Documentation
¶
Overview ¶
Package v1alpha1 contains API Schema definitions for the toolhive v1alpha1 API group +kubebuilder:object:generate=true +groupName=toolhive.stacklok.dev
Index ¶
- Constants
- Variables
- type APIPhase
- type APIStatus
- type AuditConfig
- type AuthzConfigRef
- type ConfigMapAuthzRef
- type ConfigMapOIDCRef
- type ConfigMapSource
- type EnvVar
- type GitSource
- type InlineAuthzConfig
- type InlineOIDCConfig
- type KubernetesOIDCConfig
- type MCPRegistry
- func (in *MCPRegistry) DeepCopy() *MCPRegistry
- func (in *MCPRegistry) DeepCopyInto(out *MCPRegistry)
- func (in *MCPRegistry) DeepCopyObject() runtime.Object
- func (r *MCPRegistry) DeriveOverallPhase() MCPRegistryPhase
- func (r *MCPRegistry) GetAPIResourceName() string
- func (r *MCPRegistry) GetStorageName() string
- type MCPRegistryList
- type MCPRegistryPhase
- type MCPRegistrySource
- type MCPRegistrySpec
- type MCPRegistryStatus
- type MCPServer
- type MCPServerList
- type MCPServerPhase
- type MCPServerSpec
- type MCPServerStatus
- type MCPToolConfig
- type MCPToolConfigList
- type MCPToolConfigSpec
- type MCPToolConfigStatus
- type NameFilter
- type NetworkPermissions
- type OIDCConfigRef
- type OpenTelemetryConfig
- type OpenTelemetryMetricsConfig
- type OpenTelemetryTracingConfig
- type OutboundNetworkPermissions
- type PermissionProfileRef
- type PermissionProfileSpec
- type PrometheusConfig
- type ProxyDeploymentOverrides
- type RegistryFilter
- type ResourceList
- type ResourceMetadataOverrides
- type ResourceOverrides
- type ResourceRequirements
- type SecretRef
- type StorageReference
- type SyncPhase
- type SyncPolicy
- type SyncStatus
- type TagFilter
- type TelemetryConfig
- type ToolConfigRef
- type ToolOverride
- type Volume
Constants ¶
const ( // RegistrySourceTypeConfigMap is the type for registry data stored in ConfigMaps RegistrySourceTypeConfigMap = "configmap" // RegistrySourceTypeGit is the type for registry data stored in Git repositories RegistrySourceTypeGit = "git" )
const ( // RegistryFormatToolHive is the native ToolHive registry format RegistryFormatToolHive = "toolhive" // RegistryFormatUpstream is the upstream MCP registry format RegistryFormatUpstream = "upstream" )
Registry formats
const ( // ConditionSourceAvailable indicates whether the source is available and accessible ConditionSourceAvailable = "SourceAvailable" // ConditionDataValid indicates whether the registry data is valid ConditionDataValid = "DataValid" // ConditionSyncSuccessful indicates whether the last sync was successful ConditionSyncSuccessful = "SyncSuccessful" // ConditionAPIReady indicates whether the registry API is ready ConditionAPIReady = "APIReady" )
Condition types for MCPRegistry
const ( // ConditionReasonImageValidationFailed indicates image validation failed ConditionReasonImageValidationFailed = "ImageValidationFailed" // ConditionReasonImageValidationSuccess indicates image validation succeeded ConditionReasonImageValidationSuccess = "ImageValidationSuccess" // ConditionReasonImageValidationError indicates an error occurred during validation ConditionReasonImageValidationError = "ImageValidationError" // ConditionReasonImageValidationSkipped indicates image validation was skipped ConditionReasonImageValidationSkipped = "ImageValidationSkipped" )
const ( // PermissionProfileTypeBuiltin is the type for built-in permission profiles PermissionProfileTypeBuiltin = "builtin" // PermissionProfileTypeConfigMap is the type for permission profiles stored in ConfigMaps PermissionProfileTypeConfigMap = "configmap" )
Permission profile types
const ( // OIDCConfigTypeKubernetes is the type for Kubernetes service account token validation OIDCConfigTypeKubernetes = "kubernetes" // OIDCConfigTypeConfigMap is the type for OIDC configuration stored in ConfigMaps OIDCConfigTypeConfigMap = "configMap" // OIDCConfigTypeInline is the type for inline OIDC configuration OIDCConfigTypeInline = "inline" )
OIDC configuration types
const ( // AuthzConfigTypeConfigMap is the type for authorization configuration stored in ConfigMaps AuthzConfigTypeConfigMap = "configMap" // AuthzConfigTypeInline is the type for inline authorization configuration AuthzConfigTypeInline = "inline" )
Authorization configuration types
const (
// ConditionImageValidated indicates whether this image is fine to be used
ConditionImageValidated = "ImageValidated"
)
Condition types for MCPServer
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "toolhive.stacklok.dev", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
This section is empty.
Types ¶
type APIPhase ¶ added in v0.3.6
type APIPhase string
APIPhase represents the API service state +kubebuilder:validation:Enum=NotStarted;Deploying;Ready;Unhealthy;Error
const ( // APIPhaseNotStarted means API deployment has not been created APIPhaseNotStarted APIPhase = "NotStarted" // APIPhaseDeploying means API is being deployed APIPhaseDeploying APIPhase = "Deploying" // APIPhaseReady means API is ready to serve requests APIPhaseReady APIPhase = "Ready" // APIPhaseUnhealthy means API is deployed but not healthy APIPhaseUnhealthy APIPhase = "Unhealthy" // APIPhaseError means API deployment failed APIPhaseError APIPhase = "Error" )
type APIStatus ¶ added in v0.3.6
type APIStatus struct {
// Phase represents the current API service phase
// +kubebuilder:validation:Enum=NotStarted;Deploying;Ready;Unhealthy;Error
Phase APIPhase `json:"phase"`
// Message provides additional information about the API status
// +optional
Message string `json:"message,omitempty"`
// Endpoint is the URL where the API is accessible
// +optional
Endpoint string `json:"endpoint,omitempty"`
// ReadySince is the timestamp when the API became ready
// +optional
ReadySince *metav1.Time `json:"readySince,omitempty"`
}
APIStatus provides detailed information about the API service
func (*APIStatus) DeepCopy ¶ added in v0.3.6
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIStatus.
func (*APIStatus) DeepCopyInto ¶ added in v0.3.6
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuditConfig ¶ added in v0.2.17
type AuditConfig struct {
// Enabled controls whether audit logging is enabled
// When true, enables audit logging with default configuration
// +kubebuilder:default=false
// +optional
Enabled bool `json:"enabled,omitempty"`
}
AuditConfig defines audit logging configuration for the MCP server
func (*AuditConfig) DeepCopy ¶ added in v0.2.17
func (in *AuditConfig) DeepCopy() *AuditConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditConfig.
func (*AuditConfig) DeepCopyInto ¶ added in v0.2.17
func (in *AuditConfig) DeepCopyInto(out *AuditConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuthzConfigRef ¶ added in v0.1.2
type AuthzConfigRef struct {
// Type is the type of authorization configuration
// +kubebuilder:validation:Enum=configMap;inline
// +kubebuilder:default=configMap
Type string `json:"type"`
// ConfigMap references a ConfigMap containing authorization configuration
// Only used when Type is "configMap"
// +optional
ConfigMap *ConfigMapAuthzRef `json:"configMap,omitempty"`
// Inline contains direct authorization configuration
// Only used when Type is "inline"
// +optional
Inline *InlineAuthzConfig `json:"inline,omitempty"`
}
AuthzConfigRef defines a reference to authorization configuration
func (*AuthzConfigRef) DeepCopy ¶ added in v0.1.2
func (in *AuthzConfigRef) DeepCopy() *AuthzConfigRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthzConfigRef.
func (*AuthzConfigRef) DeepCopyInto ¶ added in v0.1.2
func (in *AuthzConfigRef) DeepCopyInto(out *AuthzConfigRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConfigMapAuthzRef ¶ added in v0.1.2
type ConfigMapAuthzRef struct {
// Name is the name of the ConfigMap
// +kubebuilder:validation:Required
Name string `json:"name"`
// Key is the key in the ConfigMap that contains the authorization configuration
// +kubebuilder:default=authz.json
// +optional
Key string `json:"key,omitempty"`
}
ConfigMapAuthzRef references a ConfigMap containing authorization configuration
func (*ConfigMapAuthzRef) DeepCopy ¶ added in v0.1.2
func (in *ConfigMapAuthzRef) DeepCopy() *ConfigMapAuthzRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapAuthzRef.
func (*ConfigMapAuthzRef) DeepCopyInto ¶ added in v0.1.2
func (in *ConfigMapAuthzRef) DeepCopyInto(out *ConfigMapAuthzRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConfigMapOIDCRef ¶ added in v0.0.40
type ConfigMapOIDCRef struct {
// Name is the name of the ConfigMap
// +kubebuilder:validation:Required
Name string `json:"name"`
// Key is the key in the ConfigMap that contains the OIDC configuration
// +kubebuilder:default=oidc.json
// +optional
Key string `json:"key,omitempty"`
}
ConfigMapOIDCRef references a ConfigMap containing OIDC configuration
func (*ConfigMapOIDCRef) DeepCopy ¶ added in v0.0.40
func (in *ConfigMapOIDCRef) DeepCopy() *ConfigMapOIDCRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapOIDCRef.
func (*ConfigMapOIDCRef) DeepCopyInto ¶ added in v0.0.40
func (in *ConfigMapOIDCRef) DeepCopyInto(out *ConfigMapOIDCRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConfigMapSource ¶ added in v0.2.17
type ConfigMapSource struct {
// Name is the name of the ConfigMap
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinLength=1
Name string `json:"name"`
// Key is the key in the ConfigMap that contains the registry data
// +kubebuilder:default=registry.json
// +kubebuilder:validation:MinLength=1
// +optional
Key string `json:"key,omitempty"`
}
ConfigMapSource defines ConfigMap source configuration
func (*ConfigMapSource) DeepCopy ¶ added in v0.2.17
func (in *ConfigMapSource) DeepCopy() *ConfigMapSource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapSource.
func (*ConfigMapSource) DeepCopyInto ¶ added in v0.2.17
func (in *ConfigMapSource) DeepCopyInto(out *ConfigMapSource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvVar ¶
type EnvVar struct {
// Name of the environment variable
// +kubebuilder:validation:Required
Name string `json:"name"`
// Value of the environment variable
// +kubebuilder:validation:Required
Value string `json:"value"`
}
EnvVar represents an environment variable in a container
func (*EnvVar) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvVar.
func (*EnvVar) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GitSource ¶ added in v0.3.6
type GitSource struct {
// Repository is the Git repository URL (HTTP/HTTPS/SSH)
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern="^(file:///|https?://|git@|ssh://|git://).*"
Repository string `json:"repository"`
// Branch is the Git branch to use (mutually exclusive with Tag and Commit)
// +kubebuilder:validation:MinLength=1
// +optional
Branch string `json:"branch,omitempty"`
// Tag is the Git tag to use (mutually exclusive with Branch and Commit)
// +kubebuilder:validation:MinLength=1
// +optional
Tag string `json:"tag,omitempty"`
// Commit is the Git commit SHA to use (mutually exclusive with Branch and Tag)
// +kubebuilder:validation:MinLength=1
// +optional
Commit string `json:"commit,omitempty"`
// Path is the path to the registry file within the repository
// +kubebuilder:validation:Pattern=^.*\.json$
// +kubebuilder:default=registry.json
// +optional
Path string `json:"path,omitempty"`
}
GitSource defines Git repository source configuration
func (*GitSource) DeepCopy ¶ added in v0.3.6
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitSource.
func (*GitSource) DeepCopyInto ¶ added in v0.3.6
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type InlineAuthzConfig ¶ added in v0.1.2
type InlineAuthzConfig struct {
// Policies is a list of Cedar policy strings
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinItems=1
Policies []string `json:"policies"`
// EntitiesJSON is a JSON string representing Cedar entities
// +kubebuilder:default="[]"
// +optional
EntitiesJSON string `json:"entitiesJson,omitempty"`
}
InlineAuthzConfig contains direct authorization configuration
func (*InlineAuthzConfig) DeepCopy ¶ added in v0.1.2
func (in *InlineAuthzConfig) DeepCopy() *InlineAuthzConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InlineAuthzConfig.
func (*InlineAuthzConfig) DeepCopyInto ¶ added in v0.1.2
func (in *InlineAuthzConfig) DeepCopyInto(out *InlineAuthzConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type InlineOIDCConfig ¶ added in v0.0.40
type InlineOIDCConfig struct {
// Issuer is the OIDC issuer URL
// +kubebuilder:validation:Required
Issuer string `json:"issuer"`
// Audience is the expected audience for the token
// +optional
Audience string `json:"audience,omitempty"`
// JWKSURL is the URL to fetch the JWKS from
// +optional
JWKSURL string `json:"jwksUrl,omitempty"`
// IntrospectionURL is the URL for token introspection endpoint
// +optional
IntrospectionURL string `json:"introspectionUrl,omitempty"`
// ClientID is the OIDC client ID
// +optional
ClientID string `json:"clientId,omitempty"`
// ClientSecret is the client secret for introspection (optional)
// +optional
ClientSecret string `json:"clientSecret,omitempty"`
// ThvCABundlePath is the path to CA certificate bundle file for HTTPS requests
// The file must be mounted into the pod (e.g., via ConfigMap or Secret volume)
// +optional
ThvCABundlePath string `json:"thvCABundlePath,omitempty"`
// JWKSAuthTokenPath is the path to file containing bearer token for JWKS/OIDC requests
// The file must be mounted into the pod (e.g., via Secret volume)
// +optional
JWKSAuthTokenPath string `json:"jwksAuthTokenPath,omitempty"`
// JWKSAllowPrivateIP allows JWKS/OIDC endpoints on private IP addresses
// Use with caution - only enable for trusted internal IDPs
// +kubebuilder:default=false
// +optional
JWKSAllowPrivateIP bool `json:"jwksAllowPrivateIP"`
}
InlineOIDCConfig contains direct OIDC configuration
func (*InlineOIDCConfig) DeepCopy ¶ added in v0.0.40
func (in *InlineOIDCConfig) DeepCopy() *InlineOIDCConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InlineOIDCConfig.
func (*InlineOIDCConfig) DeepCopyInto ¶ added in v0.0.40
func (in *InlineOIDCConfig) DeepCopyInto(out *InlineOIDCConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesOIDCConfig ¶ added in v0.0.40
type KubernetesOIDCConfig struct {
// ServiceAccount is the name of the service account to validate tokens for
// If empty, uses the pod's service account
// +optional
ServiceAccount string `json:"serviceAccount,omitempty"`
// Namespace is the namespace of the service account
// If empty, uses the MCPServer's namespace
// +optional
Namespace string `json:"namespace,omitempty"`
// Audience is the expected audience for the token
// +kubebuilder:default=toolhive
// +optional
Audience string `json:"audience,omitempty"`
// Issuer is the OIDC issuer URL
// +kubebuilder:default="https://kubernetes.default.svc"
// +optional
Issuer string `json:"issuer,omitempty"`
// JWKSURL is the URL to fetch the JWKS from
// If empty, OIDC discovery will be used to automatically determine the JWKS URL
// +optional
JWKSURL string `json:"jwksUrl,omitempty"`
// IntrospectionURL is the URL for token introspection endpoint
// If empty, OIDC discovery will be used to automatically determine the introspection URL
// +optional
IntrospectionURL string `json:"introspectionUrl,omitempty"`
// UseClusterAuth enables using the Kubernetes cluster's CA bundle and service account token
// When true, uses /var/run/secrets/kubernetes.io/serviceaccount/ca.crt for TLS verification
// and /var/run/secrets/kubernetes.io/serviceaccount/token for bearer token authentication
// Defaults to true if not specified
// +optional
UseClusterAuth *bool `json:"useClusterAuth"`
}
KubernetesOIDCConfig configures OIDC for Kubernetes service account token validation
func (*KubernetesOIDCConfig) DeepCopy ¶ added in v0.0.40
func (in *KubernetesOIDCConfig) DeepCopy() *KubernetesOIDCConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesOIDCConfig.
func (*KubernetesOIDCConfig) DeepCopyInto ¶ added in v0.0.40
func (in *KubernetesOIDCConfig) DeepCopyInto(out *KubernetesOIDCConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MCPRegistry ¶ added in v0.2.17
type MCPRegistry struct {
metav1.TypeMeta `json:",inline"` // nolint:revive
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec MCPRegistrySpec `json:"spec,omitempty"`
Status MCPRegistryStatus `json:"status,omitempty"`
}
MCPRegistry is the Schema for the mcpregistries API
func (*MCPRegistry) DeepCopy ¶ added in v0.2.17
func (in *MCPRegistry) DeepCopy() *MCPRegistry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPRegistry.
func (*MCPRegistry) DeepCopyInto ¶ added in v0.2.17
func (in *MCPRegistry) DeepCopyInto(out *MCPRegistry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MCPRegistry) DeepCopyObject ¶ added in v0.2.17
func (in *MCPRegistry) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*MCPRegistry) DeriveOverallPhase ¶ added in v0.3.6
func (r *MCPRegistry) DeriveOverallPhase() MCPRegistryPhase
DeriveOverallPhase determines the overall MCPRegistry phase based on sync and API status
func (*MCPRegistry) GetAPIResourceName ¶ added in v0.3.6
func (r *MCPRegistry) GetAPIResourceName() string
GetAPIResourceName returns the base name for registry API resources (deployment, service)
func (*MCPRegistry) GetStorageName ¶ added in v0.3.6
func (r *MCPRegistry) GetStorageName() string
GetStorageName returns the name used for registry storage resources
type MCPRegistryList ¶ added in v0.2.17
type MCPRegistryList struct {
metav1.TypeMeta `json:",inline"` // nolint:revive
metav1.ListMeta `json:"metadata,omitempty"`
Items []MCPRegistry `json:"items"`
}
MCPRegistryList contains a list of MCPRegistry
func (*MCPRegistryList) DeepCopy ¶ added in v0.2.17
func (in *MCPRegistryList) DeepCopy() *MCPRegistryList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPRegistryList.
func (*MCPRegistryList) DeepCopyInto ¶ added in v0.2.17
func (in *MCPRegistryList) DeepCopyInto(out *MCPRegistryList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MCPRegistryList) DeepCopyObject ¶ added in v0.2.17
func (in *MCPRegistryList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type MCPRegistryPhase ¶ added in v0.2.17
type MCPRegistryPhase string
MCPRegistryPhase represents the phase of the MCPRegistry +kubebuilder:validation:Enum=Pending;Ready;Failed;Syncing;Terminating
const ( // MCPRegistryPhasePending means the MCPRegistry is being initialized MCPRegistryPhasePending MCPRegistryPhase = "Pending" // MCPRegistryPhaseReady means the MCPRegistry is ready and operational MCPRegistryPhaseReady MCPRegistryPhase = "Ready" // MCPRegistryPhaseFailed means the MCPRegistry has failed MCPRegistryPhaseFailed MCPRegistryPhase = "Failed" // MCPRegistryPhaseSyncing means the MCPRegistry is currently syncing data MCPRegistryPhaseSyncing MCPRegistryPhase = "Syncing" // MCPRegistryPhaseTerminating means the MCPRegistry is being deleted MCPRegistryPhaseTerminating MCPRegistryPhase = "Terminating" )
type MCPRegistrySource ¶ added in v0.2.17
type MCPRegistrySource struct {
// Type is the type of source (configmap, git)
// +kubebuilder:validation:Enum=configmap;git
// +kubebuilder:default=configmap
Type string `json:"type"`
// Format is the data format (toolhive, upstream)
// +kubebuilder:validation:Enum=toolhive;upstream
// +kubebuilder:default=toolhive
Format string `json:"format,omitempty"`
// ConfigMap defines the ConfigMap source configuration
// Only used when Type is "configmap"
// +optional
ConfigMap *ConfigMapSource `json:"configmap,omitempty"`
// Git defines the Git repository source configuration
// Only used when Type is "git"
// +optional
Git *GitSource `json:"git,omitempty"`
}
MCPRegistrySource defines the source configuration for registry data
func (*MCPRegistrySource) DeepCopy ¶ added in v0.2.17
func (in *MCPRegistrySource) DeepCopy() *MCPRegistrySource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPRegistrySource.
func (*MCPRegistrySource) DeepCopyInto ¶ added in v0.2.17
func (in *MCPRegistrySource) DeepCopyInto(out *MCPRegistrySource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MCPRegistrySpec ¶ added in v0.2.17
type MCPRegistrySpec struct {
// DisplayName is a human-readable name for the registry
// +optional
DisplayName string `json:"displayName,omitempty"`
// Source defines the configuration for the registry data source
// +kubebuilder:validation:Required
Source MCPRegistrySource `json:"source"`
// SyncPolicy defines the automatic synchronization behavior for the registry.
// If specified, enables automatic synchronization at the given interval.
// Manual synchronization is always supported via annotation-based triggers
// regardless of this setting.
// +optional
SyncPolicy *SyncPolicy `json:"syncPolicy,omitempty"`
// Filter defines include/exclude patterns for registry content
// +optional
Filter *RegistryFilter `json:"filter,omitempty"`
// EnforceServers indicates whether MCPServers in this namespace must have their images
// present in at least one registry in the namespace. When any registry in the namespace
// has this field set to true, enforcement is enabled for the entire namespace.
// MCPServers with images not found in any registry will be rejected.
// When false (default), MCPServers can be deployed regardless of registry presence.
// +kubebuilder:default=false
// +optional
EnforceServers bool `json:"enforceServers,omitempty"`
}
MCPRegistrySpec defines the desired state of MCPRegistry
func (*MCPRegistrySpec) DeepCopy ¶ added in v0.2.17
func (in *MCPRegistrySpec) DeepCopy() *MCPRegistrySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPRegistrySpec.
func (*MCPRegistrySpec) DeepCopyInto ¶ added in v0.2.17
func (in *MCPRegistrySpec) DeepCopyInto(out *MCPRegistrySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MCPRegistryStatus ¶ added in v0.2.17
type MCPRegistryStatus struct {
// Phase represents the current overall phase of the MCPRegistry
// Derived from sync and API status
// +optional
Phase MCPRegistryPhase `json:"phase,omitempty"`
// Message provides additional information about the current phase
// +optional
Message string `json:"message,omitempty"`
// SyncStatus provides detailed information about data synchronization
// +optional
SyncStatus *SyncStatus `json:"syncStatus,omitempty"`
// APIStatus provides detailed information about the API service
// +optional
APIStatus *APIStatus `json:"apiStatus,omitempty"`
// LastAppliedFilterHash is the hash of the last applied filter
// +optional
LastAppliedFilterHash string `json:"lastAppliedFilterHash,omitempty"`
// StorageRef is a reference to the internal storage location
// +optional
StorageRef *StorageReference `json:"storageRef,omitempty"`
// LastManualSyncTrigger tracks the last processed manual sync annotation value
// Used to detect new manual sync requests via toolhive.stacklok.dev/sync-trigger annotation
// +optional
LastManualSyncTrigger string `json:"lastManualSyncTrigger,omitempty"`
// Conditions represent the latest available observations of the MCPRegistry's state
// +optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
}
MCPRegistryStatus defines the observed state of MCPRegistry
func (*MCPRegistryStatus) DeepCopy ¶ added in v0.2.17
func (in *MCPRegistryStatus) DeepCopy() *MCPRegistryStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPRegistryStatus.
func (*MCPRegistryStatus) DeepCopyInto ¶ added in v0.2.17
func (in *MCPRegistryStatus) DeepCopyInto(out *MCPRegistryStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MCPServer ¶
type MCPServer struct {
metav1.TypeMeta `json:",inline"` // nolint:revive
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec MCPServerSpec `json:"spec,omitempty"`
Status MCPServerStatus `json:"status,omitempty"`
}
MCPServer is the Schema for the mcpservers API
func (*MCPServer) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPServer.
func (*MCPServer) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MCPServer) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type MCPServerList ¶
type MCPServerList struct {
metav1.TypeMeta `json:",inline"` // nolint:revive
metav1.ListMeta `json:"metadata,omitempty"`
Items []MCPServer `json:"items"`
}
MCPServerList contains a list of MCPServer
func (*MCPServerList) DeepCopy ¶
func (in *MCPServerList) DeepCopy() *MCPServerList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPServerList.
func (*MCPServerList) DeepCopyInto ¶
func (in *MCPServerList) DeepCopyInto(out *MCPServerList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MCPServerList) DeepCopyObject ¶
func (in *MCPServerList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type MCPServerPhase ¶
type MCPServerPhase string
MCPServerPhase is the phase of the MCPServer +kubebuilder:validation:Enum=Pending;Running;Failed;Terminating
const ( // MCPServerPhasePending means the MCPServer is being created MCPServerPhasePending MCPServerPhase = "Pending" // MCPServerPhaseRunning means the MCPServer is running MCPServerPhaseRunning MCPServerPhase = "Running" // MCPServerPhaseFailed means the MCPServer failed to start MCPServerPhaseFailed MCPServerPhase = "Failed" // MCPServerPhaseTerminating means the MCPServer is being deleted MCPServerPhaseTerminating MCPServerPhase = "Terminating" )
type MCPServerSpec ¶
type MCPServerSpec struct {
// Image is the container image for the MCP server
// +kubebuilder:validation:Required
Image string `json:"image"`
// Transport is the transport method for the MCP server (stdio, streamable-http or sse)
// +kubebuilder:validation:Enum=stdio;streamable-http;sse
// +kubebuilder:default=stdio
Transport string `json:"transport,omitempty"`
// ProxyMode is the proxy mode for stdio transport (sse or streamable-http)
// This setting is only used when Transport is "stdio"
// +kubebuilder:validation:Enum=sse;streamable-http
// +kubebuilder:default=sse
// +optional
ProxyMode string `json:"proxyMode,omitempty"`
// Port is the port to expose the MCP server on
// +kubebuilder:validation:Minimum=1
// +kubebuilder:validation:Maximum=65535
// +kubebuilder:default=8080
Port int32 `json:"port,omitempty"`
// TargetPort is the port that MCP server listens to
// +kubebuilder:validation:Minimum=1
// +kubebuilder:validation:Maximum=65535
// +optional
TargetPort int32 `json:"targetPort,omitempty"`
// Args are additional arguments to pass to the MCP server
// +optional
Args []string `json:"args,omitempty"`
// Env are environment variables to set in the MCP server container
// +optional
Env []EnvVar `json:"env,omitempty"`
// Volumes are volumes to mount in the MCP server container
// +optional
Volumes []Volume `json:"volumes,omitempty"`
// Resources defines the resource requirements for the MCP server container
// +optional
Resources ResourceRequirements `json:"resources,omitempty"`
// Secrets are references to secrets to mount in the MCP server container
// +optional
Secrets []SecretRef `json:"secrets,omitempty"`
// ServiceAccount is the name of an already existing service account to use by the MCP server.
// If not specified, a ServiceAccount will be created automatically and used by the MCP server.
// +optional
ServiceAccount *string `json:"serviceAccount,omitempty"`
// PermissionProfile defines the permission profile to use
// +optional
PermissionProfile *PermissionProfileRef `json:"permissionProfile,omitempty"`
// PodTemplateSpec defines the pod template to use for the MCP server
// This allows for customizing the pod configuration beyond what is provided by the other fields.
// Note that to modify the specific container the MCP server runs in, you must specify
// the `mcp` container name in the PodTemplateSpec.
// +optional
PodTemplateSpec *corev1.PodTemplateSpec `json:"podTemplateSpec,omitempty"`
// ResourceOverrides allows overriding annotations and labels for resources created by the operator
// +optional
ResourceOverrides *ResourceOverrides `json:"resourceOverrides,omitempty"`
// OIDCConfig defines OIDC authentication configuration for the MCP server
// +optional
OIDCConfig *OIDCConfigRef `json:"oidcConfig,omitempty"`
// AuthzConfig defines authorization policy configuration for the MCP server
// +optional
AuthzConfig *AuthzConfigRef `json:"authzConfig,omitempty"`
// Audit defines audit logging configuration for the MCP server
// +optional
Audit *AuditConfig `json:"audit,omitempty"`
// ToolsFilter is the filter on tools applied to the MCP server
// Deprecated: Use ToolConfigRef instead
// +optional
ToolsFilter []string `json:"tools,omitempty"`
// ToolConfigRef references a MCPToolConfig resource for tool filtering and renaming.
// The referenced MCPToolConfig must exist in the same namespace as this MCPServer.
// Cross-namespace references are not supported for security and isolation reasons.
// If specified, this takes precedence over the inline ToolsFilter field.
// +optional
ToolConfigRef *ToolConfigRef `json:"toolConfigRef,omitempty"`
// Telemetry defines observability configuration for the MCP server
// +optional
Telemetry *TelemetryConfig `json:"telemetry,omitempty"`
// TrustProxyHeaders indicates whether to trust X-Forwarded-* headers from reverse proxies
// When enabled, the proxy will use X-Forwarded-Proto, X-Forwarded-Host, X-Forwarded-Port,
// and X-Forwarded-Prefix headers to construct endpoint URLs
// +kubebuilder:default=false
// +optional
TrustProxyHeaders bool `json:"trustProxyHeaders,omitempty"`
}
MCPServerSpec defines the desired state of MCPServer
func (*MCPServerSpec) DeepCopy ¶
func (in *MCPServerSpec) DeepCopy() *MCPServerSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPServerSpec.
func (*MCPServerSpec) DeepCopyInto ¶
func (in *MCPServerSpec) DeepCopyInto(out *MCPServerSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MCPServerStatus ¶
type MCPServerStatus struct {
// Conditions represent the latest available observations of the MCPServer's state
// +optional
Conditions []metav1.Condition `json:"conditions,omitempty"`
// ToolConfigHash stores the hash of the referenced ToolConfig for change detection
// +optional
ToolConfigHash string `json:"toolConfigHash,omitempty"`
// URL is the URL where the MCP server can be accessed
// +optional
URL string `json:"url,omitempty"`
// Phase is the current phase of the MCPServer
// +optional
Phase MCPServerPhase `json:"phase,omitempty"`
// Message provides additional information about the current phase
// +optional
Message string `json:"message,omitempty"`
}
MCPServerStatus defines the observed state of MCPServer
func (*MCPServerStatus) DeepCopy ¶
func (in *MCPServerStatus) DeepCopy() *MCPServerStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPServerStatus.
func (*MCPServerStatus) DeepCopyInto ¶
func (in *MCPServerStatus) DeepCopyInto(out *MCPServerStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MCPToolConfig ¶ added in v0.3.0
type MCPToolConfig struct {
metav1.TypeMeta `json:",inline"` // nolint:revive
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec MCPToolConfigSpec `json:"spec,omitempty"`
Status MCPToolConfigStatus `json:"status,omitempty"`
}
MCPToolConfig is the Schema for the mcptoolconfigs API. MCPToolConfig resources are namespace-scoped and can only be referenced by MCPServer resources within the same namespace. Cross-namespace references are not supported for security and isolation reasons.
func (*MCPToolConfig) DeepCopy ¶ added in v0.3.0
func (in *MCPToolConfig) DeepCopy() *MCPToolConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPToolConfig.
func (*MCPToolConfig) DeepCopyInto ¶ added in v0.3.0
func (in *MCPToolConfig) DeepCopyInto(out *MCPToolConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MCPToolConfig) DeepCopyObject ¶ added in v0.3.0
func (in *MCPToolConfig) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type MCPToolConfigList ¶ added in v0.3.0
type MCPToolConfigList struct {
metav1.TypeMeta `json:",inline"` // nolint:revive
metav1.ListMeta `json:"metadata,omitempty"`
Items []MCPToolConfig `json:"items"`
}
MCPToolConfigList contains a list of MCPToolConfig
func (*MCPToolConfigList) DeepCopy ¶ added in v0.3.0
func (in *MCPToolConfigList) DeepCopy() *MCPToolConfigList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPToolConfigList.
func (*MCPToolConfigList) DeepCopyInto ¶ added in v0.3.0
func (in *MCPToolConfigList) DeepCopyInto(out *MCPToolConfigList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MCPToolConfigList) DeepCopyObject ¶ added in v0.3.0
func (in *MCPToolConfigList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type MCPToolConfigSpec ¶ added in v0.3.0
type MCPToolConfigSpec struct {
// ToolsFilter is a list of tool names to filter (allow list).
// Only tools in this list will be exposed by the MCP server.
// If empty, all tools are exposed.
// +optional
ToolsFilter []string `json:"toolsFilter,omitempty"`
// ToolsOverride is a map from actual tool names to their overridden configuration.
// This allows renaming tools and/or changing their descriptions.
// +optional
ToolsOverride map[string]ToolOverride `json:"toolsOverride,omitempty"`
}
MCPToolConfigSpec defines the desired state of MCPToolConfig. MCPToolConfig resources are namespace-scoped and can only be referenced by MCPServer resources in the same namespace.
func (*MCPToolConfigSpec) DeepCopy ¶ added in v0.3.0
func (in *MCPToolConfigSpec) DeepCopy() *MCPToolConfigSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPToolConfigSpec.
func (*MCPToolConfigSpec) DeepCopyInto ¶ added in v0.3.0
func (in *MCPToolConfigSpec) DeepCopyInto(out *MCPToolConfigSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MCPToolConfigStatus ¶ added in v0.3.0
type MCPToolConfigStatus struct {
// ObservedGeneration is the most recent generation observed for this MCPToolConfig.
// It corresponds to the MCPToolConfig's generation, which is updated on mutation by the API Server.
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
// ConfigHash is a hash of the current configuration for change detection
// +optional
ConfigHash string `json:"configHash,omitempty"`
// ReferencingServers is a list of MCPServer resources that reference this MCPToolConfig
// This helps track which servers need to be reconciled when this config changes
// +optional
ReferencingServers []string `json:"referencingServers,omitempty"`
}
MCPToolConfigStatus defines the observed state of MCPToolConfig
func (*MCPToolConfigStatus) DeepCopy ¶ added in v0.3.0
func (in *MCPToolConfigStatus) DeepCopy() *MCPToolConfigStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPToolConfigStatus.
func (*MCPToolConfigStatus) DeepCopyInto ¶ added in v0.3.0
func (in *MCPToolConfigStatus) DeepCopyInto(out *MCPToolConfigStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NameFilter ¶ added in v0.2.17
type NameFilter struct {
// Include is a list of glob patterns to include
// +optional
Include []string `json:"include,omitempty"`
// Exclude is a list of glob patterns to exclude
// +optional
Exclude []string `json:"exclude,omitempty"`
}
NameFilter defines name-based filtering
func (*NameFilter) DeepCopy ¶ added in v0.2.17
func (in *NameFilter) DeepCopy() *NameFilter
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NameFilter.
func (*NameFilter) DeepCopyInto ¶ added in v0.2.17
func (in *NameFilter) DeepCopyInto(out *NameFilter)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkPermissions ¶
type NetworkPermissions struct {
// Outbound defines the outbound network permissions
// +optional
Outbound *OutboundNetworkPermissions `json:"outbound,omitempty"`
}
NetworkPermissions defines the network permissions for an MCP server
func (*NetworkPermissions) DeepCopy ¶
func (in *NetworkPermissions) DeepCopy() *NetworkPermissions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPermissions.
func (*NetworkPermissions) DeepCopyInto ¶
func (in *NetworkPermissions) DeepCopyInto(out *NetworkPermissions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OIDCConfigRef ¶ added in v0.0.40
type OIDCConfigRef struct {
// Type is the type of OIDC configuration
// +kubebuilder:validation:Enum=kubernetes;configMap;inline
// +kubebuilder:default=kubernetes
Type string `json:"type"`
// ResourceURL is the explicit resource URL for OAuth discovery endpoint (RFC 9728)
// If not specified, defaults to the in-cluster Kubernetes service URL
// +optional
ResourceURL string `json:"resourceUrl,omitempty"`
// Kubernetes configures OIDC for Kubernetes service account token validation
// Only used when Type is "kubernetes"
// +optional
Kubernetes *KubernetesOIDCConfig `json:"kubernetes,omitempty"`
// ConfigMap references a ConfigMap containing OIDC configuration
// Only used when Type is "configmap"
// +optional
ConfigMap *ConfigMapOIDCRef `json:"configMap,omitempty"`
// Inline contains direct OIDC configuration
// Only used when Type is "inline"
// +optional
Inline *InlineOIDCConfig `json:"inline,omitempty"`
}
OIDCConfigRef defines a reference to OIDC configuration
func (*OIDCConfigRef) DeepCopy ¶ added in v0.0.40
func (in *OIDCConfigRef) DeepCopy() *OIDCConfigRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCConfigRef.
func (*OIDCConfigRef) DeepCopyInto ¶ added in v0.0.40
func (in *OIDCConfigRef) DeepCopyInto(out *OIDCConfigRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OpenTelemetryConfig ¶ added in v0.2.14
type OpenTelemetryConfig struct {
// Enabled controls whether OpenTelemetry is enabled
// +kubebuilder:default=false
// +optional
Enabled bool `json:"enabled,omitempty"`
// Endpoint is the OTLP endpoint URL for tracing and metrics
// +optional
Endpoint string `json:"endpoint,omitempty"`
// ServiceName is the service name for telemetry
// If not specified, defaults to the MCPServer name
// +optional
ServiceName string `json:"serviceName,omitempty"`
// Headers contains authentication headers for the OTLP endpoint
// Specified as key=value pairs
// +optional
Headers []string `json:"headers,omitempty"`
// Insecure indicates whether to use HTTP instead of HTTPS for the OTLP endpoint
// +kubebuilder:default=false
// +optional
Insecure bool `json:"insecure,omitempty"`
// Metrics defines OpenTelemetry metrics-specific configuration
// +optional
Metrics *OpenTelemetryMetricsConfig `json:"metrics,omitempty"`
// Tracing defines OpenTelemetry tracing configuration
// +optional
Tracing *OpenTelemetryTracingConfig `json:"tracing,omitempty"`
}
OpenTelemetryConfig defines pure OpenTelemetry configuration
func (*OpenTelemetryConfig) DeepCopy ¶ added in v0.2.14
func (in *OpenTelemetryConfig) DeepCopy() *OpenTelemetryConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenTelemetryConfig.
func (*OpenTelemetryConfig) DeepCopyInto ¶ added in v0.2.14
func (in *OpenTelemetryConfig) DeepCopyInto(out *OpenTelemetryConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OpenTelemetryMetricsConfig ¶ added in v0.2.14
type OpenTelemetryMetricsConfig struct {
// Enabled controls whether OTLP metrics are sent
// +kubebuilder:default=false
// +optional
Enabled bool `json:"enabled,omitempty"`
}
OpenTelemetryMetricsConfig defines OpenTelemetry metrics configuration
func (*OpenTelemetryMetricsConfig) DeepCopy ¶ added in v0.2.14
func (in *OpenTelemetryMetricsConfig) DeepCopy() *OpenTelemetryMetricsConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenTelemetryMetricsConfig.
func (*OpenTelemetryMetricsConfig) DeepCopyInto ¶ added in v0.2.14
func (in *OpenTelemetryMetricsConfig) DeepCopyInto(out *OpenTelemetryMetricsConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OpenTelemetryTracingConfig ¶ added in v0.2.17
type OpenTelemetryTracingConfig struct {
// Enabled controls whether OTLP tracing is sent
// +kubebuilder:default=false
// +optional
Enabled bool `json:"enabled,omitempty"`
// SamplingRate is the trace sampling rate (0.0-1.0)
// +kubebuilder:default="0.05"
// +optional
SamplingRate string `json:"samplingRate,omitempty"`
}
OpenTelemetryTracingConfig defines OpenTelemetry tracing configuration
func (*OpenTelemetryTracingConfig) DeepCopy ¶ added in v0.2.17
func (in *OpenTelemetryTracingConfig) DeepCopy() *OpenTelemetryTracingConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenTelemetryTracingConfig.
func (*OpenTelemetryTracingConfig) DeepCopyInto ¶ added in v0.2.17
func (in *OpenTelemetryTracingConfig) DeepCopyInto(out *OpenTelemetryTracingConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OutboundNetworkPermissions ¶
type OutboundNetworkPermissions struct {
// InsecureAllowAll allows all outbound network connections (not recommended)
// +kubebuilder:default=false
// +optional
InsecureAllowAll bool `json:"insecureAllowAll,omitempty"`
// AllowHost is a list of hosts to allow connections to
// +optional
AllowHost []string `json:"allowHost,omitempty"`
// AllowPort is a list of ports to allow connections to
// +optional
AllowPort []int32 `json:"allowPort,omitempty"`
}
OutboundNetworkPermissions defines the outbound network permissions
func (*OutboundNetworkPermissions) DeepCopy ¶
func (in *OutboundNetworkPermissions) DeepCopy() *OutboundNetworkPermissions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutboundNetworkPermissions.
func (*OutboundNetworkPermissions) DeepCopyInto ¶
func (in *OutboundNetworkPermissions) DeepCopyInto(out *OutboundNetworkPermissions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PermissionProfileRef ¶
type PermissionProfileRef struct {
// Type is the type of permission profile reference
// +kubebuilder:validation:Enum=builtin;configmap
// +kubebuilder:default=builtin
Type string `json:"type"`
// Name is the name of the permission profile
// If Type is "builtin", Name must be one of: "none", "network"
// If Type is "configmap", Name is the name of the ConfigMap
// +kubebuilder:validation:Required
Name string `json:"name"`
// Key is the key in the ConfigMap that contains the permission profile
// Only used when Type is "configmap"
// +optional
Key string `json:"key,omitempty"`
}
PermissionProfileRef defines a reference to a permission profile
func (*PermissionProfileRef) DeepCopy ¶
func (in *PermissionProfileRef) DeepCopy() *PermissionProfileRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionProfileRef.
func (*PermissionProfileRef) DeepCopyInto ¶
func (in *PermissionProfileRef) DeepCopyInto(out *PermissionProfileRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PermissionProfileSpec ¶
type PermissionProfileSpec struct {
// Read is a list of paths that the MCP server can read from
// +optional
Read []string `json:"read,omitempty"`
// Write is a list of paths that the MCP server can write to
// +optional
Write []string `json:"write,omitempty"`
// Network defines the network permissions for the MCP server
// +optional
Network *NetworkPermissions `json:"network,omitempty"`
}
PermissionProfileSpec defines the permissions for an MCP server
func (*PermissionProfileSpec) DeepCopy ¶
func (in *PermissionProfileSpec) DeepCopy() *PermissionProfileSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionProfileSpec.
func (*PermissionProfileSpec) DeepCopyInto ¶
func (in *PermissionProfileSpec) DeepCopyInto(out *PermissionProfileSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PrometheusConfig ¶ added in v0.2.14
type PrometheusConfig struct {
// Enabled controls whether Prometheus metrics endpoint is exposed
// +kubebuilder:default=false
// +optional
Enabled bool `json:"enabled,omitempty"`
}
PrometheusConfig defines Prometheus-specific configuration
func (*PrometheusConfig) DeepCopy ¶ added in v0.2.14
func (in *PrometheusConfig) DeepCopy() *PrometheusConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusConfig.
func (*PrometheusConfig) DeepCopyInto ¶ added in v0.2.14
func (in *PrometheusConfig) DeepCopyInto(out *PrometheusConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProxyDeploymentOverrides ¶ added in v0.1.8
type ProxyDeploymentOverrides struct {
// ResourceMetadataOverrides is embedded to inherit annotations and labels fields
ResourceMetadataOverrides `json:",inline"` // nolint:revive
PodTemplateMetadataOverrides *ResourceMetadataOverrides `json:"podTemplateMetadataOverrides,omitempty"`
// Env are environment variables to set in the proxy container (thv run process)
// These affect the toolhive proxy itself, not the MCP server it manages
// +optional
Env []EnvVar `json:"env,omitempty"`
}
ProxyDeploymentOverrides defines overrides specific to the proxy deployment
func (*ProxyDeploymentOverrides) DeepCopy ¶ added in v0.1.8
func (in *ProxyDeploymentOverrides) DeepCopy() *ProxyDeploymentOverrides
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyDeploymentOverrides.
func (*ProxyDeploymentOverrides) DeepCopyInto ¶ added in v0.1.8
func (in *ProxyDeploymentOverrides) DeepCopyInto(out *ProxyDeploymentOverrides)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RegistryFilter ¶ added in v0.2.17
type RegistryFilter struct {
// NameFilters defines name-based filtering
// +optional
NameFilters *NameFilter `json:"names,omitempty"`
// Tags defines tag-based filtering
// +optional
Tags *TagFilter `json:"tags,omitempty"`
}
RegistryFilter defines include/exclude patterns for registry content
func (*RegistryFilter) DeepCopy ¶ added in v0.2.17
func (in *RegistryFilter) DeepCopy() *RegistryFilter
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryFilter.
func (*RegistryFilter) DeepCopyInto ¶ added in v0.2.17
func (in *RegistryFilter) DeepCopyInto(out *RegistryFilter)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourceList ¶
type ResourceList struct {
// CPU is the CPU limit in cores (e.g., "500m" for 0.5 cores)
// +optional
CPU string `json:"cpu,omitempty"`
// Memory is the memory limit in bytes (e.g., "64Mi" for 64 megabytes)
// +optional
Memory string `json:"memory,omitempty"`
}
ResourceList is a set of (resource name, quantity) pairs
func (*ResourceList) DeepCopy ¶
func (in *ResourceList) DeepCopy() *ResourceList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceList.
func (*ResourceList) DeepCopyInto ¶
func (in *ResourceList) DeepCopyInto(out *ResourceList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourceMetadataOverrides ¶ added in v0.0.40
type ResourceMetadataOverrides struct {
// Annotations to add or override on the resource
// +optional
Annotations map[string]string `json:"annotations,omitempty"`
// Labels to add or override on the resource
// +optional
Labels map[string]string `json:"labels,omitempty"`
}
ResourceMetadataOverrides defines metadata overrides for a resource
func (*ResourceMetadataOverrides) DeepCopy ¶ added in v0.0.40
func (in *ResourceMetadataOverrides) DeepCopy() *ResourceMetadataOverrides
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceMetadataOverrides.
func (*ResourceMetadataOverrides) DeepCopyInto ¶ added in v0.0.40
func (in *ResourceMetadataOverrides) DeepCopyInto(out *ResourceMetadataOverrides)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourceOverrides ¶ added in v0.0.40
type ResourceOverrides struct {
// ProxyDeployment defines overrides for the Proxy Deployment resource (toolhive proxy)
// +optional
ProxyDeployment *ProxyDeploymentOverrides `json:"proxyDeployment,omitempty"`
// ProxyService defines overrides for the Proxy Service resource (points to the proxy deployment)
// +optional
ProxyService *ResourceMetadataOverrides `json:"proxyService,omitempty"`
}
ResourceOverrides defines overrides for annotations and labels on created resources
func (*ResourceOverrides) DeepCopy ¶ added in v0.0.40
func (in *ResourceOverrides) DeepCopy() *ResourceOverrides
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceOverrides.
func (*ResourceOverrides) DeepCopyInto ¶ added in v0.0.40
func (in *ResourceOverrides) DeepCopyInto(out *ResourceOverrides)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourceRequirements ¶
type ResourceRequirements struct {
// Limits describes the maximum amount of compute resources allowed
// +optional
Limits ResourceList `json:"limits,omitempty"`
// Requests describes the minimum amount of compute resources required
// +optional
Requests ResourceList `json:"requests,omitempty"`
}
ResourceRequirements describes the compute resource requirements
func (*ResourceRequirements) DeepCopy ¶
func (in *ResourceRequirements) DeepCopy() *ResourceRequirements
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceRequirements.
func (*ResourceRequirements) DeepCopyInto ¶
func (in *ResourceRequirements) DeepCopyInto(out *ResourceRequirements)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretRef ¶
type SecretRef struct {
// Name is the name of the secret
// +kubebuilder:validation:Required
Name string `json:"name"`
// Key is the key in the secret itself
// +kubebuilder:validation:Required
Key string `json:"key"`
// TargetEnvName is the environment variable to be used when setting up the secret in the MCP server
// If left unspecified, it defaults to the key
// +optional
TargetEnvName string `json:"targetEnvName,omitempty"`
}
SecretRef is a reference to a secret
func (*SecretRef) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRef.
func (*SecretRef) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type StorageReference ¶ added in v0.2.17
type StorageReference struct {
// Type is the storage type (configmap)
// +kubebuilder:validation:Enum=configmap
Type string `json:"type"`
// ConfigMapRef is a reference to a ConfigMap storage
// Only used when Type is "configmap"
// +optional
ConfigMapRef *corev1.LocalObjectReference `json:"configMapRef,omitempty"`
}
StorageReference defines a reference to internal storage
func (*StorageReference) DeepCopy ¶ added in v0.2.17
func (in *StorageReference) DeepCopy() *StorageReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageReference.
func (*StorageReference) DeepCopyInto ¶ added in v0.2.17
func (in *StorageReference) DeepCopyInto(out *StorageReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SyncPhase ¶ added in v0.3.6
type SyncPhase string
SyncPhase represents the data synchronization state +kubebuilder:validation:Enum=Syncing;Complete;Failed
type SyncPolicy ¶ added in v0.2.17
type SyncPolicy struct {
// Interval is the sync interval for automatic synchronization (Go duration format)
// Examples: "1h", "30m", "24h"
// +kubebuilder:validation:Pattern=^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$
// +kubebuilder:validation:Required
Interval string `json:"interval"`
}
SyncPolicy defines automatic synchronization behavior. When specified, enables automatic synchronization at the given interval. Manual synchronization via annotation-based triggers is always available regardless of this policy setting.
func (*SyncPolicy) DeepCopy ¶ added in v0.2.17
func (in *SyncPolicy) DeepCopy() *SyncPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyncPolicy.
func (*SyncPolicy) DeepCopyInto ¶ added in v0.2.17
func (in *SyncPolicy) DeepCopyInto(out *SyncPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SyncStatus ¶ added in v0.3.6
type SyncStatus struct {
// Phase represents the current synchronization phase
// +kubebuilder:validation:Enum=Syncing;Complete;Failed
Phase SyncPhase `json:"phase"`
// Message provides additional information about the sync status
// +optional
Message string `json:"message,omitempty"`
// LastAttempt is the timestamp of the last sync attempt
// +optional
LastAttempt *metav1.Time `json:"lastAttempt,omitempty"`
// AttemptCount is the number of sync attempts since last success
// +optional
// +kubebuilder:validation:Minimum=0
AttemptCount int `json:"attemptCount,omitempty"`
// LastSyncTime is the timestamp of the last successful sync
// +optional
LastSyncTime *metav1.Time `json:"lastSyncTime,omitempty"`
// LastSyncHash is the hash of the last successfully synced data
// Used to detect changes in source data
// +optional
LastSyncHash string `json:"lastSyncHash,omitempty"`
// ServerCount is the total number of servers in the registry
// +optional
// +kubebuilder:validation:Minimum=0
ServerCount int `json:"serverCount,omitempty"`
}
SyncStatus provides detailed information about data synchronization
func (*SyncStatus) DeepCopy ¶ added in v0.3.6
func (in *SyncStatus) DeepCopy() *SyncStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyncStatus.
func (*SyncStatus) DeepCopyInto ¶ added in v0.3.6
func (in *SyncStatus) DeepCopyInto(out *SyncStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TagFilter ¶ added in v0.2.17
type TagFilter struct {
// Include is a list of tags to include
// +optional
Include []string `json:"include,omitempty"`
// Exclude is a list of tags to exclude
// +optional
Exclude []string `json:"exclude,omitempty"`
}
TagFilter defines tag-based filtering
func (*TagFilter) DeepCopy ¶ added in v0.2.17
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TagFilter.
func (*TagFilter) DeepCopyInto ¶ added in v0.2.17
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TelemetryConfig ¶ added in v0.2.14
type TelemetryConfig struct {
// OpenTelemetry defines OpenTelemetry configuration
// +optional
OpenTelemetry *OpenTelemetryConfig `json:"openTelemetry,omitempty"`
// Prometheus defines Prometheus-specific configuration
// +optional
Prometheus *PrometheusConfig `json:"prometheus,omitempty"`
}
TelemetryConfig defines observability configuration for the MCP server
func (*TelemetryConfig) DeepCopy ¶ added in v0.2.14
func (in *TelemetryConfig) DeepCopy() *TelemetryConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TelemetryConfig.
func (*TelemetryConfig) DeepCopyInto ¶ added in v0.2.14
func (in *TelemetryConfig) DeepCopyInto(out *TelemetryConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ToolConfigRef ¶ added in v0.3.0
type ToolConfigRef struct {
// Name is the name of the MCPToolConfig resource in the same namespace
// +kubebuilder:validation:Required
Name string `json:"name"`
}
ToolConfigRef defines a reference to a MCPToolConfig resource. The referenced MCPToolConfig must be in the same namespace as the MCPServer.
func (*ToolConfigRef) DeepCopy ¶ added in v0.3.0
func (in *ToolConfigRef) DeepCopy() *ToolConfigRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ToolConfigRef.
func (*ToolConfigRef) DeepCopyInto ¶ added in v0.3.0
func (in *ToolConfigRef) DeepCopyInto(out *ToolConfigRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ToolOverride ¶ added in v0.3.0
type ToolOverride struct {
// Name is the redefined name of the tool
// +optional
Name string `json:"name,omitempty"`
// Description is the redefined description of the tool
// +optional
Description string `json:"description,omitempty"`
}
ToolOverride represents a tool override configuration. Both Name and Description can be overridden independently, but they can't be both empty.
func (*ToolOverride) DeepCopy ¶ added in v0.3.0
func (in *ToolOverride) DeepCopy() *ToolOverride
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ToolOverride.
func (*ToolOverride) DeepCopyInto ¶ added in v0.3.0
func (in *ToolOverride) DeepCopyInto(out *ToolOverride)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Volume ¶
type Volume struct {
// Name is the name of the volume
// +kubebuilder:validation:Required
Name string `json:"name"`
// HostPath is the path on the host to mount
// +kubebuilder:validation:Required
HostPath string `json:"hostPath"`
// MountPath is the path in the container to mount to
// +kubebuilder:validation:Required
MountPath string `json:"mountPath"`
// ReadOnly specifies whether the volume should be mounted read-only
// +kubebuilder:default=false
// +optional
ReadOnly bool `json:"readOnly,omitempty"`
}
Volume represents a volume to mount in a container
func (*Volume) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Volume.
func (*Volume) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files