kubernetes

package
v0.0.57 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 27, 2026 License: Apache-2.0 Imports: 49 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CustomAuthorizationHeader = HeaderKey("kubernetes-authorization")
	OAuthAuthorizationHeader  = HeaderKey("Authorization")

	CustomUserAgent = "kubernetes-mcp-server/bearer-token-auth"
)
View Source 
const (
	AppKubernetesComponent = "app.kubernetes.io/component"
	AppKubernetesManagedBy = "app.kubernetes.io/managed-by"
	AppKubernetesName      = "app.kubernetes.io/name"
	AppKubernetesPartOf    = "app.kubernetes.io/part-of"
)
View Source 
const DefaultTailLines = int64(100)

DefaultTailLines is the default number of lines to retrieve from the end of the logs

View Source 
const KubeConfigTargetParameterName = "context"

KubeConfigTargetParameterName is the parameter name used to specify the kubeconfig context when using the kubeconfig cluster provider strategy.

Variables

View Source 
var (
	ErrorKubeconfigInClusterNotAllowed = errors.New("kubeconfig manager cannot be used in in-cluster deployments")
	ErrorInClusterNotInCluster         = errors.New("in-cluster manager cannot be used outside of a cluster")
)
View Source 
var InClusterConfig = func() (*rest.Config, error) {

	inClusterConfig, err := rest.InClusterConfig()
	if inClusterConfig != nil {
		inClusterConfig.Host = "https://kubernetes.default.svc"
	}
	return inClusterConfig, err
}

InClusterConfig is a variable that holds the function to get the in-cluster config Exposed for testing

View Source 
var ParameterCodec = runtime.NewParameterCodec(Scheme)
View Source 
var Scheme = scheme.Scheme

Functions

func ExchangeTokenInContext added in v0.0.57 

func ExchangeTokenInContext(
	ctx context.Context,
	stsConfigProvider api.StsConfigProvider,
	oidcProvider *oidc.Provider,
	httpClient *http.Client,
	provider Provider,
	target string,
) context.Context

func GetRegisteredStrategies added in v0.0.53 

func GetRegisteredStrategies() []string

GetRegisteredStrategies returns a sorted list of all registered strategy names. This is useful for error messages and debugging.

func IsInCluster added in v0.0.54 

func IsInCluster(cfg api.ClusterProvider) bool

func RegisterProvider added in v0.0.53 

func RegisterProvider(strategy string, factory ProviderFactory)

RegisterProvider registers a provider factory for a given strategy name. This should be called from init() functions in provider implementation files. Panics if a provider is already registered for the given strategy.

Types

type AccessControlRoundTripper added in v0.0.55 

type AccessControlRoundTripper struct {
	// contains filtered or unexported fields
}

func (*AccessControlRoundTripper) RoundTrip added in v0.0.55 

func (rt *AccessControlRoundTripper) RoundTrip(req *http.Request) (*http.Response, error)

type CloseWatchKubeConfig 

type CloseWatchKubeConfig func() error

type Core added in v0.0.56 

type Core struct {
	api.KubernetesClient
}

func NewCore added in v0.0.56 

func NewCore(client api.KubernetesClient) *Core

func (*Core) ConfigurationContextsDefault added in v0.0.56 

func (c *Core) ConfigurationContextsDefault() (string, error)

ConfigurationContextsDefault returns the current context name TODO: Should be moved to the Provider level ?

func (*Core) ConfigurationContextsList added in v0.0.56 

func (c *Core) ConfigurationContextsList() (map[string]string, error)

ConfigurationContextsList returns the list of available context names TODO: Should be moved to the Provider level ?

func (*Core) ConfigurationView added in v0.0.56 

func (c *Core) ConfigurationView(minify bool) (runtime.Object, error)

ConfigurationView returns the current kubeconfig content as a kubeconfig YAML If minify is true, keeps only the current-context and the relevant pieces of the configuration for that context. If minify is false, all contexts, clusters, auth-infos, and users are returned in the configuration. TODO: Should be moved to the Provider level ?

func (*Core) EventsList added in v0.0.56 

func (c *Core) EventsList(ctx context.Context, namespace string) ([]map[string]any, error)

func (*Core) NamespacesList added in v0.0.56 

func (c *Core) NamespacesList(ctx context.Context, options api.ListOptions) (runtime.Unstructured, error)

func (*Core) NodesLog added in v0.0.56 

func (c *Core) NodesLog(ctx context.Context, name string, query string, tailLines int64) (string, error)

func (*Core) NodesStatsSummary added in v0.0.56 

func (c *Core) NodesStatsSummary(ctx context.Context, name string) (string, error)

func (*Core) NodesTop added in v0.0.56 

func (c *Core) NodesTop(ctx context.Context, options api.NodesTopOptions) (*metrics.NodeMetricsList, error)

func (*Core) PodsDelete added in v0.0.56 

func (c *Core) PodsDelete(ctx context.Context, namespace, name string) (string, error)

func (*Core) PodsExec added in v0.0.56 

func (c *Core) PodsExec(ctx context.Context, namespace, name, container string, command []string) (string, error)

func (*Core) PodsGet added in v0.0.56 

func (c *Core) PodsGet(ctx context.Context, namespace, name string) (*unstructured.Unstructured, error)

func (*Core) PodsListInAllNamespaces added in v0.0.56 

func (c *Core) PodsListInAllNamespaces(ctx context.Context, options api.ListOptions) (runtime.Unstructured, error)

func (*Core) PodsListInNamespace added in v0.0.56 

func (c *Core) PodsListInNamespace(ctx context.Context, namespace string, options api.ListOptions) (runtime.Unstructured, error)

func (*Core) PodsLog added in v0.0.56 

func (c *Core) PodsLog(ctx context.Context, namespace, name, container string, previous bool, tail int64) (string, error)

func (*Core) PodsRun added in v0.0.56 

func (c *Core) PodsRun(ctx context.Context, namespace, name, image string, port int32) ([]*unstructured.Unstructured, error)

func (*Core) PodsTop added in v0.0.56 

func (c *Core) PodsTop(ctx context.Context, options api.PodsTopOptions) (*metrics.PodMetricsList, error)

func (*Core) ProjectsList added in v0.0.56 

func (c *Core) ProjectsList(ctx context.Context, options api.ListOptions) (runtime.Unstructured, error)

func (*Core) ResourcesCreateOrUpdate added in v0.0.56 

func (c *Core) ResourcesCreateOrUpdate(ctx context.Context, resource string) ([]*unstructured.Unstructured, error)

func (*Core) ResourcesDelete added in v0.0.56 

func (c *Core) ResourcesDelete(ctx context.Context, gvk *schema.GroupVersionKind, namespace, name string) error

func (*Core) ResourcesGet added in v0.0.56 

func (c *Core) ResourcesGet(ctx context.Context, gvk *schema.GroupVersionKind, namespace, name string) (*unstructured.Unstructured, error)

func (*Core) ResourcesList added in v0.0.56 

func (c *Core) ResourcesList(ctx context.Context, gvk *schema.GroupVersionKind, namespace string, options api.ListOptions) (runtime.Unstructured, error)

func (*Core) ResourcesScale added in v0.0.56 

func (c *Core) ResourcesScale(
	ctx context.Context,
	gvk *schema.GroupVersionKind,
	namespace, name string,
	desiredScale int64,
	shouldScale bool,
) (*unstructured.Unstructured, error)

type HeaderKey 

type HeaderKey string

type Kubernetes 

type Kubernetes struct {
	kubernetes.Interface
	// contains filtered or unexported fields
}

Kubernetes is a limited Kubernetes Client delegating interface to the standard kubernetes.Clientset Only a limited set of functions are implemented with a single point of access to the kubernetes API where apiVersion and kinds are checked for allowed access

func NewKubernetes added in v0.0.56 

func NewKubernetes(config api.BaseConfig, clientCmdConfig clientcmd.ClientConfig, restConfig *rest.Config) (*Kubernetes, error)

func (*Kubernetes) DiscoveryClient added in v0.0.56 

func (k *Kubernetes) DiscoveryClient() discovery.CachedDiscoveryInterface

func (*Kubernetes) DynamicClient added in v0.0.56 

func (k *Kubernetes) DynamicClient() dynamic.Interface

func (*Kubernetes) MetricsV1beta1Client added in v0.0.56 

func (k *Kubernetes) MetricsV1beta1Client() *metricsv1beta1.MetricsV1beta1Client

func (*Kubernetes) NamespaceOrDefault 

func (k *Kubernetes) NamespaceOrDefault(namespace string) string

func (*Kubernetes) RESTConfig added in v0.0.56 

func (k *Kubernetes) RESTConfig() *rest.Config

func (*Kubernetes) RESTMapper added in v0.0.56 

func (k *Kubernetes) RESTMapper() meta.ResettableRESTMapper

func (*Kubernetes) ToDiscoveryClient added in v0.0.55 

func (k *Kubernetes) ToDiscoveryClient() (discovery.CachedDiscoveryInterface, error)

func (*Kubernetes) ToRESTConfig added in v0.0.55 

func (k *Kubernetes) ToRESTConfig() (*rest.Config, error)

ToRESTConfig returns the rest.Config object (genericclioptions.RESTClientGetter)

func (*Kubernetes) ToRESTMapper added in v0.0.55 

func (k *Kubernetes) ToRESTMapper() (meta.RESTMapper, error)

func (*Kubernetes) ToRawKubeConfigLoader added in v0.0.55 

func (k *Kubernetes) ToRawKubeConfigLoader() clientcmd.ClientConfig

ToRawKubeConfigLoader returns the clientcmd.ClientConfig object (genericclioptions.RESTClientGetter)

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

func NewInClusterManager added in v0.0.54 

func NewInClusterManager(config api.BaseConfig) (*Manager, error)

func NewKubeconfigManager added in v0.0.54 

func NewKubeconfigManager(config api.BaseConfig, kubeconfigContext string) (*Manager, error)

func NewManager 

func NewManager(config api.BaseConfig, restConfig *rest.Config, clientCmdConfig clientcmd.ClientConfig) (*Manager, error)

func (*Manager) Derived 

func (m *Manager) Derived(ctx context.Context) (*Kubernetes, error)

func (*Manager) Invalidate added in v0.0.55 

func (m *Manager) Invalidate()

Invalidate invalidates the cached discovery information.

func (*Manager) IsOpenShift 

func (m *Manager) IsOpenShift(ctx context.Context) bool

type McpReload added in v0.0.55 

type McpReload func() error

McpReload is a function type that defines a callback for reloading MCP toolsets (including tools, prompts, or other configurations)

type Provider added in v0.0.54 

type Provider interface {
	// Openshift extends the Openshift interface to provide OpenShift specific functionality to toolset providers
	// TODO: with the configurable toolset implementation and especially the multi-cluster approach
	// extending this interface might not be a good idea anymore.
	// For the kubecontext case, a user might be targeting both an OpenShift flavored cluster and a vanilla Kubernetes cluster.
	// See: https://github.com/containers/kubernetes-mcp-server/pull/372#discussion_r2421592315
	api.Openshift
	GetTargets(ctx context.Context) ([]string, error)
	GetDerivedKubernetes(ctx context.Context, target string) (*Kubernetes, error)
	GetDefaultTarget() string
	GetTargetParameterName() string
	// WatchTargets sets up a watcher for changes in the cluster targets and calls the provided McpReload function when changes are detected
	WatchTargets(reload McpReload)
	Close()
}

func NewProvider added in v0.0.54 

func NewProvider(cfg api.BaseConfig, opts ...ProviderOption) (Provider, error)

type ProviderFactory added in v0.0.53 

type ProviderFactory func(cfg api.BaseConfig) (Provider, error)

ProviderFactory creates a new Provider instance for a given strategy. Implementations should validate that the Manager is compatible with their strategy (e.g., kubeconfig provider should reject in-cluster managers).

type ProviderOption added in v0.0.57 

type ProviderOption func(*providerOptions)

func WithTokenExchange added in v0.0.57 

func WithTokenExchange(oidcProvider *oidc.Provider, httpClient *http.Client) ProviderOption

type SecurityTokenService added in v0.0.57 

type SecurityTokenService struct {
	*oidc.Provider
	ClientId                string
	ClientSecret            string
	ExternalAccountAudience string
	ExternalAccountScopes   []string
}

func NewFromConfig added in v0.0.57 

func NewFromConfig(stsConfigProvider api.StsConfigProvider, provider *oidc.Provider) *SecurityTokenService

func (*SecurityTokenService) ExternalAccountTokenExchange added in v0.0.57 

func (sts *SecurityTokenService) ExternalAccountTokenExchange(ctx context.Context, originalToken *oauth2.Token) (*oauth2.Token, error)

func (*SecurityTokenService) IsEnabled added in v0.0.57 

func (sts *SecurityTokenService) IsEnabled() bool

type TokenExchangeProvider added in v0.0.57 

type TokenExchangeProvider interface {
	// GetTokenExchangeConfig returns the token exchange configuration for the specified target.
	// Returns nil if no per-target exchange is configured
	GetTokenExchangeConfig(target string) *tokenexchange.TargetTokenExchangeConfig

	// GetTokenExchangeStrategy returns the token exchange strategy to use (e.g. "keycloak-v1" or "rfc8693").
	GetTokenExchangeStrategy() string
}

TokenExchangeProvider is an optional interface that providers can implement to suport per-target token exchange.

When a provider implements this interface and GetTokenExchangeConfig returns a non-nil config for a target, token exchange will be performed before creating the derived Kubernetes client. The exchanged token replaces the original in the Authorization header used by the derived client.

If GetTokenExchangeConfig returns nil for a target, or the interface is not implemented for a provider, no per-target token exchange is performed and the original token is used as-is.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.