|
1 | 1 | # Kuadrant MCP Server |
2 | 2 |
|
3 | | -A Model Context Protocol (MCP) server that generates Kuadrant policy manifests. Designed to work alongside [mcp-server-kubernetes](https://github.com/Flux159/mcp-server-kubernetes) for applying resources to clusters. |
4 | | - |
5 | | - |
| 3 | +A Model Context Protocol (MCP) server for debugging Kuadrant installations. Provides structured debugging prompts and embedded troubleshooting guides. Designed to work alongside a Kubernetes MCP server (e.g. [mcp-server-kubernetes](https://github.com/Flux159/mcp-server-kubernetes)) for cluster interaction. |
6 | 4 |
|
7 | 5 | ## Quick Start |
8 | 6 |
|
@@ -60,89 +58,65 @@ docker run -i --rm ghcr.io/kuadrant/kuadrant-mcp-server:latest |
60 | 58 | } |
61 | 59 | ``` |
62 | 60 |
|
63 | | -## Tools |
| 61 | +## Prompts |
64 | 62 |
|
65 | | -| Tool | Description | |
66 | | -|------|-------------| |
67 | | -| `create_gateway` | Gateway manifest with Kuadrant annotations | |
68 | | -| `create_httproute` | HTTPRoute manifest | |
69 | | -| `create_dnspolicy` | DNSPolicy for DNS management | |
70 | | -| `create_tlspolicy` | TLSPolicy for certificate management | |
71 | | -| `create_ratelimitpolicy` | RateLimitPolicy for rate limiting | |
72 | | -| `create_tokenratelimitpolicy` | TokenRateLimitPolicy for AI/LLM APIs | |
73 | | -| `create_authpolicy` | AuthPolicy for authentication/authorisation | |
| 63 | +Structured debugging workflows that guide the LLM through diagnostic steps using a companion Kubernetes MCP server. |
74 | 64 |
|
75 | | -**Rate limit format**: Use `limit` and `window` fields (e.g., `"limit": 100, "window": "60s"`). |
| 65 | +| Prompt | Description | |
| 66 | +|--------|-------------| |
| 67 | +| `debug-installation` | Verify operator, CRDs, Kuadrant CR, Istio, Limitador, Authorino | |
| 68 | +| `debug-gateway` | Gateway not accepting traffic, listeners, Istio proxy | |
| 69 | +| `debug-dnspolicy` | DNS records not created, provider config, zone issues | |
| 70 | +| `debug-tlspolicy` | Certificates not issuing, issuer problems, cert-manager | |
| 71 | +| `debug-ratelimitpolicy` | Rate limits not enforced, Limitador health, targeting | |
| 72 | +| `debug-authpolicy` | Auth not enforced, Authorino health, rule matching | |
| 73 | +| `debug-telemetrypolicy` | Custom metrics not appearing, CEL expression issues | |
| 74 | +| `debug-tokenratelimitpolicy` | Token-based rate limiting not working | |
| 75 | +| `debug-policy-status` | Interpret status conditions on any policy | |
| 76 | +| `debug-policy-conflicts` | Override/default conflicts, policy hierarchy | |
76 | 77 |
|
77 | | -### Example Prompts |
| 78 | +### Example Usage |
78 | 79 |
|
79 | 80 | ``` |
80 | | -Create a Gateway named 'api-gateway' in namespace 'production' with HTTPS on port 443 |
| 81 | +Debug my Kuadrant installation in the kuadrant-system namespace |
81 | 82 |
|
82 | | -Create a RateLimitPolicy for HTTPRoute 'api-route' that limits to 100 requests per minute |
| 83 | +Why isn't my RateLimitPolicy 'api-limits' being enforced? |
83 | 84 |
|
84 | | -Set up an AuthPolicy requiring JWT auth from https://auth.example.com |
| 85 | +Help me understand the status conditions on my AuthPolicy |
85 | 86 |
|
86 | | -Show me the Kuadrant rate limiting documentation |
| 87 | +My DNSPolicy isn't creating DNS records - what's wrong? |
87 | 88 |
|
88 | | -Help me configure DNS with Route53 for my gateway |
| 89 | +Check if there are policy conflicts in the production namespace |
89 | 90 | ``` |
90 | 91 |
|
91 | 92 | ## Resources |
92 | 93 |
|
93 | | -Documentation is fetched from upstream repos and cached for 15 minutes. |
| 94 | +Embedded debugging guides bundled into the binary. No network access required. |
94 | 95 |
|
95 | 96 | | Resource | Description | |
96 | 97 | |----------|-------------| |
97 | | -| `kuadrant://docs/gateway-api` | Gateway API overview | |
98 | | -| `kuadrant://docs/dnspolicy` | DNSPolicy reference | |
99 | | -| `kuadrant://docs/ratelimitpolicy` | RateLimitPolicy reference | |
100 | | -| `kuadrant://docs/tokenratelimitpolicy` | TokenRateLimitPolicy reference | |
101 | | -| `kuadrant://docs/authpolicy` | AuthPolicy reference | |
102 | | -| `kuadrant://docs/tlspolicy` | TLSPolicy reference | |
103 | | -| `kuadrant://docs/telemetrypolicy` | TelemetryPolicy reference | |
104 | | -| `kuadrant://docs/kuadrant` | Kuadrant CR reference | |
105 | | -| `kuadrant://docs/authorino-features` | Authorino features | |
106 | | -| `kuadrant://docs/planpolicy` | PlanPolicy extension | |
107 | | -| `kuadrant://docs/secure-protect-connect` | Full walkthrough | |
108 | | -| `kuadrant://docs/simple-ratelimiting` | Rate limiting guide | |
109 | | -| `kuadrant://docs/auth-for-developers` | Auth guide | |
| 98 | +| `kuadrant://debug/installation` | Operator, CRDs, Kuadrant CR, Istio health | |
| 99 | +| `kuadrant://debug/gateway-istio` | Istio gateway proxy, listeners, envoy config | |
| 100 | +| `kuadrant://debug/dnspolicy` | DNS provider, zone config, record creation | |
| 101 | +| `kuadrant://debug/tlspolicy` | cert-manager, issuer, certificate lifecycle | |
| 102 | +| `kuadrant://debug/ratelimitpolicy` | Limitador health, rate limit enforcement | |
| 103 | +| `kuadrant://debug/authpolicy` | Authorino health, auth rule matching | |
| 104 | +| `kuadrant://debug/telemetrypolicy` | Custom metrics, CEL expressions | |
| 105 | +| `kuadrant://debug/tokenratelimitpolicy` | Token-based rate limiting | |
| 106 | +| `kuadrant://debug/status-conditions` | All status conditions across all policy types | |
| 107 | +| `kuadrant://debug/policy-conflicts` | Override/default hierarchy, multi-policy resolution | |
110 | 108 |
|
111 | 109 | ## Kubernetes Integration |
112 | 110 |
|
113 | | -Combine with mcp-server-kubernetes for a complete workflow: |
| 111 | +Combine with a Kubernetes MCP server for a complete debugging workflow: |
114 | 112 |
|
115 | 113 | ```bash |
116 | 114 | # Add both servers |
117 | 115 | claude mcp add -s user kuadrant docker -- run -i --rm ghcr.io/kuadrant/kuadrant-mcp-server:latest |
118 | 116 | claude mcp add -s user kubernetes npx -- @flux159/mcp-server-kubernetes |
119 | 117 | ``` |
120 | 118 |
|
121 | | -Then ask Claude to generate and deploy policies in one step. |
122 | | - |
123 | | -## API Versions |
124 | | - |
125 | | -| Resource | API Version | |
126 | | -|----------|-------------| |
127 | | -| Gateway/HTTPRoute | `gateway.networking.k8s.io/v1` | |
128 | | -| DNSPolicy | `kuadrant.io/v1` | |
129 | | -| TLSPolicy | `kuadrant.io/v1alpha1` | |
130 | | -| RateLimitPolicy | `kuadrant.io/v1` | |
131 | | -| TokenRateLimitPolicy | `kuadrant.io/v1` | |
132 | | -| AuthPolicy | `kuadrant.io/v1` | |
133 | | - |
134 | | -## Adding Resources |
135 | | - |
136 | | -Add to `resourceMapping` in `resources.go`: |
137 | | - |
138 | | -```go |
139 | | -"kuadrant://docs/newpolicy": { |
140 | | - url: "https://raw.githubusercontent.com/Kuadrant/kuadrant-operator/main/doc/reference/newpolicy.md", |
141 | | - name: "NewPolicy Reference", |
142 | | - description: "Description", |
143 | | - fallback: "# NewPolicy\n\nSee: https://docs.kuadrant.io/...", |
144 | | -}, |
145 | | -``` |
| 119 | +The debugging prompts direct the LLM to use the Kubernetes MCP server for cluster queries — checking pod status, reading resource conditions, fetching events, and reading logs. |
146 | 120 |
|
147 | 121 | ## Releases |
148 | 122 |
|
|
0 commit comments