alihan/kubernetes-mcp-server
1
0
Fork 0
mirror of https://github.com/containers/kubernetes-mcp-server.git synced 2025-10-23 01:22:57 +03:00
Code Issues Packages Projects Releases Wiki Activity
274 Commits 19 Branches 53 Tags
konflux/mintmaker/main/sigs.k8s.io-kustomize-api-0.x
Commit Graph

274 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
red-hat-konflux[bot]
abab8f5c8c chore(deps): update module sigs.k8s.io/kustomize/api to v0.20.1 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
 2025-08-03 22:02:23 +00:00
Marc Nuri
9cc7192d4d feat(mcp): log tool call (hide sensitive HTTP headers) (#225) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
v0.0.47 		2025-07-31 15:36:34 +02:00
Arda Güçlü
be80db1a01 feat(auth): introduce scoped based authorization 
Signed-off-by: Arda Güçlü <aguclu@redhat.com>
 2025-07-31 11:01:26 +02:00
dependabot[bot]
d4f3bd4a99 build(deps): bump github.com/coreos/go-oidc/v3 from 3.14.1 to 3.15.0 (#223) 
Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.14.1 to 3.15.0.
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](https://github.com/coreos/go-oidc/compare/v3.14.1...v3.15.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-version: 3.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-31 10:11:57 +02:00
Marc Nuri
4a7e05151a chore(doc): polish the Agents.md file (#222) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-07-31 09:55:51 +02:00
Marc Nuri
49dcff3f21 feat(mcp): log tool call (HTTP headers) (#221) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-07-30 15:25:07 +02:00
dependabot[bot]
94f7055c0c build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.5 to 4.1.1 (#195) 
---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-29 13:42:40 +02:00
Brett Tofel
5889fdb252 chore(doc): add AGENTS.md (#204) 
Signed-off-by: Brett Tofel <btofel@redhat.com>
 2025-07-29 13:34:25 +02:00
Marc Nuri
1f670ebec6 test(auth): complete test suite for unauthorized scenarios (#220) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-07-29 13:32:31 +02:00
dependabot[bot]
aa14e31eba build(deps): bump github.com/mark3labs/mcp-go from 0.35.0 to 0.36.0 (#218) 
Bumps [github.com/mark3labs/mcp-go](https://github.com/mark3labs/mcp-go) from 0.35.0 to 0.36.0.
- [Release notes](https://github.com/mark3labs/mcp-go/releases)
- [Commits](https://github.com/mark3labs/mcp-go/compare/v0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: github.com/mark3labs/mcp-go
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-29 06:41:43 +02:00
dependabot[bot]
512896d082 build(deps): bump github.com/mark3labs/mcp-go from 0.34.0 to 0.35.0 (#216) 
Bumps [github.com/mark3labs/mcp-go](https://github.com/mark3labs/mcp-go) from 0.34.0 to 0.35.0.
- [Release notes](https://github.com/mark3labs/mcp-go/releases)
- [Commits](https://github.com/mark3labs/mcp-go/compare/v0.34.0...v0.35.0)

---
updated-dependencies:
- dependency-name: github.com/mark3labs/mcp-go
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-28 14:58:28 +02:00
red-hat-konflux[bot]
eb48b9c594 chore(deps): update module github.com/go-logr/logr to v1.4.3 (#215) 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com>
 2025-07-28 13:05:27 +02:00
red-hat-konflux[bot]
57d16cc4cf chore(deps): update module github.com/containerd/containerd to v1.7.28 (#214) 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com>
 2025-07-28 13:04:48 +02:00
red-hat-konflux[bot]
ae49d65b37 chore(deps): update module github.com/chai2010/gettext-go to v1.0.3 (#213) 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com>
 2025-07-28 07:31:49 +02:00
red-hat-konflux[bot]
88a8aa20c6 chore(deps): update module dario.cat/mergo to v1.0.2 (#212) 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com>
 2025-07-28 07:30:47 +02:00
red-hat-konflux[bot]
2225c2ca2a chore(deps): update go-openapi packages (#211) 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com>
 2025-07-28 07:30:04 +02:00
red-hat-konflux[bot]
fafc824568 fix(deps): update k8s.io/utils digest to 4c0f3b2 (#209) 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com>
 2025-07-28 07:11:01 +02:00
red-hat-konflux[bot]
d0f48f789b chore(deps): update sigs.k8s.io/json digest to cfa47c3 (#208) 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com>
 2025-07-28 07:10:26 +02:00
red-hat-konflux[bot]
47caa9d593 chore(deps): update google.golang.org/genproto/googleapis/rpc digest to a45f3df (#206) 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com>
 2025-07-28 07:05:42 +02:00
dependabot[bot]
da73cad280 build(deps): bump sigs.k8s.io/yaml from 1.5.0 to 1.6.0 (#203) 
Bumps [sigs.k8s.io/yaml](https://github.com/kubernetes-sigs/yaml) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/kubernetes-sigs/yaml/releases)
- [Changelog](https://github.com/kubernetes-sigs/yaml/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/yaml/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/yaml
  dependency-version: 1.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-25 09:53:43 +02:00
Marc Nuri
cad863ff22 fix(migration): rebranded from manusa/kubernetes-mcp-server to containers/kubernetes-mcp-server (#202) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-07-25 09:53:04 +02:00
Marc Nuri
9856802fe9 chore(doc): instructions for cursor setup (#201) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-07-25 09:52:46 +02:00
red-hat-konflux[bot]
c6349f46de chore(ci): Red Hat Konflux update kubernetes-mcp-server-ols (#200) 
Signed-off-by: red-hat-konflux <konflux@no-reply.konflux-ci.dev>

Co-authored-by: red-hat-konflux <konflux@no-reply.konflux-ci.dev>
 2025-07-24 13:16:58 +02:00
Marc Nuri
9e3811a737 chore(doc): update README.md Configuration options (#199) 
Added missing entry for --port and removed deprecated options
(should not be documented on the README)

Signed-off-by: Marc Nuri <marc@marcnuri.com>
v0.0.46 		2025-07-23 15:21:04 +02:00
Arda Güçlü
0ad8726d01 feat(auth): introduce jwks url flag to be published in oauth metadata (#197) 2025-07-23 09:48:21 +02:00
Marc Nuri
ca0aa4648d feat(mcp): log tool call (function name + arguments) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-07-22 14:35:19 +02:00
Marc Nuri
3fbfd8d7cb fix(lint): add golangci-lint make target + lint 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-07-22 14:22:19 +02:00
Marc Nuri
a3e8818ffe test(http): logging middleware verifications 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-07-22 14:21:39 +02:00
Marc Nuri
775fa21bd1 fix(auth): delegate JWT parsing to github.com/go-jose/go-jose (189) 
fix(auth): delegate JWT parsing to github.com/golang-jwt/jwt

Signed-off-by: Marc Nuri <marc@marcnuri.com>
---
fix(auth): delegate JWT parsing to go-jose

Signed-off-by: Marc Nuri <marc@marcnuri.com>
---
fix(auth): delegate JWT parsing to go-jose - review comment

Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-07-18 13:01:55 +02:00
Arda Güçlü
73e9e845c4 refactor(auth): carry oidc provider directly instead of mcpServer 2025-07-18 12:52:51 +02:00
Marc Nuri
cb9f296566 test(mcp): speed up tests by not setting the fake kubeconfig master to example.com 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-07-18 10:46:32 +02:00
Marc Nuri
f6e9702009 chore(http): use constants for endpoints 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
v0.0.45 		2025-07-17 13:07:54 +02:00
dependabot[bot]
4d994d3790 build(deps): bump k8s.io/apiextensions-apiserver from 0.33.2 to 0.33.3 
Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.33.2 to 0.33.3.
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.33.2...v0.33.3)

---
updated-dependencies:
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-version: 0.33.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-17 07:38:52 +02:00
Marc Nuri
e4a8f604a1 test:fix: age expectation regex for minutes-no-seconds (42m) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-07-17 07:27:59 +02:00
dependabot[bot]
796333891a build(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7 
Bumps [github.com/spf13/pflag](https://github.com/spf13/pflag) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/spf13/pflag/releases)
- [Commits](https://github.com/spf13/pflag/compare/v1.0.6...v1.0.7)

---
updated-dependencies:
- dependency-name: github.com/spf13/pflag
  dependency-version: 1.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-17 07:25:39 +02:00
dependabot[bot]
4cae032e84 build(deps): bump k8s.io/kubectl from 0.33.2 to 0.33.3 
Bumps [k8s.io/kubectl](https://github.com/kubernetes/kubectl) from 0.33.2 to 0.33.3.
- [Commits](https://github.com/kubernetes/kubectl/compare/v0.33.2...v0.33.3)

---
updated-dependencies:
- dependency-name: k8s.io/kubectl
  dependency-version: 0.33.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-17 07:18:42 +02:00
dependabot[bot]
255750a767 build(deps): bump k8s.io/metrics from 0.33.2 to 0.33.3 
Bumps [k8s.io/metrics](https://github.com/kubernetes/metrics) from 0.33.2 to 0.33.3.
- [Commits](https://github.com/kubernetes/metrics/compare/v0.33.2...v0.33.3)

---
updated-dependencies:
- dependency-name: k8s.io/metrics
  dependency-version: 0.33.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-17 06:37:20 +02:00
dependabot[bot]
6d3ac81fdd build(deps): bump k8s.io/api from 0.33.2 to 0.33.3 
Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.33.2 to 0.33.3.
- [Commits](https://github.com/kubernetes/api/compare/v0.33.2...v0.33.3)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-version: 0.33.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-17 06:36:48 +02:00
dependabot[bot]
92cad86e9e build(deps): bump github.com/mark3labs/mcp-go from 0.33.0 to 0.34.0 
---
updated-dependencies:
- dependency-name: github.com/mark3labs/mcp-go
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-16 16:44:20 +02:00
Marc Nuri
bfa699049e test(http): bootstrap tests for HTTP server (177) 
test(http): bootstrap tests for HTTP server

Contains tests for the main endpoints (proxied and handled)
- /sse
- /message
- /mcp
- /healthz
- /.well-known/oauth-protected-resource

Verifies graceful shutdown works as expected

Signed-off-by: Marc Nuri <marc@marcnuri.com>
---
fix: empty config for CI

Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-07-16 14:46:11 +02:00
Arda Güçlü
77671617df feat(auth): introduce OIDC token verification if authorization-url is specified (176) 
Pass correct audience
---
Validate server and authorization url via url.Parse
---
Import go-oidc/v3
---
Wire initialized oidc provider if authorization url is set
---
Wire oidc issuer validation
 2025-07-16 14:45:18 +02:00
Marc Nuri
5c753275ab test(mcp): refactor tool filtering tests 
- Prevent declaring tools that are both read-only and destructive
- Remove redundant tests and preserve those behavioral and semantic
 2025-07-14 11:36:01 +02:00
dependabot[bot]
83c37ce02f build(deps): bump golang.org/x/sync from 0.15.0 to 0.16.0 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.15.0 to 0.16.0.
- [Commits](https://github.com/golang/sync/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-version: 0.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-14 06:46:00 +02:00
dependabot[bot]
6a95f35285 build(deps): bump helm.sh/helm/v3 from 3.18.3 to 3.18.4 
Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.18.3 to 3.18.4.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.18.3...v3.18.4)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-version: 3.18.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-14 06:32:07 +02:00
dependabot[bot]
288b330b5a build(deps): bump github.com/mark3labs/mcp-go from 0.32.0 to 0.33.0 
Bumps [github.com/mark3labs/mcp-go](https://github.com/mark3labs/mcp-go) from 0.32.0 to 0.33.0.
- [Release notes](https://github.com/mark3labs/mcp-go/releases)
- [Commits](https://github.com/mark3labs/mcp-go/compare/v0.32.0...v0.33.0)

---
updated-dependencies:
- dependency-name: github.com/mark3labs/mcp-go
  dependency-version: 0.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-14 06:31:55 +02:00
Arda Güçlü
275b91a00d feat(auth): introduce require-oauth flag to comply with OAuth in MCP specification (170) 
Introduce require-oauth flag

When this flag is enabled, authorization middleware will be turned on.
When this flag is enabled, Derived which is generated based on the client
token will not be used.
---
Wire Authorization middleware to http mux

This commit adds authorization middleware. Additionally, this commit
rejects the requests if the bearer token is absent in Authorization
header of the request.
---
Add offline token validation for expiration and audience

Per Model Context Protocol specification, MCP Servers must check the
audience field of the token to ensure that they are generated specifically
for them.

This commits parses the JWT token and asserts that audience is correct
and token is not expired.
---
Add online token verification via TokenReview request to API Server

This commit sends online token verification by sending request to
TokenReview endpoint of API Server with the token and expected audience.

If API Server returns the status as authenticated, that means this token
can be used to generate a new ad hoc token for MCP Server.

If API Server returns the status as not authenticated, that means this token
is invalid and MCP Server returns 401 to force the client to initiate OAuth flow.
---
Serve oauth protected resource metadata endpoint
---
Introduce server-url to be represented in protected resource metadata
---
Add error return type in Derived function
---
Return error if error occurs in Derived, when require-oauth
---
Add test cases for authorization-url and server-url
---
Wire server-url to audience, if it is set
---
Remove redundant ssebaseurl parameter from http
 2025-07-14 06:31:17 +02:00
Arda Güçlü
114726fb7c test(config): add new test case to increase the test coverage of Derived Config (167) 
Add new unit tests to check the values in Derived config
---
Rely on kubeconfig in staticConfig instead of a separate but equal one
 2025-07-08 06:07:18 +02:00
Marc Nuri
c5b2223249 test(config): explicit parsing tests 2025-07-08 06:03:37 +02:00
Arda Güçlü
42e8e3496f feat(http): add graceful shutdown of http server by catching interruption signals (164) 
Move http serving under its specific dir
---
Add gracefully shutdown for http server
 2025-07-08 06:02:54 +02:00
Arda Güçlü
00e4f1816f fix(auth): isolate bearer token config from kubeconfig 2025-07-07 07:09:26 +02:00