feat: add kubernetes_list_workloads tool (#33)

tembleking · web-flow · commit 92e73552a188 · 2025-11-24T14:15:46.000+01:00
diff --git a/AGENTS.md b/AGENTS.md
@@ -51,6 +51,7 @@ The handler filters tools dynamically based on `GetMyPermissions` from Sysdig Se
 | `generate_sysql` | `tool_generate_sysql.go` | Convert natural language to SysQL via Sysdig Sage. | `sage.exec` (does not work with Service Accounts) | “Create a SysQL to list S3 buckets.” |
 | `kubernetes_list_clusters` | `tool_kubernetes_list_clusters.go` | Lists Kubernetes cluster information. | `promql.exec` | "List all Kubernetes clusters" |
 | `kubernetes_list_nodes` | `tool_kubernetes_list_nodes.go` | Lists Kubernetes node information. | `promql.exec` | "List all Kubernetes nodes in the cluster 'production-gke'" |
+| `kubernetes_list_workloads` | `tool_kubernetes_list_workloads.go` | Lists Kubernetes workload information. | `promql.exec` | "List all desired workloads in the cluster 'production-gke' and namespace 'default'" |
 
 Every tool has a companion `_test.go` file that exercises request validation, permission metadata, and Sysdig client calls through mocks.
 Note that if you add more tools you need to also update this file to reflect that.
diff --git a/README.md b/README.md
@@ -118,6 +118,11 @@ The server dynamically filters the available tools based on the permissions asso
   - **Required Permission**: `promql.exec`
   - **Sample Prompt**: "List all kubernetes nodes in the cluster 'production-gke'" or "Show me info for node 'node-123'"
 
+- **`kubernetes_list_workloads`**
+  - **Description**: Lists all the workloads that are in a particular state, desired, ready, running or unavailable. The LLM can filter by cluster, namespace, workload name or type.
+  - **Required Permission**: `promql.exec`
+  - **Sample Prompt**: "List all desired workloads in the cluster 'production-gke' and namespace 'default'"
+
 ## Requirements
 
 - [Go](https://go.dev/doc/install) 1.25 or higher (if running without Docker).
diff --git a/cmd/server/main.go b/cmd/server/main.go
@@ -97,6 +97,7 @@ func setupHandler(sysdigClient sysdig.ExtendedClientWithResponsesInterface) *mcp
 
 		tools.NewKubernetesListClusters(sysdigClient),
 		tools.NewKubernetesListNodes(sysdigClient),
+		tools.NewKubernetesListWorkloads(sysdigClient),
 	)
 	return handler
 }
diff --git a/internal/infra/mcp/tools/tool_kubernetes_list_workloads.go b/internal/infra/mcp/tools/tool_kubernetes_list_workloads.go
@@ -0,0 +1,106 @@
+package tools
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"strings"
+
+	"github.com/mark3labs/mcp-go/mcp"
+	"github.com/mark3labs/mcp-go/server"
+	"github.com/sysdiglabs/sysdig-mcp-server/internal/infra/sysdig"
+)
+
+type KubernetesListWorkloads struct {
+	SysdigClient sysdig.ExtendedClientWithResponsesInterface
+}
+
+func NewKubernetesListWorkloads(sysdigClient sysdig.ExtendedClientWithResponsesInterface) *KubernetesListWorkloads {
+	return &KubernetesListWorkloads{
+		SysdigClient: sysdigClient,
+	}
+}
+
+func (t *KubernetesListWorkloads) RegisterInServer(s *server.MCPServer) {
+	tool := mcp.NewTool("kubernetes_list_workloads",
+		mcp.WithDescription("Lists all the workloads that are in a particular state, desired, ready, running or unavailable. The LLM can filter by cluster, namespace, workload name or type."),
+		mcp.WithString("status",
+			mcp.Description("The status of the workload."),
+			mcp.Enum("desired", "ready", "running", "unavailable"),
+			mcp.Required(),
+		),
+		mcp.WithString("cluster_name", mcp.Description("The name of the cluster to filter by.")),
+		mcp.WithString("namespace_name", mcp.Description("The name of the namespace to filter by.")),
+		mcp.WithString("workload_name", mcp.Description("The name of the workload to filter by.")),
+		mcp.WithString("workload_type",
+			mcp.Description("The type of the workload."),
+			mcp.Enum("deployment", "daemonset", "statefulset"),
+		),
+		mcp.WithNumber("limit",
+			mcp.Description("Maximum number of workloads to return."),
+			mcp.DefaultNumber(10),
+		),
+		mcp.WithOutputSchema[map[string]any](),
+		WithRequiredPermissions(), // FIXME(fede): Add the required permissions. It should be `promql.exec` but somehow the token does not have that permission even if you are able to execute queries.
+	)
+	s.AddTool(tool, t.handle)
+}
+
+func (t *KubernetesListWorkloads) handle(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
+	status := mcp.ParseString(request, "status", "")
+	clusterName := mcp.ParseString(request, "cluster_name", "")
+	namespaceName := mcp.ParseString(request, "namespace_name", "")
+	workloadName := mcp.ParseString(request, "workload_name", "")
+	workloadType := mcp.ParseString(request, "workload_type", "")
+	limit := mcp.ParseInt(request, "limit", 10)
+
+	query := buildKubeWorkloadInfoQuery(status, clusterName, namespaceName, workloadName, workloadType)
+
+	limitQuery := sysdig.LimitQuery(limit)
+	params := &sysdig.GetQueryV1Params{
+		Query: query,
+		Limit: &limitQuery,
+	}
+
+	httpResp, err := t.SysdigClient.GetQueryV1(ctx, params)
+	if err != nil {
+		return mcp.NewToolResultErrorFromErr("failed to get workload list", err), nil
+	}
+
+	if httpResp.StatusCode != 200 {
+		bodyBytes, _ := io.ReadAll(httpResp.Body)
+		return mcp.NewToolResultErrorf("failed to get workload list: status code %d, body: %s", httpResp.StatusCode, string(bodyBytes)), nil
+	}
+
+	var queryResponse sysdig.QueryResponseV1
+	if err := json.NewDecoder(httpResp.Body).Decode(&queryResponse); err != nil {
+		return mcp.NewToolResultErrorFromErr("failed to decode response", err), nil
+	}
+
+	return mcp.NewToolResultJSON(queryResponse)
+}
+
+func buildKubeWorkloadInfoQuery(status, clusterName, namespaceName, workloadName, workloadType string) string {
+	filters := []string{}
+	if clusterName != "" {
+		filters = append(filters, fmt.Sprintf("kube_cluster_name=\"%s\"", clusterName))
+	}
+	if namespaceName != "" {
+		filters = append(filters, fmt.Sprintf("kube_namespace_name=\"%s\"", namespaceName))
+	}
+	if workloadName != "" {
+		filters = append(filters, fmt.Sprintf("kube_workload_name=\"%s\"", workloadName))
+	}
+	if workloadType != "" {
+		filters = append(filters, fmt.Sprintf("kube_workload_type=\"%s\"", workloadType))
+	}
+
+	metric := fmt.Sprintf("kube_workload_status_%s", status)
+
+	if len(filters) == 0 {
+		return metric
+	}
+
+	return fmt.Sprintf("%s{%s}", metric, strings.Join(filters, ","))
+}
diff --git a/internal/infra/mcp/tools/tool_kubernetes_list_workloads_test.go b/internal/infra/mcp/tools/tool_kubernetes_list_workloads_test.go
@@ -0,0 +1,153 @@
+package tools_test
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"net/http"
+
+	"github.com/mark3labs/mcp-go/mcp"
+	"github.com/mark3labs/mcp-go/server"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	"github.com/sysdiglabs/sysdig-mcp-server/internal/infra/mcp/tools"
+	"github.com/sysdiglabs/sysdig-mcp-server/internal/infra/sysdig"
+	"github.com/sysdiglabs/sysdig-mcp-server/internal/infra/sysdig/mocks"
+	"go.uber.org/mock/gomock"
+)
+
+var _ = Describe("KubernetesListWorkloads Tool", func() {
+	var (
+		tool       *tools.KubernetesListWorkloads
+		mockSysdig *mocks.MockExtendedClientWithResponsesInterface
+		mcpServer  *server.MCPServer
+		ctrl       *gomock.Controller
+	)
+
+	BeforeEach(func() {
+		ctrl = gomock.NewController(GinkgoT())
+		mockSysdig = mocks.NewMockExtendedClientWithResponsesInterface(ctrl)
+		tool = tools.NewKubernetesListWorkloads(mockSysdig)
+		mcpServer = server.NewMCPServer("test", "test")
+		tool.RegisterInServer(mcpServer)
+	})
+
+	It("should register successfully in the server", func() {
+		Expect(mcpServer.GetTool("kubernetes_list_workloads")).NotTo(BeNil())
+	})
+
+	When("listing workloads", func() {
+		DescribeTable("it succeeds", func(ctx context.Context, toolName string, request mcp.CallToolRequest, expectedParamsRequested sysdig.GetQueryV1Params) {
+			mockSysdig.EXPECT().GetQueryV1(gomock.Any(), &expectedParamsRequested).Return(&http.Response{
+				StatusCode: http.StatusOK,
+				Body:       io.NopCloser(bytes.NewBufferString(`{"status":"success"}`)),
+			}, nil)
+
+			serverTool := mcpServer.GetTool(toolName)
+			result, err := serverTool.Handler(ctx, request)
+			Expect(err).NotTo(HaveOccurred())
+
+			resultData, ok := result.Content[0].(mcp.TextContent)
+			Expect(ok).To(BeTrue())
+			Expect(resultData.Text).To(MatchJSON(`{"status":"success"}`))
+		},
+			Entry(nil,
+				"kubernetes_list_workloads",
+				mcp.CallToolRequest{
+					Params: mcp.CallToolParams{
+						Name:      "kubernetes_list_workloads",
+						Arguments: map[string]any{"status": "desired"},
+					},
+				},
+				sysdig.GetQueryV1Params{
+					Query: `kube_workload_status_desired`,
+					Limit: asPtr(sysdig.LimitQuery(10)),
+				},
+			),
+			Entry(nil,
+				"kubernetes_list_workloads",
+				mcp.CallToolRequest{
+					Params: mcp.CallToolParams{
+						Name:      "kubernetes_list_workloads",
+						Arguments: map[string]any{"status": "ready", "limit": "20"},
+					},
+				},
+				sysdig.GetQueryV1Params{
+					Query: `kube_workload_status_ready`,
+					Limit: asPtr(sysdig.LimitQuery(20)),
+				},
+			),
+			Entry(nil,
+				"kubernetes_list_workloads",
+				mcp.CallToolRequest{
+					Params: mcp.CallToolParams{
+						Name:      "kubernetes_list_workloads",
+						Arguments: map[string]any{"status": "running", "cluster_name": "my_cluster"},
+					},
+				},
+				sysdig.GetQueryV1Params{
+					Query: `kube_workload_status_running{kube_cluster_name="my_cluster"}`,
+					Limit: asPtr(sysdig.LimitQuery(10)),
+				},
+			),
+			Entry(nil,
+				"kubernetes_list_workloads",
+				mcp.CallToolRequest{
+					Params: mcp.CallToolParams{
+						Name:      "kubernetes_list_workloads",
+						Arguments: map[string]any{"status": "unavailable", "namespace_name": "my_namespace"},
+					},
+				},
+				sysdig.GetQueryV1Params{
+					Query: `kube_workload_status_unavailable{kube_namespace_name="my_namespace"}`,
+					Limit: asPtr(sysdig.LimitQuery(10)),
+				},
+			),
+			Entry(nil,
+				"kubernetes_list_workloads",
+				mcp.CallToolRequest{
+					Params: mcp.CallToolParams{
+						Name:      "kubernetes_list_workloads",
+						Arguments: map[string]any{"status": "desired", "workload_name": "my_workload"},
+					},
+				},
+				sysdig.GetQueryV1Params{
+					Query: `kube_workload_status_desired{kube_workload_name="my_workload"}`,
+					Limit: asPtr(sysdig.LimitQuery(10)),
+				},
+			),
+			Entry(nil,
+				"kubernetes_list_workloads",
+				mcp.CallToolRequest{
+					Params: mcp.CallToolParams{
+						Name:      "kubernetes_list_workloads",
+						Arguments: map[string]any{"status": "ready", "workload_type": "deployment"},
+					},
+				},
+				sysdig.GetQueryV1Params{
+					Query: `kube_workload_status_ready{kube_workload_type="deployment"}`,
+					Limit: asPtr(sysdig.LimitQuery(10)),
+				},
+			),
+			Entry(nil,
+				"kubernetes_list_workloads",
+				mcp.CallToolRequest{
+					Params: mcp.CallToolParams{
+						Name: "kubernetes_list_workloads",
+						Arguments: map[string]any{
+							"status":         "running",
+							"cluster_name":   "my_cluster",
+							"namespace_name": "my_namespace",
+							"workload_name":  "my_workload",
+							"workload_type":  "statefulset",
+						},
+					},
+				},
+				sysdig.GetQueryV1Params{
+					Query: `kube_workload_status_running{kube_cluster_name="my_cluster",kube_namespace_name="my_namespace",kube_workload_name="my_workload",kube_workload_type="statefulset"}`,
+					Limit: asPtr(sysdig.LimitQuery(10)),
+				},
+			),
+		)
+	})
+})

Original file line number	Diff line number	Diff line change
`@@ -97,6 +97,7 @@ func setupHandler(sysdigClient sysdig.ExtendedClientWithResponsesInterface) *mcp`
`97`	`97`
`98`	`98`	`tools.NewKubernetesListClusters(sysdigClient),`
`99`	`99`	`tools.NewKubernetesListNodes(sysdigClient),`
	`100`	`+ tools.NewKubernetesListWorkloads(sysdigClient),`
`100`	`101`	`)`
`101`	`102`	`return handler`
`102`	`103`	`}`