Minor improvements

Author: ardaguclu

pkg/kubernetes/kubernetes.go

@@ -141,6 +141,9 @@ func (m *Manager) ToRESTMapper() (meta.RESTMapper, error) {
 }
 
 func (m *Manager) Derived(ctx context.Context) *Kubernetes {
+	// If RequireOAuth is enabled, we are not allowed to
+	// create a kubeconfig using the client token, as it violates the token passthrough.
+	// MCP Server must use its own service account.
 	if m.staticConfig.RequireOAuth {
 		return &Kubernetes{manager: m}
 	}

pkg/kubernetes/pods.go

@@ -249,12 +249,22 @@ func (k *Kubernetes) PodsTop(ctx context.Context, options PodsTopOptions) (*metr
 		namespace = k.NamespaceOrDefault(namespace)
 	}
 
-	if err := k.CanClientAccess(ctx, &schema.GroupVersionResource{
-		Group:    "metrics.k8s.io",
-		Version:  "v1beta1",
-		Resource: "podmetrics",
-	}, options.Name, namespace, "get", ""); err != nil {
-		return nil, err
+	if options.Name != "" {
+		if err := k.CanClientAccess(ctx, &schema.GroupVersionResource{
+			Group:    "metrics.k8s.io",
+			Version:  "v1beta1",
+			Resource: "podmetrics",
+		}, options.Name, namespace, "get", ""); err != nil {
+			return nil, err
+		}
+	} else {
+		if err := k.CanClientAccess(ctx, &schema.GroupVersionResource{
+			Group:    "metrics.k8s.io",
+			Version:  "v1beta1",
+			Resource: "podmetrics",
+		}, "", namespace, "list", ""); err != nil {
+			return nil, err
+		}
 	}
 
 	return k.manager.accessControlClientSet.PodsMetricses(ctx, namespace, options.Name, options.ListOptions)