v1alpha1

package
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 16, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package v1alpha1 contains the v1alpha1 API types for MCP resources. +kubebuilder:object:generate=true +groupName=mcp.kuadrant.io +versionName=v1alpha1

Package v1alpha1 contains API Schema definitions for the mcp v1alpha1 API group. +kubebuilder:object:generate=true +groupName=mcp.kuadrant.io

Index

Constants

View Source 
const (
	// ConditionTypeReady signals if a resource is ready
	ConditionTypeReady = "Ready"
	// ConditionReasonSuccess is the success reason users see
	ConditionReasonSuccess = "ValidMCPGatewayExtension"
	// ConditionReasonInvalid is the reason seen when invalid configuration occurs
	ConditionReasonInvalid = "InvalidMCPGatewayExtension"
	// ConditionReasonRefGrantRequired is the reason users will see when a ReferenceGrant is missing
	ConditionReasonRefGrantRequired = "ReferenceGrantRequired"
	// ConditionReasonDeploymentNotReady is the reason when the broker-router deployment is not ready
	ConditionReasonDeploymentNotReady = "DeploymentNotReady"

	// ConditionReasonSecretNotFound is the reason when the trusted headers secret is missing
	ConditionReasonSecretNotFound = "SecretNotFound"
	// ConditionReasonSecretInvalid is the reason when the secret lacks the required key
	ConditionReasonSecretInvalid = "SecretInvalid"
	// HTTPRouteManagementEnabled means the operator creates and manages the HTTPRoute
	HTTPRouteManagementEnabled HTTPRouteManagementPolicy = "Enabled"
	// HTTPRouteManagementDisabled means the operator does not create an HTTPRoute
	HTTPRouteManagementDisabled HTTPRouteManagementPolicy = "Disabled"

	// KeyGenerationEnabled means the operator generates an ECDSA P-256 key pair
	KeyGenerationEnabled KeyGenerationPolicy = "Enabled"
	// KeyGenerationDisabled means the operator does not generate keys
	KeyGenerationDisabled KeyGenerationPolicy = "Disabled"

	// InvalidToolPolicyFilterOut skips invalid tools and serves valid ones
	InvalidToolPolicyFilterOut InvalidToolPolicy = "FilterOut"
	// InvalidToolPolicyRejectServer rejects all tools from a server if any are invalid
	InvalidToolPolicyRejectServer InvalidToolPolicy = "RejectServer"
)

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects.
	GroupVersion = schema.GroupVersion{Group: "mcp.kuadrant.io", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type HTTPRouteManagementPolicy added in v0.5.1 

type HTTPRouteManagementPolicy string

HTTPRouteManagementPolicy defines how the operator manages the gateway HTTPRoute +kubebuilder:validation:Enum=Enabled;Disabled

type InvalidToolPolicy added in v0.6.0 

type InvalidToolPolicy string

InvalidToolPolicy controls behavior when upstream MCP tools have invalid schemas +kubebuilder:validation:Enum=FilterOut;RejectServer

type KeyGenerationPolicy added in v0.5.1 

type KeyGenerationPolicy string

KeyGenerationPolicy defines whether the operator generates an ECDSA P-256 key pair +kubebuilder:validation:Enum=Enabled;Disabled

type ListenerConfig added in v0.5.1 

type ListenerConfig struct {
	// port is the port number from the Gateway listener
	Port uint32 `json:"port,omitempty"`
	// hostname is the hostname from the Gateway listener (may be empty or a wildcard)
	Hostname string `json:"hostname,omitempty"`
	// name is the listener name (sectionName)
	Name string `json:"name,omitempty"`
}

ListenerConfig holds configuration extracted from a Gateway listener. This is an internal type not exposed via CRD.

func (*ListenerConfig) DeepCopy added in v0.5.1 

func (in *ListenerConfig) DeepCopy() *ListenerConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ListenerConfig.

func (*ListenerConfig) DeepCopyInto added in v0.5.1 

func (in *ListenerConfig) DeepCopyInto(out *ListenerConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MCPGatewayExtension 

type MCPGatewayExtension struct {
	metav1.TypeMeta `json:",inline"`

	// metadata is a standard object metadata
	// +optional
	metav1.ObjectMeta `json:"metadata,omitzero"`

	// spec defines the desired state of MCPGatewayExtension
	// +required
	Spec MCPGatewayExtensionSpec `json:"spec,omitzero"`

	// status defines the observed state of MCPGatewayExtension
	// +optional
	Status MCPGatewayExtensionStatus `json:"status,omitzero"`
}

MCPGatewayExtension extends a Gateway API Gateway to handle the Model Context Protocol (MCP). When created, the controller will: - Deploy a broker-router Deployment and Service in the MCPGatewayExtension's namespace - Create an EnvoyFilter in the Gateway's namespace to route MCP traffic to the broker - Configure the Envoy proxy to use the external processor for MCP request handling

The broker aggregates tools from upstream MCP servers registered via MCPServerRegistration resources, while the router handles MCP protocol parsing and request routing.

Cross-namespace references to Gateways require a ReferenceGrant in the Gateway's namespace.

func (*MCPGatewayExtension) DeepCopy 

func (in *MCPGatewayExtension) DeepCopy() *MCPGatewayExtension

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPGatewayExtension.

func (*MCPGatewayExtension) DeepCopyInto 

func (in *MCPGatewayExtension) DeepCopyInto(out *MCPGatewayExtension)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MCPGatewayExtension) DeepCopyObject 

func (in *MCPGatewayExtension) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*MCPGatewayExtension) HTTPRouteDisabled added in v0.5.1 

func (m *MCPGatewayExtension) HTTPRouteDisabled() bool

HTTPRouteDisabled returns true if HTTPRouteManagement is set to Disabled

func (*MCPGatewayExtension) InternalHost added in v0.5.1 

func (m *MCPGatewayExtension) InternalHost(port uint32) string

InternalHost returns the internal/private host computed from the targetRef

func (*MCPGatewayExtension) SetReadyCondition 

func (m *MCPGatewayExtension) SetReadyCondition(status metav1.ConditionStatus, reason, message string)

SetReadyCondition sets the Ready condition on the MCPGatewayExtension status

type MCPGatewayExtensionList 

type MCPGatewayExtensionList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitzero"`
	Items           []MCPGatewayExtension `json:"items"`
}

MCPGatewayExtensionList contains a list of MCPGatewayExtension

func (*MCPGatewayExtensionList) DeepCopy 

func (in *MCPGatewayExtensionList) DeepCopy() *MCPGatewayExtensionList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPGatewayExtensionList.

func (*MCPGatewayExtensionList) DeepCopyInto 

func (in *MCPGatewayExtensionList) DeepCopyInto(out *MCPGatewayExtensionList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MCPGatewayExtensionList) DeepCopyObject 

func (in *MCPGatewayExtensionList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type MCPGatewayExtensionSpec 

type MCPGatewayExtensionSpec struct {
	// targetRef specifies the Gateway to extend with MCP protocol support.
	// The controller will create an EnvoyFilter targeting this Gateway's Envoy proxy.
	// +required
	TargetRef MCPGatewayExtensionTargetReference `json:"targetRef,omitzero"`

	// publicHost overrides the public host derived from the listener hostname.
	// Use when the listener has a wildcard and you need a specific host.
	// +optional
	PublicHost string `json:"publicHost,omitempty"`

	// privateHost overrides the internal host used for hair-pinning requests
	// back through the gateway. Defaults to <gateway>-istio.<ns>.svc.cluster.local:<port>.
	// +optional
	PrivateHost string `json:"privateHost,omitempty"`

	// backendPingIntervalSeconds specifies how often the broker pings upstream MCP servers.
	// +optional
	// +kubebuilder:validation:Minimum=10
	// +kubebuilder:validation:Maximum=7200
	// +default=60
	BackendPingIntervalSeconds *int32 `json:"backendPingIntervalSeconds,omitempty"`

	// trustedHeadersKey configures trusted-header key pair for JWT-based tool filtering.
	// When set, the public key secret is wired into the broker deployment.
	// +optional
	TrustedHeadersKey *TrustedHeadersKey `json:"trustedHeadersKey,omitempty"`

	// httpRouteManagement controls whether the operator manages the gateway HTTPRoute.
	// Enabled: creates and manages the HTTPRoute (default).
	// Disabled: does not create an HTTPRoute.
	// +optional
	// +default="Enabled"
	HTTPRouteManagement HTTPRouteManagementPolicy `json:"httpRouteManagement,omitempty"`

	// sessionStore references a secret for redis-based session storage.
	// The secret must exist in the MCPGatewayExtension namespace and contain a CACHE_CONNECTION_STRING key.
	// The value is injected as CACHE_CONNECTION_STRING into the broker-router deployment.
	// When not set, in-memory session storage is used.
	// +optional
	SessionStore *SessionStore `json:"sessionStore,omitempty"`
}

MCPGatewayExtensionSpec defines the desired state of MCPGatewayExtension.

func (*MCPGatewayExtensionSpec) DeepCopy 

func (in *MCPGatewayExtensionSpec) DeepCopy() *MCPGatewayExtensionSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPGatewayExtensionSpec.

func (*MCPGatewayExtensionSpec) DeepCopyInto 

func (in *MCPGatewayExtensionSpec) DeepCopyInto(out *MCPGatewayExtensionSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MCPGatewayExtensionStatus 

type MCPGatewayExtensionStatus struct {
	// conditions represent the current state of the MCPGatewayExtension.
	// The Ready condition indicates whether the broker-router deployment is running
	// and the EnvoyFilter has been successfully applied to the target Gateway.
	// +listType=map
	// +listMapKey=type
	// +patchStrategy=merge
	// +patchMergeKey=type
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
}

MCPGatewayExtensionStatus defines the observed state of MCPGatewayExtension.

func (*MCPGatewayExtensionStatus) DeepCopy 

func (in *MCPGatewayExtensionStatus) DeepCopy() *MCPGatewayExtensionStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPGatewayExtensionStatus.

func (*MCPGatewayExtensionStatus) DeepCopyInto 

func (in *MCPGatewayExtensionStatus) DeepCopyInto(out *MCPGatewayExtensionStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MCPGatewayExtensionTargetReference 

type MCPGatewayExtensionTargetReference struct {
	// group is the group of the target resource.
	// +optional
	// +default="gateway.networking.k8s.io"
	// +kubebuilder:validation:Enum=gateway.networking.k8s.io
	Group string `json:"group,omitempty"`

	// kind is the kind of the target resource.
	// +optional
	// +default="Gateway"
	// +kubebuilder:validation:Enum=Gateway
	Kind string `json:"kind,omitempty"`

	// name is the name of the target resource.
	// +required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name,omitempty"`

	// namespace of the target resource (optional, defaults to same namespace)
	// +optional
	Namespace string `json:"namespace,omitempty"`

	// sectionName is the name of a listener on the target Gateway. The controller will
	// read the listener's port and hostname to configure the MCP Gateway instance.
	// Only one MCPGatewayExtension is allowed per namespace. MCPGatewayExtensions in
	// different namespaces may target different listeners on the same Gateway, provided
	// those listeners use different ports.
	// +required
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=253
	SectionName string `json:"sectionName,omitempty"`
}

MCPGatewayExtensionTargetReference identifies a Gateway listener to extend with MCP protocol support. It follows Gateway API patterns for cross-resource references.

func (*MCPGatewayExtensionTargetReference) DeepCopy 

func (in *MCPGatewayExtensionTargetReference) DeepCopy() *MCPGatewayExtensionTargetReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPGatewayExtensionTargetReference.

func (*MCPGatewayExtensionTargetReference) DeepCopyInto 

func (in *MCPGatewayExtensionTargetReference) DeepCopyInto(out *MCPGatewayExtensionTargetReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MCPServerRegistration 

type MCPServerRegistration struct {
	metav1.TypeMeta `json:",inline"`

	// metadata is a standard object metadata.
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// spec defines the desired state of MCPServerRegistration.
	// +optional
	Spec MCPServerRegistrationSpec `json:"spec,omitempty"`

	// status defines the observed state of MCPServerRegistration.
	// +optional
	Status MCPServerRegistrationStatus `json:"status,omitempty"`
}

MCPServerRegistration defines a collection of MCP (Model Context Protocol) servers to be aggregated by the gateway. It enables discovery and federation of tools from multiple backend MCP servers through HTTPRoute references, providing a declarative way to configure which MCP servers should be accessible through the gateway.

func (*MCPServerRegistration) DeepCopy 

func (in *MCPServerRegistration) DeepCopy() *MCPServerRegistration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPServerRegistration.

func (*MCPServerRegistration) DeepCopyInto 

func (in *MCPServerRegistration) DeepCopyInto(out *MCPServerRegistration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MCPServerRegistration) DeepCopyObject 

func (in *MCPServerRegistration) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type MCPServerRegistrationList 

type MCPServerRegistrationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []MCPServerRegistration `json:"items"`
}

MCPServerRegistrationList contains a list of MCPServerRegistration

func (*MCPServerRegistrationList) DeepCopy 

func (in *MCPServerRegistrationList) DeepCopy() *MCPServerRegistrationList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPServerRegistrationList.

func (*MCPServerRegistrationList) DeepCopyInto 

func (in *MCPServerRegistrationList) DeepCopyInto(out *MCPServerRegistrationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MCPServerRegistrationList) DeepCopyObject 

func (in *MCPServerRegistrationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type MCPServerRegistrationSpec 

type MCPServerRegistrationSpec struct {
	// targetRef specifies an HTTPRoute that points to a backend MCP server.
	// The referenced HTTPRoute should have a backend service that implements the MCP protocol.
	// The controller will discover the backend service from this HTTPRoute and configure
	// the broker to federate tools from that MCP server.
	// +required
	TargetRef TargetReference `json:"targetRef,omitzero"`

	// toolPrefix is the prefix to add to all federated tools from referenced servers.
	// This helps avoid naming conflicts when aggregating tools from multiple sources.
	// For example, if two servers both provide a 'search' tool, prefixes like 'server1_' and 'server2_' ensure they can coexist as 'server1_search' and 'server2_search'.
	// +optional
	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="toolPrefix is immutable once set"
	ToolPrefix string `json:"toolPrefix,omitempty"`

	// path specifies the URL path where the MCP server endpoint is exposed.
	// If not specified, defaults to "/mcp".
	// This allows connecting to MCP servers that use custom paths like "/v1/mcp" or "/api/mcp".
	// +optional
	// +default="/mcp"
	Path string `json:"path,omitempty"`

	// credentialRef references a Secret containing authentication credentials for the MCP server.
	// The Secret should contain a key with the authentication token or credentials.
	// The controller will aggregate these credentials and make them available to the broker via environment variables following the pattern: KAGENTI_{MCP_NAME}_CRED
	// +optional
	CredentialRef *SecretReference `json:"credentialRef,omitempty"`
}

MCPServerRegistrationSpec defines the desired state of MCPServerRegistration. It specifies which HTTPRoutes point to MCP servers and how their tools should be federated.

func (*MCPServerRegistrationSpec) DeepCopy 

func (in *MCPServerRegistrationSpec) DeepCopy() *MCPServerRegistrationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPServerRegistrationSpec.

func (*MCPServerRegistrationSpec) DeepCopyInto 

func (in *MCPServerRegistrationSpec) DeepCopyInto(out *MCPServerRegistrationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MCPServerRegistrationStatus 

type MCPServerRegistrationStatus struct {
	// conditions represent the latest available observations of the MCPServerRegistration's state.
	// Common conditions include 'Ready' to indicate if all referenced servers are accessible.
	// +listType=map
	// +listMapKey=type
	// +patchStrategy=merge
	// +patchMergeKey=type
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`

	// discoveredTools is the number of tools discovered from this MCPServerRegistration.
	// +optional
	DiscoveredTools int32 `json:"discoveredTools,omitempty"`
}

MCPServerRegistrationStatus represents the observed state of the MCPServerRegistration resource. It contains conditions that indicate whether the referenced servers have been successfully discovered and are ready for use.

func (*MCPServerRegistrationStatus) DeepCopy 

func (in *MCPServerRegistrationStatus) DeepCopy() *MCPServerRegistrationStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPServerRegistrationStatus.

func (*MCPServerRegistrationStatus) DeepCopyInto 

func (in *MCPServerRegistrationStatus) DeepCopyInto(out *MCPServerRegistrationStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MCPVirtualServer 

type MCPVirtualServer struct {
	metav1.TypeMeta `json:",inline"`

	// metadata is a standard object metadata.
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// spec defines the desired state of MCPVirtualServer.
	// +optional
	Spec MCPVirtualServerSpec `json:"spec,omitempty"`
}

MCPVirtualServer defines a virtual server that exposes a specific set of tools. It enables tool-level access control and federation by specifying which tools should be accessible through this virtual endpoint.

func (*MCPVirtualServer) DeepCopy 

func (in *MCPVirtualServer) DeepCopy() *MCPVirtualServer

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPVirtualServer.

func (*MCPVirtualServer) DeepCopyInto 

func (in *MCPVirtualServer) DeepCopyInto(out *MCPVirtualServer)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MCPVirtualServer) DeepCopyObject 

func (in *MCPVirtualServer) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type MCPVirtualServerList 

type MCPVirtualServerList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []MCPVirtualServer `json:"items"`
}

MCPVirtualServerList contains a list of MCPVirtualServer

func (*MCPVirtualServerList) DeepCopy 

func (in *MCPVirtualServerList) DeepCopy() *MCPVirtualServerList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPVirtualServerList.

func (*MCPVirtualServerList) DeepCopyInto 

func (in *MCPVirtualServerList) DeepCopyInto(out *MCPVirtualServerList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MCPVirtualServerList) DeepCopyObject 

func (in *MCPVirtualServerList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type MCPVirtualServerSpec 

type MCPVirtualServerSpec struct {
	// description provides a human-readable description of this virtual server's purpose.
	// +optional
	Description string `json:"description,omitempty"`

	// tools specifies the list of tool names to expose through this virtual server.
	// These tools must be available from the underlying MCP servers configured in the system.
	// +required
	// +listType=atomic
	// +kubebuilder:validation:MinItems=1
	Tools []string `json:"tools,omitempty"`
}

MCPVirtualServerSpec defines the desired state of MCPVirtualServer. It specifies which tools should be exposed by this virtual server.

func (*MCPVirtualServerSpec) DeepCopy 

func (in *MCPVirtualServerSpec) DeepCopy() *MCPVirtualServerSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPVirtualServerSpec.

func (*MCPVirtualServerSpec) DeepCopyInto 

func (in *MCPVirtualServerSpec) DeepCopyInto(out *MCPVirtualServerSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretReference 

type SecretReference struct {
	// name is the name of the Secret resource.
	// +required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name,omitempty"`

	// key is the key within the Secret that contains the credential value.
	// If not specified, defaults to "token".
	// +optional
	// +default="token"
	Key string `json:"key,omitempty"`
}

SecretReference identifies a Secret containing credentials for MCP server authentication.

func (*SecretReference) DeepCopy 

func (in *SecretReference) DeepCopy() *SecretReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretReference.

func (*SecretReference) DeepCopyInto 

func (in *SecretReference) DeepCopyInto(out *SecretReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SessionStore added in v0.6.0 

type SessionStore struct {
	// secretName is the name of the secret containing the CACHE_CONNECTION_STRING key.
	// The value should be a redis connection string: redis://<user>:<pass>@<host>:<port>/<db>
	// +required
	// +kubebuilder:validation:MinLength=1
	SecretName string `json:"secretName,omitempty"`
}

SessionStore references a secret containing a redis connection string for session storage.

func (*SessionStore) DeepCopy added in v0.6.0 

func (in *SessionStore) DeepCopy() *SessionStore

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SessionStore.

func (*SessionStore) DeepCopyInto added in v0.6.0 

func (in *SessionStore) DeepCopyInto(out *SessionStore)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TargetReference 

type TargetReference struct {
	// group is the group of the target resource.
	// +optional
	// +default="gateway.networking.k8s.io"
	// +kubebuilder:validation:Enum=gateway.networking.k8s.io
	Group string `json:"group,omitempty"`

	// kind is the kind of the target resource.
	// +optional
	// +default="HTTPRoute"
	// +kubebuilder:validation:Enum=HTTPRoute
	Kind string `json:"kind,omitempty"`

	// name is the name of the target resource.
	// +required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name,omitempty"`

	// namespace of the target resource (optional, defaults to same namespace).
	// +optional
	Namespace string `json:"namespace,omitempty"`
}

TargetReference identifies an HTTPRoute that points to MCP servers. It follows Gateway API patterns for cross-resource references.

func (*TargetReference) DeepCopy 

func (in *TargetReference) DeepCopy() *TargetReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetReference.

func (*TargetReference) DeepCopyInto 

func (in *TargetReference) DeepCopyInto(out *TargetReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TrustedHeadersKey added in v0.5.1 

type TrustedHeadersKey struct {
	// secretName is the name of the secret containing the public key used by the broker
	// to verify trusted-header JWTs. The secret must have a data entry with key "key"
	// containing the PEM-encoded public key.
	// When Generate is Enabled, the operator creates this secret.
	// When Generate is Disabled, this secret must already exist in the namespace.
	// +required
	// +kubebuilder:validation:MinLength=1
	SecretName string `json:"secretName,omitempty"`

	// generate controls whether the operator generates an ECDSA P-256 key pair.
	// Enabled: creates <secretName> (public key) and <secretName>-private (private key)
	// in the MCPGatewayExtension namespace with owner references.
	// Disabled: the secret must already exist (default).
	// Changing this field requires deleting the existing secrets first to ensure
	// the public and private keys are a matching pair.
	// +optional
	// +default="Disabled"
	Generate KeyGenerationPolicy `json:"generate,omitempty"`
}

TrustedHeadersKey configures trusted-header key pair for JWT-based tool filtering. When configured, the public key is injected into the broker deployment via the TRUSTED_HEADER_PUBLIC_KEY env var.

func (*TrustedHeadersKey) DeepCopy added in v0.5.1 

func (in *TrustedHeadersKey) DeepCopy() *TrustedHeadersKey

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustedHeadersKey.

func (*TrustedHeadersKey) DeepCopyInto added in v0.5.1 

func (in *TrustedHeadersKey) DeepCopyInto(out *TrustedHeadersKey)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.