feat(config): deny resources by using RESTMapper as an interceptor
This approach ensures that resources in the deny list are **always**
processed regardless of the implementation.
The RESTMapper takes care of verifying that the requested Group Version Kind
complies with the deny list while checking for the REST endpoint.
---
feat(config): provide a limited clientset which check access
---
review: addressed PR comments
---
feat(config): provide a limited metrics clientset to check access
---
review: addressed PR comments regarding pods_exec
refactor(kubernetes): force usage of Derived kubernetes
Prevents consumers of the kubernetes package the usage of
public methods on a non-derived config instance.
---
review(kubernetes): force usage of Derived kubernetes
Addresses comment by ardaguclu
A new configuration options is available: `--list-output`
There are two modes available:
- `yaml`: current default (will be changed in subsequent PR), which returns a multi-document YAML
- `table`: returns a plain-text table as created by the kube-api server when requested with
`Accept: application/json;as=Table;v=v1;g=meta.k8s.io`
Additional logic has been added to the table format to include the apiVersion and kind.
This is not returned by the server, kubectl doesn't include this either.
However, this is extremely handy for the LLM when using the generic resource tools.
This PR introduces the ability to filter Kubernetes resources by label using a labelSelector parameter for the following tools:
* pods_list
* pods_list_in_namespace
* resources_list
This enhancement allows users to retrieve a more specific set of resources based on their labels, improving the flexibility and utility of these tools.
The labelSelector parameter accepts standard Kubernetes label selector syntax, such as app=myapp,env=prod or app in (myapp,yourapp).
Signed-off-by: Eran Cohen <eranco@redhat.com>
Allows to specify the container where the command will be executed.
Additionally, prevents the command from failing in pods with multiple
containers when the container is not specified (defaults to first).
