controllerutil

package
v0.6.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 25, 2025 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Overview

Package controllerutil provides utility functions for the ToolHive Kubernetes operator controllers.

Package controllerutil provides shared utility functions for ToolHive Kubernetes controllers.

This package contains helper functions extracted from the controllers package to improve code organization and reusability. Functions are organized by domain:

  • platform.go: Platform detection and shared detector management
  • rbac.go: RBAC (Role-Based Access Control) configuration helpers
  • resources.go: Resource limit and request calculation utilities
  • authz.go: Authorization (Cedar policy) configuration helpers
  • oidc.go: OIDC (OpenID Connect) configuration helpers
  • tokenexchange.go: Token exchange configuration for external auth
  • config.go: General configuration merging and validation utilities

These utilities are used by multiple controllers including MCPServer, MCPRemoteProxy, and ToolConfig controllers to maintain consistent behavior across the operator.

Index

Constants

View Source 
const (
	// DefaultAuthzKey is the default key for authorization policies in ConfigMaps
	DefaultAuthzKey = "authz.json"
)

Variables

This section is empty.

Functions

func AddAuthzConfigOptions 

func AddAuthzConfigOptions(
	ctx context.Context,
	c client.Client,
	namespace string,
	authzRef *mcpv1alpha1.AuthzConfigRef,
	options *[]runner.RunConfigBuilderOption,
) error

AddAuthzConfigOptions adds authorization configuration options to builder options

func AddExternalAuthConfigOptions 

func AddExternalAuthConfigOptions(
	ctx context.Context,
	c client.Client,
	namespace string,
	externalAuthConfigRef *mcpv1alpha1.ExternalAuthConfigRef,
	options *[]runner.RunConfigBuilderOption,
) error

AddExternalAuthConfigOptions adds external authentication configuration options to builder options This creates token exchange configuration which will be automatically converted to middleware by PopulateMiddlewareConfigs() when the runner starts. This ensures correct middleware ordering.

func AddOIDCConfigOptions 

func AddOIDCConfigOptions(
	ctx context.Context,
	c client.Client,
	res oidc.OIDCConfigurable,
	options *[]runner.RunConfigBuilderOption,
) error

AddOIDCConfigOptions adds OIDC configuration options to builder options

func BuildHealthProbe 

func BuildHealthProbe(
	path, port string, initialDelay, period, timeout, failureThreshold int32,
) *corev1.Probe

BuildHealthProbe builds a Kubernetes health probe configuration Shared between MCPServer and MCPRemoteProxy

func BuildResourceRequirements 

func BuildResourceRequirements(resourceSpec mcpv1alpha1.ResourceRequirements) corev1.ResourceRequirements

BuildResourceRequirements builds Kubernetes resource requirements from CRD spec Shared between MCPServer and MCPRemoteProxy

func CalculateConfigHash 

func CalculateConfigHash[T any](spec T) string

CalculateConfigHash calculates a hash of any configuration spec using Kubernetes utilities. This function uses k8s.io/apimachinery/pkg/util/dump.ForHash which is designed for generating consistent string representations for hashing in Kubernetes. It then applies FNV-1a hash which is commonly used in Kubernetes for fast hashing. See: https://github.com/kubernetes/kubernetes/blob/master/pkg/controller/controller_utils.go

func CreateProxyServiceName 

func CreateProxyServiceName(resourceName string) string

CreateProxyServiceName generates the service name for a proxy (MCPServer or MCPRemoteProxy) Shared naming convention across both controllers

func CreateProxyServiceURL 

func CreateProxyServiceURL(resourceName, namespace string, port int32) string

CreateProxyServiceURL generates the full cluster-local service URL Shared between MCPServer and MCPRemoteProxy

func EnsureAuthzConfigMap 

func EnsureAuthzConfigMap(
	ctx context.Context,
	c client.Client,
	scheme *runtime.Scheme,
	owner client.Object,
	namespace string,
	resourceName string,
	authzConfig *mcpv1alpha1.AuthzConfigRef,
	labels map[string]string,
) error

EnsureAuthzConfigMap ensures the authorization ConfigMap exists for inline configuration

func EnsureRBACResource 

func EnsureRBACResource(
	ctx context.Context,
	c client.Client,
	scheme *runtime.Scheme,
	owner client.Object,
	resourceType string,
	createResource func() client.Object,
) error

EnsureRBACResource is a generic helper function to ensure a Kubernetes RBAC resource exists

func EnsureRequiredEnvVars 

func EnsureRequiredEnvVars(ctx context.Context, env []corev1.EnvVar) []corev1.EnvVar

EnsureRequiredEnvVars ensures required environment variables are set with defaults Shared between MCPServer and MCPRemoteProxy

func FindReferencingMCPServers 

func FindReferencingMCPServers(
	ctx context.Context,
	c client.Client,
	namespace string,
	configName string,
	refExtractor func(*mcpv1alpha1.MCPServer) *string,
) ([]mcpv1alpha1.MCPServer, error)

FindReferencingMCPServers finds MCPServers in the given namespace that reference a config resource. The refExtractor function should return the config name from an MCPServer if it references the config, or nil if it doesn't reference any config of this type.

Example usage for ToolConfig: 

servers, err := FindReferencingMCPServers(ctx, client, namespace, configName,
    func(server *mcpv1alpha1.MCPServer) *string {
        if server.Spec.ToolConfigRef != nil {
            return &server.Spec.ToolConfigRef.Name
        }
        return nil
    })

func GenerateAuthzVolumeConfig 

func GenerateAuthzVolumeConfig(
	authzConfig *mcpv1alpha1.AuthzConfigRef,
	resourceName string,
) (*corev1.VolumeMount, *corev1.Volume)

GenerateAuthzVolumeConfig generates volume mount and volume for authorization policies

func GenerateOIDCClientSecretEnvVar added in v0.5.0 

func GenerateOIDCClientSecretEnvVar(
	ctx context.Context,
	c client.Client,
	namespace string,
	clientSecretRef *mcpv1alpha1.SecretKeyRef,
) (*corev1.EnvVar, error)

GenerateOIDCClientSecretEnvVar generates environment variable for OIDC client secret when using a SecretKeyRef. Returns nil if clientSecretRef is nil.

func GenerateOpenTelemetryEnvVars 

func GenerateOpenTelemetryEnvVars(
	telemetryConfig *mcpv1alpha1.TelemetryConfig,
	resourceName string,
	namespace string,
) []corev1.EnvVar

GenerateOpenTelemetryEnvVars generates OpenTelemetry environment variables

func GenerateTokenExchangeEnvVars 

func GenerateTokenExchangeEnvVars(
	ctx context.Context,
	c client.Client,
	namespace string,
	externalAuthConfigRef *mcpv1alpha1.ExternalAuthConfigRef,
	getExternalAuthConfig func(context.Context, client.Client, string, string) (*mcpv1alpha1.MCPExternalAuthConfig, error),
) ([]corev1.EnvVar, error)

GenerateTokenExchangeEnvVars generates environment variables for token exchange

func GetExternalAuthConfigByName 

func GetExternalAuthConfigByName(
	ctx context.Context,
	c client.Client,
	namespace string,
	name string,
) (*mcpv1alpha1.MCPExternalAuthConfig, error)

GetExternalAuthConfigByName is a generic helper for fetching MCPExternalAuthConfig by name

func GetExternalAuthConfigForMCPRemoteProxy 

func GetExternalAuthConfigForMCPRemoteProxy(
	ctx context.Context,
	c client.Client,
	proxy *mcpv1alpha1.MCPRemoteProxy,
) (*mcpv1alpha1.MCPExternalAuthConfig, error)

GetExternalAuthConfigForMCPRemoteProxy fetches MCPExternalAuthConfig referenced by MCPRemoteProxy

func GetToolConfigForMCPRemoteProxy 

func GetToolConfigForMCPRemoteProxy(
	ctx context.Context,
	c client.Client,
	proxy *mcpv1alpha1.MCPRemoteProxy,
) (*mcpv1alpha1.MCPToolConfig, error)

GetToolConfigForMCPRemoteProxy fetches MCPToolConfig referenced by MCPRemoteProxy

func GetToolConfigForMCPServer added in v0.5.1 

func GetToolConfigForMCPServer(
	ctx context.Context,
	c client.Client,
	mcpServer *mcpv1alpha1.MCPServer,
) (*mcpv1alpha1.MCPToolConfig, error)

GetToolConfigForMCPServer retrieves the MCPToolConfig referenced by an MCPServer

func MergeAnnotations 

func MergeAnnotations(defaultAnnotations, overrideAnnotations map[string]string) map[string]string

MergeAnnotations merges override annotations with default annotations Default annotations take precedence to ensure operator-required metadata is preserved Shared between MCPServer and MCPRemoteProxy

func MergeLabels 

func MergeLabels(defaultLabels, overrideLabels map[string]string) map[string]string

MergeLabels merges override labels with default labels Default labels take precedence to ensure operator-required metadata is preserved Shared between MCPServer and MCPRemoteProxy

func MergeStringMaps 

func MergeStringMaps(defaultMap, overrideMap map[string]string) map[string]string

MergeStringMaps merges override map with default map, with default map taking precedence

func ProxyRunnerServiceAccountName 

func ProxyRunnerServiceAccountName(resourceName string) string

ProxyRunnerServiceAccountName generates the service account name for the proxy runner Shared between MCPServer and MCPRemoteProxy

Types

type PlatformDetectorInterface 

type PlatformDetectorInterface interface {
	DetectPlatform(ctx context.Context) (kubernetes.Platform, error)
}

PlatformDetectorInterface provides platform detection capabilities

type SharedPlatformDetector 

type SharedPlatformDetector struct {
	// contains filtered or unexported fields
}

SharedPlatformDetector provides shared platform detection across controllers

func NewSharedPlatformDetector 

func NewSharedPlatformDetector() *SharedPlatformDetector

NewSharedPlatformDetector creates a new shared platform detector

func NewSharedPlatformDetectorWithDetector 

func NewSharedPlatformDetectorWithDetector(detector kubernetes.PlatformDetector) *SharedPlatformDetector

NewSharedPlatformDetectorWithDetector creates a new shared platform detector with a custom detector (for testing)

func (*SharedPlatformDetector) DetectPlatform 

func (s *SharedPlatformDetector) DetectPlatform(ctx context.Context) (kubernetes.Platform, error)

DetectPlatform detects the platform once and caches the result

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.