v1alpha1

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 30, 2025 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the toolhive v1alpha1 API group +kubebuilder:object:generate=true +groupName=toolhive.stacklok.dev

Index

Constants

View Source 
const (
	// PermissionProfileTypeBuiltin is the type for built-in permission profiles
	PermissionProfileTypeBuiltin = "builtin"

	// PermissionProfileTypeConfigMap is the type for permission profiles stored in ConfigMaps
	PermissionProfileTypeConfigMap = "configmap"
)

Permission profile types

View Source 
const (
	// OIDCConfigTypeKubernetes is the type for Kubernetes service account token validation
	OIDCConfigTypeKubernetes = "kubernetes"

	// OIDCConfigTypeConfigMap is the type for OIDC configuration stored in ConfigMaps
	OIDCConfigTypeConfigMap = "configmap"

	// OIDCConfigTypeInline is the type for inline OIDC configuration
	OIDCConfigTypeInline = "inline"
)

OIDC configuration types

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "toolhive.stacklok.dev", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type ConfigMapOIDCRef added in v0.0.40 

type ConfigMapOIDCRef struct {
	// Name is the name of the ConfigMap
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Key is the key in the ConfigMap that contains the OIDC configuration
	// +kubebuilder:default=oidc.json
	// +optional
	Key string `json:"key,omitempty"`
}

ConfigMapOIDCRef references a ConfigMap containing OIDC configuration

func (*ConfigMapOIDCRef) DeepCopy added in v0.0.40 

func (in *ConfigMapOIDCRef) DeepCopy() *ConfigMapOIDCRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapOIDCRef.

func (*ConfigMapOIDCRef) DeepCopyInto added in v0.0.40 

func (in *ConfigMapOIDCRef) DeepCopyInto(out *ConfigMapOIDCRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvVar 

type EnvVar struct {
	// Name of the environment variable
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Value of the environment variable
	// +kubebuilder:validation:Required
	Value string `json:"value"`
}

EnvVar represents an environment variable in a container

func (*EnvVar) DeepCopy 

func (in *EnvVar) DeepCopy() *EnvVar

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvVar.

func (*EnvVar) DeepCopyInto 

func (in *EnvVar) DeepCopyInto(out *EnvVar)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type InlineOIDCConfig added in v0.0.40 

type InlineOIDCConfig struct {
	// Issuer is the OIDC issuer URL
	// +kubebuilder:validation:Required
	Issuer string `json:"issuer"`

	// Audience is the expected audience for the token
	// +optional
	Audience string `json:"audience,omitempty"`

	// JWKSURL is the URL to fetch the JWKS from
	// +optional
	JWKSURL string `json:"jwksUrl,omitempty"`

	// ClientID is the OIDC client ID
	// +optional
	ClientID string `json:"clientId,omitempty"`
}

InlineOIDCConfig contains direct OIDC configuration

func (*InlineOIDCConfig) DeepCopy added in v0.0.40 

func (in *InlineOIDCConfig) DeepCopy() *InlineOIDCConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InlineOIDCConfig.

func (*InlineOIDCConfig) DeepCopyInto added in v0.0.40 

func (in *InlineOIDCConfig) DeepCopyInto(out *InlineOIDCConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesOIDCConfig added in v0.0.40 

type KubernetesOIDCConfig struct {
	// ServiceAccount is the name of the service account to validate tokens for
	// If empty, uses the pod's service account
	// +optional
	ServiceAccount string `json:"serviceAccount,omitempty"`

	// Namespace is the namespace of the service account
	// If empty, uses the MCPServer's namespace
	// +optional
	Namespace string `json:"namespace,omitempty"`

	// Audience is the expected audience for the token
	// +kubebuilder:default=toolhive
	// +optional
	Audience string `json:"audience,omitempty"`

	// Issuer is the OIDC issuer URL
	// +kubebuilder:default="https://kubernetes.default.svc"
	// +optional
	Issuer string `json:"issuer,omitempty"`

	// JWKSURL is the URL to fetch the JWKS from
	// +kubebuilder:default="https://kubernetes.default.svc/openid/v1/jwks"
	// +optional
	JWKSURL string `json:"jwksUrl,omitempty"`
}

KubernetesOIDCConfig configures OIDC for Kubernetes service account token validation

func (*KubernetesOIDCConfig) DeepCopy added in v0.0.40 

func (in *KubernetesOIDCConfig) DeepCopy() *KubernetesOIDCConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesOIDCConfig.

func (*KubernetesOIDCConfig) DeepCopyInto added in v0.0.40 

func (in *KubernetesOIDCConfig) DeepCopyInto(out *KubernetesOIDCConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MCPServer 

type MCPServer struct {
	metav1.TypeMeta   `json:",inline"` // nolint:revive
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   MCPServerSpec   `json:"spec,omitempty"`
	Status MCPServerStatus `json:"status,omitempty"`
}

MCPServer is the Schema for the mcpservers API

func (*MCPServer) DeepCopy 

func (in *MCPServer) DeepCopy() *MCPServer

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPServer.

func (*MCPServer) DeepCopyInto 

func (in *MCPServer) DeepCopyInto(out *MCPServer)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MCPServer) DeepCopyObject 

func (in *MCPServer) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type MCPServerList 

type MCPServerList struct {
	metav1.TypeMeta `json:",inline"` // nolint:revive
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []MCPServer `json:"items"`
}

MCPServerList contains a list of MCPServer

func (*MCPServerList) DeepCopy 

func (in *MCPServerList) DeepCopy() *MCPServerList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPServerList.

func (*MCPServerList) DeepCopyInto 

func (in *MCPServerList) DeepCopyInto(out *MCPServerList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MCPServerList) DeepCopyObject 

func (in *MCPServerList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type MCPServerPhase 

type MCPServerPhase string

MCPServerPhase is the phase of the MCPServer +kubebuilder:validation:Enum=Pending;Running;Failed;Terminating 

const (
	// MCPServerPhasePending means the MCPServer is being created
	MCPServerPhasePending MCPServerPhase = "Pending"

	// MCPServerPhaseRunning means the MCPServer is running
	MCPServerPhaseRunning MCPServerPhase = "Running"

	// MCPServerPhaseFailed means the MCPServer failed to start
	MCPServerPhaseFailed MCPServerPhase = "Failed"

	// MCPServerPhaseTerminating means the MCPServer is being deleted
	MCPServerPhaseTerminating MCPServerPhase = "Terminating"
)

type MCPServerSpec 

type MCPServerSpec struct {
	// Image is the container image for the MCP server
	// +kubebuilder:validation:Required
	Image string `json:"image"`

	// Transport is the transport method for the MCP server (stdio, streamable-http or sse)
	// +kubebuilder:validation:Enum=stdio;streamable-http;sse
	// +kubebuilder:default=stdio
	Transport string `json:"transport,omitempty"`

	// Port is the port to expose the MCP server on
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	// +kubebuilder:default=8080
	Port int32 `json:"port,omitempty"`

	// TargetPort is the port that MCP server listens to
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	// +optional
	TargetPort int32 `json:"targetPort,omitempty"`

	// Args are additional arguments to pass to the MCP server
	// +optional
	Args []string `json:"args,omitempty"`

	// Env are environment variables to set in the MCP server container
	// +optional
	Env []EnvVar `json:"env,omitempty"`

	// Volumes are volumes to mount in the MCP server container
	// +optional
	Volumes []Volume `json:"volumes,omitempty"`

	// Resources defines the resource requirements for the MCP server container
	// +optional
	Resources ResourceRequirements `json:"resources,omitempty"`

	// Secrets are references to secrets to mount in the MCP server container
	// +optional
	Secrets []SecretRef `json:"secrets,omitempty"`

	// PermissionProfile defines the permission profile to use
	// +optional
	PermissionProfile *PermissionProfileRef `json:"permissionProfile,omitempty"`

	// PodTemplateSpec defines the pod template to use for the MCP server
	// This allows for customizing the pod configuration beyond what is provided by the other fields.
	// Note that to modify the specific container the MCP server runs in, you must specify
	// the `mcp` container name in the PodTemplateSpec.
	// +optional
	PodTemplateSpec *corev1.PodTemplateSpec `json:"podTemplateSpec,omitempty"`

	// ResourceOverrides allows overriding annotations and labels for resources created by the operator
	// +optional
	ResourceOverrides *ResourceOverrides `json:"resourceOverrides,omitempty"`

	// OIDCConfig defines OIDC authentication configuration for the MCP server
	// +optional
	OIDCConfig *OIDCConfigRef `json:"oidcConfig,omitempty"`
}

MCPServerSpec defines the desired state of MCPServer

func (*MCPServerSpec) DeepCopy 

func (in *MCPServerSpec) DeepCopy() *MCPServerSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPServerSpec.

func (*MCPServerSpec) DeepCopyInto 

func (in *MCPServerSpec) DeepCopyInto(out *MCPServerSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MCPServerStatus 

type MCPServerStatus struct {
	// Conditions represent the latest available observations of the MCPServer's state
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// URL is the URL where the MCP server can be accessed
	// +optional
	URL string `json:"url,omitempty"`

	// Phase is the current phase of the MCPServer
	// +optional
	Phase MCPServerPhase `json:"phase,omitempty"`

	// Message provides additional information about the current phase
	// +optional
	Message string `json:"message,omitempty"`
}

MCPServerStatus defines the observed state of MCPServer

func (*MCPServerStatus) DeepCopy 

func (in *MCPServerStatus) DeepCopy() *MCPServerStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCPServerStatus.

func (*MCPServerStatus) DeepCopyInto 

func (in *MCPServerStatus) DeepCopyInto(out *MCPServerStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkPermissions 

type NetworkPermissions struct {
	// Outbound defines the outbound network permissions
	// +optional
	Outbound *OutboundNetworkPermissions `json:"outbound,omitempty"`
}

NetworkPermissions defines the network permissions for an MCP server

func (*NetworkPermissions) DeepCopy 

func (in *NetworkPermissions) DeepCopy() *NetworkPermissions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPermissions.

func (*NetworkPermissions) DeepCopyInto 

func (in *NetworkPermissions) DeepCopyInto(out *NetworkPermissions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OIDCConfigRef added in v0.0.40 

type OIDCConfigRef struct {
	// Type is the type of OIDC configuration
	// +kubebuilder:validation:Enum=kubernetes;configmap;inline
	// +kubebuilder:default=kubernetes
	Type string `json:"type"`

	// Kubernetes configures OIDC for Kubernetes service account token validation
	// Only used when Type is "kubernetes"
	// +optional
	Kubernetes *KubernetesOIDCConfig `json:"kubernetes,omitempty"`

	// ConfigMap references a ConfigMap containing OIDC configuration
	// Only used when Type is "configmap"
	// +optional
	ConfigMap *ConfigMapOIDCRef `json:"configMap,omitempty"`

	// Inline contains direct OIDC configuration
	// Only used when Type is "inline"
	// +optional
	Inline *InlineOIDCConfig `json:"inline,omitempty"`
}

OIDCConfigRef defines a reference to OIDC configuration

func (*OIDCConfigRef) DeepCopy added in v0.0.40 

func (in *OIDCConfigRef) DeepCopy() *OIDCConfigRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCConfigRef.

func (*OIDCConfigRef) DeepCopyInto added in v0.0.40 

func (in *OIDCConfigRef) DeepCopyInto(out *OIDCConfigRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OutboundNetworkPermissions 

type OutboundNetworkPermissions struct {
	// InsecureAllowAll allows all outbound network connections (not recommended)
	// +kubebuilder:default=false
	// +optional
	InsecureAllowAll bool `json:"insecureAllowAll,omitempty"`

	// AllowTransport is a list of transport protocols to allow (e.g., "tcp", "udp")
	// +optional
	AllowTransport []string `json:"allowTransport,omitempty"`

	// AllowHost is a list of hosts to allow connections to
	// +optional
	AllowHost []string `json:"allowHost,omitempty"`

	// AllowPort is a list of ports to allow connections to
	// +optional
	AllowPort []int32 `json:"allowPort,omitempty"`
}

OutboundNetworkPermissions defines the outbound network permissions

func (*OutboundNetworkPermissions) DeepCopy 

func (in *OutboundNetworkPermissions) DeepCopy() *OutboundNetworkPermissions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutboundNetworkPermissions.

func (*OutboundNetworkPermissions) DeepCopyInto 

func (in *OutboundNetworkPermissions) DeepCopyInto(out *OutboundNetworkPermissions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PermissionProfileRef 

type PermissionProfileRef struct {
	// Type is the type of permission profile reference
	// +kubebuilder:validation:Enum=builtin;configmap
	// +kubebuilder:default=builtin
	Type string `json:"type"`

	// Name is the name of the permission profile
	// If Type is "builtin", Name must be one of: "none", "network"
	// If Type is "configmap", Name is the name of the ConfigMap
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Key is the key in the ConfigMap that contains the permission profile
	// Only used when Type is "configmap"
	// +optional
	Key string `json:"key,omitempty"`
}

PermissionProfileRef defines a reference to a permission profile

func (*PermissionProfileRef) DeepCopy 

func (in *PermissionProfileRef) DeepCopy() *PermissionProfileRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionProfileRef.

func (*PermissionProfileRef) DeepCopyInto 

func (in *PermissionProfileRef) DeepCopyInto(out *PermissionProfileRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PermissionProfileSpec 

type PermissionProfileSpec struct {
	// Read is a list of paths that the MCP server can read from
	// +optional
	Read []string `json:"read,omitempty"`

	// Write is a list of paths that the MCP server can write to
	// +optional
	Write []string `json:"write,omitempty"`

	// Network defines the network permissions for the MCP server
	// +optional
	Network *NetworkPermissions `json:"network,omitempty"`
}

PermissionProfileSpec defines the permissions for an MCP server

func (*PermissionProfileSpec) DeepCopy 

func (in *PermissionProfileSpec) DeepCopy() *PermissionProfileSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionProfileSpec.

func (*PermissionProfileSpec) DeepCopyInto 

func (in *PermissionProfileSpec) DeepCopyInto(out *PermissionProfileSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourceList 

type ResourceList struct {
	// CPU is the CPU limit in cores (e.g., "500m" for 0.5 cores)
	// +optional
	CPU string `json:"cpu,omitempty"`

	// Memory is the memory limit in bytes (e.g., "64Mi" for 64 megabytes)
	// +optional
	Memory string `json:"memory,omitempty"`
}

ResourceList is a set of (resource name, quantity) pairs

func (*ResourceList) DeepCopy 

func (in *ResourceList) DeepCopy() *ResourceList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceList.

func (*ResourceList) DeepCopyInto 

func (in *ResourceList) DeepCopyInto(out *ResourceList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourceMetadataOverrides added in v0.0.40 

type ResourceMetadataOverrides struct {
	// Annotations to add or override on the resource
	// +optional
	Annotations map[string]string `json:"annotations,omitempty"`

	// Labels to add or override on the resource
	// +optional
	Labels map[string]string `json:"labels,omitempty"`
}

ResourceMetadataOverrides defines metadata overrides for a resource

func (*ResourceMetadataOverrides) DeepCopy added in v0.0.40 

func (in *ResourceMetadataOverrides) DeepCopy() *ResourceMetadataOverrides

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceMetadataOverrides.

func (*ResourceMetadataOverrides) DeepCopyInto added in v0.0.40 

func (in *ResourceMetadataOverrides) DeepCopyInto(out *ResourceMetadataOverrides)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourceOverrides added in v0.0.40 

type ResourceOverrides struct {
	// ProxyDeployment defines overrides for the Proxy Deployment resource (toolhive proxy)
	// +optional
	ProxyDeployment *ResourceMetadataOverrides `json:"proxyDeployment,omitempty"`

	// ProxyService defines overrides for the Proxy Service resource (points to the proxy deployment)
	// +optional
	ProxyService *ResourceMetadataOverrides `json:"proxyService,omitempty"`
}

ResourceOverrides defines overrides for annotations and labels on created resources

func (*ResourceOverrides) DeepCopy added in v0.0.40 

func (in *ResourceOverrides) DeepCopy() *ResourceOverrides

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceOverrides.

func (*ResourceOverrides) DeepCopyInto added in v0.0.40 

func (in *ResourceOverrides) DeepCopyInto(out *ResourceOverrides)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourceRequirements 

type ResourceRequirements struct {
	// Limits describes the maximum amount of compute resources allowed
	// +optional
	Limits ResourceList `json:"limits,omitempty"`

	// Requests describes the minimum amount of compute resources required
	// +optional
	Requests ResourceList `json:"requests,omitempty"`
}

ResourceRequirements describes the compute resource requirements

func (*ResourceRequirements) DeepCopy 

func (in *ResourceRequirements) DeepCopy() *ResourceRequirements

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceRequirements.

func (*ResourceRequirements) DeepCopyInto 

func (in *ResourceRequirements) DeepCopyInto(out *ResourceRequirements)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretRef 

type SecretRef struct {
	// Name is the name of the secret
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Key is the key in the secret itself
	// +kubebuilder:validation:Required
	Key string `json:"key"`

	// TargetEnvName is the environment variable to be used when setting up the secret in the MCP server
	// If left unspecified, it defaults to the key
	// +optional
	TargetEnvName string `json:"targetEnvName,omitempty"`
}

SecretRef is a reference to a secret

func (*SecretRef) DeepCopy 

func (in *SecretRef) DeepCopy() *SecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRef.

func (*SecretRef) DeepCopyInto 

func (in *SecretRef) DeepCopyInto(out *SecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Volume 

type Volume struct {
	// Name is the name of the volume
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// HostPath is the path on the host to mount
	// +kubebuilder:validation:Required
	HostPath string `json:"hostPath"`

	// MountPath is the path in the container to mount to
	// +kubebuilder:validation:Required
	MountPath string `json:"mountPath"`

	// ReadOnly specifies whether the volume should be mounted read-only
	// +kubebuilder:default=false
	// +optional
	ReadOnly bool `json:"readOnly,omitempty"`
}

Volume represents a volume to mount in a container

func (*Volume) DeepCopy 

func (in *Volume) DeepCopy() *Volume

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Volume.

func (*Volume) DeepCopyInto 

func (in *Volume) DeepCopyInto(out *Volume)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.