resources

package
v0.0.63 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 7, 2026 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Overview

Package resources provides functions to build Kubernetes resources for a KlausInstance, mirroring the patterns from the standalone Helm chart.

Index

Constants

View Source 
const (
	// KlausPort is the default port for the Klaus agent HTTP server.
	KlausPort = 8080

	// ConfigVolumeName is the name of the ConfigMap volume.
	ConfigVolumeName = "config"

	// ConfigScriptsVolumeName is the name of the executable hook scripts volume.
	ConfigScriptsVolumeName = "config-scripts"

	// WorkspaceVolumeName is the name of the workspace PVC volume.
	WorkspaceVolumeName = "workspace"

	// WorkspaceMountPath is where the workspace PVC is mounted.
	WorkspaceMountPath = "/workspace"

	// MCPConfigPath is the path to the MCP config file inside the container.
	MCPConfigPath = "/etc/klaus/mcp-config.json"

	// SettingsFilePath is the path to settings.json inside the container.
	SettingsFilePath = "/etc/klaus/settings.json"

	// ExtensionsBasePath is the base path for inline skills and agent files.
	ExtensionsBasePath = "/etc/klaus/extensions"

	// PluginBasePath is the base path for OCI plugin mounts.
	PluginBasePath = "/var/lib/klaus/plugins"

	// PersonalityVolumeName is the volume name for the personality image volume.
	PersonalityVolumeName = "personality"

	// PersonalityMountPath is the mount path for the personality OCI artifact.
	PersonalityMountPath = "/var/lib/klaus/personality"

	// HookScriptsPath is the base path for hook scripts.
	HookScriptsPath = "/etc/klaus/hooks"

	// GitSecretVolumeName is the name of the git secret volume.
	GitSecretVolumeName = "git-secret"

	// GitSecretMountPath is where the git secret is mounted in the init container.
	GitSecretMountPath = "/etc/git-secret" // #nosec G101 -- mount path, not a credential

	// GitTmpVolumeName is the name of the emptyDir volume providing a writable
	// /tmp for the git-clone init container. Required because the init container
	// runs with ReadOnlyRootFilesystem and git may need to write temporary files
	// (e.g., index.lock, credential helpers, pack negotiation).
	GitTmpVolumeName = "git-tmp"

	// GitTmpMountPath is where the writable tmp volume is mounted.
	GitTmpMountPath = "/tmp"

	// DefaultGitSecretKey is the default key in the git Secret data.
	DefaultGitSecretKey = "token"

	// DefaultGitCloneImage is the default image for the git clone init container.
	// Pinned to a specific version for reproducible deployments; override via
	// the --git-clone-image flag.
	DefaultGitCloneImage = "alpine/git:v2.47.2"

	// LabelAppName is the standard Kubernetes "app.kubernetes.io/name" label key.
	LabelAppName = "app.kubernetes.io/name"

	// LabelManagedBy is the standard Kubernetes "app.kubernetes.io/managed-by" label key.
	LabelManagedBy = "app.kubernetes.io/managed-by"

	// LabelOwner is the per-owner label key applied to instance-scoped resources.
	LabelOwner = "klaus.giantswarm.io/owner"

	// AppKlaus is the value of LabelAppName for instance-scoped resources.
	AppKlaus = "klaus"

	// AppKlausOperator is the value of LabelManagedBy for resources reconciled
	// by this operator. It is also the LabelAppName value used for the
	// operator's own MCP server registration.
	AppKlausOperator = "klaus-operator"

	// HTTPPortName is the named port shared by the Deployment and Service.
	HTTPPortName = "http"
)

Variables

This section is empty.

Functions

func BuildAPIKeySecret 

func BuildAPIKeySecret(instance *klausv1alpha1.KlausInstance, namespace string, apiKey []byte) *corev1.Secret

BuildAPIKeySecret creates a Secret in the instance namespace containing the Anthropic API key, copied from the shared org secret.

func BuildConfigMap 

func BuildConfigMap(instance *klausv1alpha1.KlausInstance, namespace string) (*corev1.ConfigMap, error)

BuildConfigMap creates the ConfigMap for a KlausInstance, containing all configuration data: system prompts, MCP config, skills, agent files, hooks, hook scripts, agents JSON, and JSON schema.

func BuildDeployment 

func BuildDeployment(instance *klausv1alpha1.KlausInstance, namespace, klausImage, gitCloneImage string, configMapData map[string]string) *appsv1.Deployment

BuildDeployment creates the Deployment for a KlausInstance, mirroring the standalone Helm chart's deployment.yaml rendering.

func BuildEnvVars 

func BuildEnvVars(instance *klausv1alpha1.KlausInstance, configMapName, secretName string) []corev1.EnvVar

BuildEnvVars creates the full list of environment variables for a Klaus instance container, mirroring the Helm chart's deployment.yaml env rendering.

func BuildMCPServerCRD 

func BuildMCPServerCRD(instance *klausv1alpha1.KlausInstance, instanceNamespace string) *unstructured.Unstructured

BuildMCPServerCRD creates an unstructured MCPServer CRD for registering a Klaus instance in muster. We use an unstructured object to avoid importing muster's types.

func BuildNamespace 

func BuildNamespace(instance *klausv1alpha1.KlausInstance) *corev1.Namespace

BuildNamespace creates the user namespace for a KlausInstance.

func BuildOperatorMCPServerCRD 

func BuildOperatorMCPServerCRD(operatorServiceURL, musterNamespace string) *unstructured.Unstructured

BuildOperatorMCPServerCRD creates an MCPServer CRD for the operator itself.

func BuildPVC 

func BuildPVC(instance *klausv1alpha1.KlausInstance, namespace string) *corev1.PersistentVolumeClaim

BuildPVC creates the PersistentVolumeClaim for a KlausInstance workspace. Returns nil if workspace is not configured.

func BuildService 

func BuildService(instance *klausv1alpha1.KlausInstance, namespace string) *corev1.Service

BuildService creates the ClusterIP Service for a KlausInstance.

func BuildVolumeMounts 

func BuildVolumeMounts(instance *klausv1alpha1.KlausInstance) []corev1.VolumeMount

BuildVolumeMounts creates the volume mount list for a KlausInstance container.

func BuildVolumes 

func BuildVolumes(instance *klausv1alpha1.KlausInstance, configMapName string) []corev1.Volume

BuildVolumes creates the volume list for a KlausInstance pod spec.

func ConfigMapChecksum 

func ConfigMapChecksum(data map[string]string) string

ConfigMapChecksum computes a SHA256 checksum of the ConfigMap data for triggering pod restarts on config changes.

func ConfigMapName 

func ConfigMapName(instance *klausv1alpha1.KlausInstance) string

ConfigMapName returns the ConfigMap name for an instance.

func DeduplicateMCPServerSecrets 

func DeduplicateMCPServerSecrets(inline, resolved []klausv1alpha1.MCPServerSecret) []klausv1alpha1.MCPServerSecret

DeduplicateMCPServerSecrets merges inline and resolved MCP server secrets, deduplicating by environment variable name. When both inline and resolved define the same env var, the resolved entry wins.

The returned list is grouped by Secret name with deterministic ordering.

func GitSecretKey 

func GitSecretKey(instance *klausv1alpha1.KlausInstance) string

GitSecretKey returns the Secret data key for the git credential, defaulting to "token" when unset.

func GitSecretName 

func GitSecretName(instance *klausv1alpha1.KlausInstance) string

GitSecretName returns the copied git credential Secret name for an instance.

func HasHooks 

func HasHooks(instance *klausv1alpha1.KlausInstance) bool

HasHooks returns true if hooks are configured.

func HasInlineExtensions 

func HasInlineExtensions(instance *klausv1alpha1.KlausInstance) bool

HasInlineExtensions returns true if the instance has skills or agent files that need the extensions directory in CLAUDE_ADD_DIRS.

func HasMCPConfig 

func HasMCPConfig(instance *klausv1alpha1.KlausInstance) bool

HasMCPConfig returns true if any MCP servers are configured.

func InstanceLabels 

func InstanceLabels(instance *klausv1alpha1.KlausInstance) map[string]string

InstanceLabels returns standard labels for resources owned by the instance.

func MCPSecretLabels 

func MCPSecretLabels(owner string) map[string]string

MCPSecretLabels returns labels for MCP secrets copied to user namespaces. These secrets may be shared by multiple instances for the same owner, so we use managed-by and owner labels without instance-specific identifiers.

func MergeResolvedMCPIntoInstance 

func MergeResolvedMCPIntoInstance(resolved *ResolvedMCPConfig, instance *klausv1alpha1.KlausInstanceSpec)

MergeResolvedMCPIntoInstance injects resolved MCP server configurations and secrets into the instance spec. This should be called on a deep-copied instance after personality merge and MCP server resolution.

Merge semantics:

  • Server configs: resolved entries are added to claude.mcpServers; on key conflict, the resolved KlausMCPServer entry wins over inline config.
  • Secrets: resolved secretRefs are appended and deduplicated by env var name (resolved wins over inline on conflict).

func MusterNamespace 

func MusterNamespace(instance *klausv1alpha1.KlausInstance) string

MusterNamespace returns the target namespace for MCPServer CRD registration.

func NeedsGitClone 

func NeedsGitClone(instance *klausv1alpha1.KlausInstance) bool

NeedsGitClone returns true if the workspace has a git repo to clone.

func NeedsGitSecret 

func NeedsGitSecret(instance *klausv1alpha1.KlausInstance) bool

NeedsGitSecret returns true if a git secret reference is configured for the workspace.

func NeedsScriptsVolume 

func NeedsScriptsVolume(instance *klausv1alpha1.KlausInstance) bool

NeedsScriptsVolume returns true if hook scripts need a separate executable volume.

func PVCName 

func PVCName(instance *klausv1alpha1.KlausInstance) string

PVCName returns the PVC name for an instance.

func PluginImageReference 

func PluginImageReference(plugin klausv1alpha1.PluginReference) string

PluginImageReference returns the full image reference for a plugin.

func PluginMountPath 

func PluginMountPath(plugin klausv1alpha1.PluginReference) string

PluginMountPath returns the mount path for a plugin.

func PluginVolumeName 

func PluginVolumeName(plugin klausv1alpha1.PluginReference) string

PluginVolumeName returns the volume name for a plugin.

func SecretName 

func SecretName(instance *klausv1alpha1.KlausInstance) string

SecretName returns the copied API key Secret name for an instance.

func SelectorLabels 

func SelectorLabels(instance *klausv1alpha1.KlausInstance) map[string]string

SelectorLabels returns the minimal label set used for pod selection by both the Deployment and Service. Keeping these in sync is critical -- if they diverge, the Service silently stops matching pods.

func ServerConfigToRawExtension 

func ServerConfigToRawExtension(spec *klausv1alpha1.KlausMCPServerSpec) (runtime.RawExtension, error)

ServerConfigToRawExtension converts a KlausMCPServerSpec into a runtime.RawExtension containing the MCP server config JSON. The secretRefs field is excluded -- it is used for pod-level env injection only, not for .mcp.json assembly.

func ServiceEndpoint 

func ServiceEndpoint(instance *klausv1alpha1.KlausInstance, namespace string) string

ServiceEndpoint returns the internal service URL for a KlausInstance.

func ServiceName 

func ServiceName(instance *klausv1alpha1.KlausInstance) string

ServiceName returns the Service name for an instance.

func UserNamespace 

func UserNamespace(owner string) string

UserNamespace returns the namespace name for a given owner.

func ValidatePluginRefs 

func ValidatePluginRefs(plugins []klausv1alpha1.PluginReference) error

ValidatePluginRefs validates a slice of plugin references: each plugin must have exactly one of tag or digest (not both, not neither), digests must use the sha256: prefix, and plugin short names must be unique.

func ValidateSpec 

func ValidateSpec(instance *klausv1alpha1.KlausInstance) error

ValidateSpec performs validation checks on the KlausInstance spec, enforcing mutual-exclusivity rules and constraint checks that the Helm chart enforces via fail.

Types

type ResolvedMCPConfig 

type ResolvedMCPConfig struct {
	// Servers maps KlausMCPServer name to its JSON config for .mcp.json assembly.
	Servers map[string]runtime.RawExtension

	// Secrets holds aggregated secretRefs from all resolved KlausMCPServer objects.
	Secrets []klausv1alpha1.MCPServerSecret
}

ResolvedMCPConfig holds the aggregated MCP server configurations and secrets resolved from KlausMCPServer CRD references.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.