cause analysis with timeline of events
- Generated YAML/CLI fixes ready to apply
- Automatic @mentions of the relevant team members
Kestrel filters out transient events (like Kubernetes node lifecycle operations or AWS auto-scaling activities) so you only get notified about real incidents that need attention.
Interactive Q&A
Reply to any incident thread to ask questions in natural language. The Kestrel incident chat agent has full context - all signals, the RCA, timeline, and generated fixes - and can perform live investigations in your cluster or cloud account to answer questions.
Ask things like "Why did the ISR shrink?", "Which pods are affected?", or "What would happen if I apply this fix?" - and get answers grounded in real-time data.
Apply Fixes from Slack
Every incident notification includes actionable buttons. Click Apply Fix to see a confirmation dialog with the exact changes, then approve to execute. For Kubernetes incidents, fixes are applied via the Kestrel Operator. For cloud incidents (AWS, GCP, Azure, OCI), fixes execute via the respective cloud CLI or API.
All fix applications are logged with the Slack user who approved them, providing a full audit trail.
Validate Resolutions
After applying a fix, click Validate Fix to trigger AI agents to investigate your cloud environment and confirm the issue is actually resolved. Kestrel re-examines events, logs, pod statuses (for Kubernetes) or audit logs and resource states (for cloud incidents) to confirm the issue is actually resolved.
You'll see one of four outcomes: ✓ Fixed, ⚠ Not Fixed, ✕ Recurring.
Thread Management
Each incident gets its own Slack thread, keeping discussions organized. All Q&A, fix applications, and validation results are posted to the same thread - creating a complete record of how the incident was handled.
Ask Anything from Slack
Beyond incident response, you can ask any question about your cloud accounts or Kubernetes clusters directly from Slack - whether you're debugging an issue with teammates in a shared channel, investigating a production problem during an incident call, or just quickly checking resource configuration without switching to a console.
Use /kestrel clouds to list your connected cloud accounts, then use the @cloud:account-name syntax to ask questions about specific accounts. For example: "What security groups allow SSH from 0.0.0.0/0 in @cloud:aws-prod?"
Similarly, use /kestrel clusters to list connected Kubernetes clusters, then target specific clusters with @cluster:cluster-name. For example: "Show me pods in CrashLoopBackOff in @cluster:gke-prod"
Getting Started
Install the Kestrel Slack app from Integrations → Slack in the Kestrel dashboard. The OAuth flow requests only the permissions needed for notifications and messaging. Once installed, Kestrel will automatically send incident notifications to your #incidents or #cloud-incidents channels. Invite @Kestrel to any channel to ask questions about your cloud and Kubernetes infrastructure directly from that channel.