Skip to content

NO-JIRA: Sync downstream #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 21 commits into from
Oct 25, 2025
Merged

NO-JIRA: Sync downstream #60

merged 21 commits into from
Oct 25, 2025

Conversation

@Cali0707
Copy link

This PR should bring the remainder of the provider/manager interface changes that we added upstream and unblock #58 and #51

manusa and others added 21 commits October 20, 2025 16:59
@manusa
refactor(kubernetes): Provider implementations deal with Manager inst…
7f4edfd 
…antiations (containers#379)

* refactor(kubernetes): Provider implementations deal with Manager instantiations

Removed `*Manager` parameter from `ProviderFactory`.

Provider implementations should deal with the appropriate (base) Manager instantiation
if needed at all.

Manager creation function divided into two explicit functions:
- NewKubeconfigManager: to be used when using KubeConfig files
- NewInClusterManager: to be used inside a cluster

New functions contain validations to ensure they are used in the expected places.
This ensures that the right manager is used by the provider implementation.

Fake kubeconfig for in-cluster Manager is now generated when the Manager is created.
This kubeconfig has the "magic" strings (inClusterKubeConfigDefaultContext) that are
used by the MCP server and tool mutators.

Signed-off-by: Marc Nuri <[email protected]>

* review: Provider implementation refactor

Signed-off-by: Marc Nuri <[email protected]>

---------

Signed-off-by: Marc Nuri <[email protected]>
@matzew
feat(http): add custom CA certificate support for OIDC providers
49afbad
@manusa
feat(ci): update release configuration for npm publishing using OIDC (c…
ffc7b6c 
…ontainers#381)

- https://github.blog/changelog/2025-09-29-strengthening-npm-security-important-changes-to-authentication-and-token-management/
- https://docs.npmjs.com/trusted-publishers

Signed-off-by: Marc Nuri <[email protected]>
@Cali0707
chore(deps): bump golangci-lint from 2.2.2 to 2.5.0 to avoid panic (c…
c3bc991 
…ontainers#383)

Signed-off-by: Calum Murray <[email protected]>
@dependabot
build(deps): bump github.com/mark3labs/mcp-go from 0.41.1 to 0.42.0 (c…
0c78a1e 
…ontainers#388)

Bumps [github.com/mark3labs/mcp-go](https://github.com/mark3labs/mcp-go) from 0.41.1 to 0.42.0.
- [Release notes](https://github.com/mark3labs/mcp-go/releases)
- [Commits](mark3labs/mcp-go@v0.41.1...v0.42.0)

---
updated-dependencies:
- dependency-name: github.com/mark3labs/mcp-go
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@matzew
feat(auth): add local development environment with Kind and Keycloak …
7fe604e 
…for OIDC (containers#354)

* Initial KinD setup

Signed-off-by: Matthias Wessendorf <[email protected]>

* Initial Keycloak container setup

Signed-off-by: Matthias Wessendorf <[email protected]>

* Adding an initial realm setup

Signed-off-by: Matthias Wessendorf <[email protected]>

* Adding OIDC issuer and realm updates, adding cert-manager and handling self-signed certificates

Signed-off-by: Matthias Wessendorf <[email protected]>

* Updates to script b/c of invalid auth config

Signed-off-by: Matthias Wessendorf <[email protected]>

* Adjusting ports and better support for mac/podman

Signed-off-by: Matthias Wessendorf <[email protected]>

* Addressing review comments:
* do not expose all internal tasks, just keep the important targets documents
* remove the keycloak-forward
* move binaries for dev tools to _output
* generate a configuration TOML file into the _output folder

Signed-off-by: Matthias Wessendorf <[email protected]>

---------

Signed-off-by: Matthias Wessendorf <[email protected]>
@Cali0707
fix(dev): do not use in-use port in example run command (containers#394)
75eeaac 
Signed-off-by: Calum Murray <[email protected]>
@Cali0707
cleanup: refactor all the keycloak setup to json files (containers#390)
aab9441 
Signed-off-by: Calum Murray <[email protected]>
@blublinsky @matzew
add support for nodes query (containers#384)
3072d19 
* feat(http): add custom CA certificate support for OIDC providers

add support for nodes logs

Signed-off-by: blublinsky <[email protected]>

* removed some tools

Signed-off-by: blublinsky <[email protected]>

---------

Signed-off-by: blublinsky <[email protected]>
Co-authored-by: Matthias Wessendorf <[email protected]>
@matzew
fix(dev): change kind host port to 8000 (containers#398)
b898127 
Signed-off-by: Matthias Wessendorf <[email protected]>
@manusa
feat(ai): add CLAUDE.md instructions and update AGENTS.md (containers…
acf465b 
…#397)

Adds a softlink to AGENTS.md so that CLAUDE can reuse the
information.

Signed-off-by: Marc Nuri <[email protected]>
@manusa
feat(config): default configuration with merge support for downstream…
07783a4 
… overrides (containers#396)

* feat(config): default configuration with merge support for downstream overrides

Creates the required infrastructure for downstream forks to be able to provide
default config overrides without modifying the original source code.

Downstream forks should be able to create merge/rebase scripts that
automatically accepted downstream merge conflicts in config_default_overrides.go
since this file will never change upstream.

Example usage for downstream forks:

To customize defaults, simply populate fields in the returned StaticConfig:

```go
func defaultOverrides() *StaticConfig {
  return &StaticConfig{
    ListOutput: "json",           // Override default list output format
    Toolsets:   []string{"core"}, // Override default enabled toolsets
    Port:       "9000",           // Override default port
  }
}
```

Any fields specified here will override the base defaults defined in config_default.go.
Fields not specified will preserve their base default values.

Signed-off-by: Marc Nuri <[email protected]>

* test: skip downstream toolset (full) tests

Skips toolset metadata tests in case there are config overrides.
This is useful in downstream forks where the default toolsets
might be different to those upstream.

Signed-off-by: Marc Nuri <[email protected]>

---------

Signed-off-by: Marc Nuri <[email protected]>
@manusa
test(mcp):update mcp processing tests to use testify and improve read…
b1e4757 
…ability (containers#401)

Signed-off-by: Marc Nuri <[email protected]>
@manusa
fix(nodes): reviewed kubernetes.nodes implementation (containers#399)
56f7ede 
* fix(nodes): reviewed kubernetes.nodes implementation

- Changed node_log tool name to nodes_log for consistency
- Added access control check for nodes and configured denied resources
- Migrated tests to testify
- Added complete test coverage for nodes_log

https://kubernetes.io/docs/concepts/cluster-administration/system-logs/#log-query

Signed-off-by: Marc Nuri <[email protected]>

* test(nodes): add test for nodes_log tool with negative tail argument

Signed-off-by: Marc Nuri <[email protected]>

---------

Signed-off-by: Marc Nuri <[email protected]>
@manusa
test(pods): update PodsExec tests to use testify and improve readabil…
9b3deb4 
…ity (containers#400)

* test(pods): update PodsExec tests to use testify and improve readability

Signed-off-by: Marc Nuri <[email protected]>

* review: enhance namespace="" test description for pods_exec clarity

Signed-off-by: Marc Nuri <[email protected]>

---------

Signed-off-by: Marc Nuri <[email protected]>
@manusa
test(pods): update PodsTop tests to use testify and improve readabili…
3d4dcab 
…ty (containers#402)

Signed-off-by: Marc Nuri <[email protected]>
@Cali0707
fix(dev): do not require cors-disabled browsers for dev auth flow (co…
54f7e7f 
…ntainers#393)

Signed-off-by: Calum Murray <[email protected]>
@manusa
fix(http): well-known mitm propagates original headers (containers#406)
e86686a 
Signed-off-by: Marc Nuri <[email protected]>
@Cali0707
Merge remote-tracking branch 'downstream/main' into sync-downstream
0d57ba6
@Cali0707
upstream<carry>: Downstream
31ce256
@Cali0707
upstream<drop>: go mod tidy/vendor
1545750
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Oct 24, 2025
@openshift-ci-robot
Copy link

@Cali0707: This pull request explicitly references no jira issue.

In response to this:

This PR should bring the remainder of the provider/manager interface changes that we added upstream and unblock #58 and #51

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@Cali0707
Copy link
Author

/cc @harche @manusa @matzew

@openshift-ci openshift-ci bot requested review from harche and matzew October 24, 2025 19:14
@openshift-ci
Copy link

openshift-ci bot commented Oct 24, 2025

@Cali0707: GitHub didn't allow me to request PR reviews from the following users: manusa.

Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

/cc @harche @manusa @matzew

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci openshift-ci bot requested a review from ardaguclu October 24, 2025 19:14
@openshift-ci
Copy link

openshift-ci bot commented Oct 24, 2025

@Cali0707: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

harche
harche approved these changes Oct 24, 2025
View reviewed changes
Copy link

@harche harche left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Oct 24, 2025
@ardaguclu
Copy link
Member

/approve

@openshift-ci
Copy link

openshift-ci bot commented Oct 25, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ardaguclu, Cali0707, harche

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 25, 2025
@openshift-merge-bot openshift-merge-bot bot merged commit ce29678 into openshift:main Oct 25, 2025
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matzew matzew Awaiting requested review from matzew

@ardaguclu ardaguclu Awaiting requested review from ardaguclu

1 more reviewer

@harche harche harche approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@harche harche

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@Cali0707 @openshift-ci-robot @ardaguclu @harche @manusa @matzew @blublinsky