feat: add troubleshoot_kubernetes_list_top_unavailable_pods tool (#36)

Author: tembleking

AGENTS.md

@@ -54,6 +54,7 @@ The handler filters tools dynamically based on `GetMyPermissions` from Sysdig Se
 | `kubernetes_list_workloads` | `tool_kubernetes_list_workloads.go` | Lists Kubernetes workload information. | `promql.exec` | "List all desired workloads in the cluster 'production-gke' and namespace 'default'" |
 | `kubernetes_list_pod_containers` | `tool_kubernetes_list_pod_containers.go` | Retrieves information from a particular pod and container. | `promql.exec` | "Show me info for pod 'my-pod' in cluster 'production-gke'" |
 | `kubernetes_list_cronjobs` | `tool_kubernetes_list_cronjobs.go` | Retrieves information from the cronjobs in the cluster. | `promql.exec` | "List all cronjobs in cluster 'prod' and namespace 'default'" |
+| `troubleshoot_kubernetes_list_top_unavailable_pods` | `tool_troubleshoot_kubernetes_list_top_unavailable_pods.go` | Shows the top N pods with the highest number of unavailable or unready replicas. | `promql.exec` | "Show the top 20 unavailable pods in cluster 'production'" |
 
 Every tool has a companion `_test.go` file that exercises request validation, permission metadata, and Sysdig client calls through mocks.
 Note that if you add more tools you need to also update this file to reflect that.

README.md

@@ -133,6 +133,11 @@ The server dynamically filters the available tools based on the permissions asso
   - **Required Permission**: `promql.exec`
   - **Sample Prompt**: "List all cronjobs in cluster 'prod' and namespace 'default'"
 
+- **`troubleshoot_kubernetes_list_top_unavailable_pods`**
+  - **Description**: Shows the top N pods with the highest number of unavailable or unready replicas in a Kubernetes cluster, ordered from highest to lowest.
+  - **Required Permission**: `promql.exec`
+  - **Sample Prompt**: "Show the top 20 unavailable pods in cluster 'production'"
+
 ## Requirements
 
 - [Go](https://go.dev/doc/install) 1.25 or higher (if running without Docker).

cmd/server/main.go

@@ -100,6 +100,7 @@ func setupHandler(sysdigClient sysdig.ExtendedClientWithResponsesInterface) *mcp
 		tools.NewKubernetesListCronjobs(sysdigClient),
 		tools.NewKubernetesListWorkloads(sysdigClient),
 		tools.NewKubernetesListPodContainers(sysdigClient),
+		tools.NewTroubleshootKubernetesListTopUnavailablePods(sysdigClient),
 	)
 	return handler
 }

internal/infra/mcp/tools/tool_troubleshoot_kubernetes_list_top_unavailable_pods.go

@@ -0,0 +1,115 @@
+package tools
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"strings"
+
+	"github.com/mark3labs/mcp-go/mcp"
+	"github.com/mark3labs/mcp-go/server"
+	"github.com/sysdiglabs/sysdig-mcp-server/internal/infra/sysdig"
+)
+
+type TroubleshootKubernetesListTopUnavailablePods struct {
+	SysdigClient sysdig.ExtendedClientWithResponsesInterface
+}
+
+func NewTroubleshootKubernetesListTopUnavailablePods(sysdigClient sysdig.ExtendedClientWithResponsesInterface) *TroubleshootKubernetesListTopUnavailablePods {
+	return &TroubleshootKubernetesListTopUnavailablePods{
+		SysdigClient: sysdigClient,
+	}
+}
+
+func (t *TroubleshootKubernetesListTopUnavailablePods) RegisterInServer(s *server.MCPServer) {
+	tool := mcp.NewTool("troubleshoot_kubernetes_list_top_unavailable_pods",
+		mcp.WithDescription("Shows the top N pods with the highest number of unavailable or unready replicas in a Kubernetes cluster, ordered from highest to lowest."),
+		mcp.WithString("cluster_name", mcp.Description("The name of the cluster to filter by.")),
+		mcp.WithString("namespace_name", mcp.Description("The name of the namespace to filter by.")),
+		mcp.WithString("workload_type", mcp.Description("The type of the workload to filter by.")),
+		mcp.WithString("workload_name", mcp.Description("The name of the workload to filter by.")),
+		mcp.WithNumber("limit",
+			mcp.Description("Maximum number of pods to return."),
+			mcp.DefaultNumber(20),
+		),
+		mcp.WithOutputSchema[map[string]any](),
+		WithRequiredPermissions(), // FIXME(fede): Add the required permissions. It should be `promql.exec` but somehow the token does not have that permission even if you are able to execute queries.
+	)
+	s.AddTool(tool, t.handle)
+}
+
+func (t *TroubleshootKubernetesListTopUnavailablePods) handle(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
+	clusterName := mcp.ParseString(request, "cluster_name", "")
+	namespaceName := mcp.ParseString(request, "namespace_name", "")
+	workloadType := mcp.ParseString(request, "workload_type", "")
+	workloadName := mcp.ParseString(request, "workload_name", "")
+	limit := mcp.ParseInt(request, "limit", 20)
+
+	query := buildTopUnavailablePodsQuery(limit, clusterName, namespaceName, workloadType, workloadName)
+
+	params := &sysdig.GetQueryV1Params{
+		Query: query,
+	}
+
+	httpResp, err := t.SysdigClient.GetQueryV1(ctx, params)
+	if err != nil {
+		return mcp.NewToolResultErrorFromErr("failed to get top unavailable pods", err), nil
+	}
+
+	if httpResp.StatusCode != 200 {
+		bodyBytes, _ := io.ReadAll(httpResp.Body)
+		return mcp.NewToolResultErrorf("failed to get top unavailable pods: status code %d, body: %s", httpResp.StatusCode, string(bodyBytes)), nil
+	}
+
+	var queryResponse sysdig.QueryResponseV1
+	if err := json.NewDecoder(httpResp.Body).Decode(&queryResponse); err != nil {
+		return mcp.NewToolResultErrorFromErr("failed to decode response", err), nil
+	}
+
+	return mcp.NewToolResultJSON(queryResponse)
+}
+
+func buildTopUnavailablePodsQuery(limit int, clusterName, namespaceName, workloadType, workloadName string) string {
+	baseFilters := []string{}
+	if clusterName != "" {
+		baseFilters = append(baseFilters, fmt.Sprintf("kube_cluster_name=\"%s\"", clusterName))
+	}
+	if namespaceName != "" {
+		baseFilters = append(baseFilters, fmt.Sprintf("kube_namespace_name=\"%s\"", namespaceName))
+	}
+	if workloadType != "" {
+		baseFilters = append(baseFilters, fmt.Sprintf("kube_workload_type=\"%s\"", workloadType))
+	}
+	if workloadName != "" {
+		baseFilters = append(baseFilters, fmt.Sprintf("kube_workload_name=\"%s\"", workloadName))
+	}
+
+	// Filters for kube_workload_status_desired and kube_daemonset_status_number_ready
+	commonFiltersStr := strings.Join(baseFilters, ",")
+
+	// Filters for kube_workload_status_ready (needs extra filter)
+	readyFilters := append([]string{"kube_workload_type!=\"daemonset\""}, baseFilters...)
+	readyFiltersStr := strings.Join(readyFilters, ",")
+
+	return fmt.Sprintf(`topk (
+  %d,
+    (
+      sum by (kube_cluster_name, kube_namespace_name, kube_workload_name) (
+        kube_workload_status_desired{%s}
+      )
+    )
+  -
+      (
+          sum by (kube_cluster_name, kube_namespace_name, kube_workload_name) (
+              kube_workload_status_ready{%s}
+            or
+              kube_daemonset_status_number_ready{%s}
+          )
+        or
+          vector(0)
+      )
+    >
+      0 or vector(0)
+)`, limit, commonFiltersStr, readyFiltersStr, commonFiltersStr)
+}

internal/infra/mcp/tools/tool_troubleshoot_kubernetes_list_top_unavailable_pods_test.go

@@ -0,0 +1,158 @@
+package tools_test
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"net/http"
+
+	"github.com/mark3labs/mcp-go/mcp"
+	"github.com/mark3labs/mcp-go/server"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	"github.com/sysdiglabs/sysdig-mcp-server/internal/infra/mcp/tools"
+	"github.com/sysdiglabs/sysdig-mcp-server/internal/infra/sysdig"
+	"github.com/sysdiglabs/sysdig-mcp-server/internal/infra/sysdig/mocks"
+	"go.uber.org/mock/gomock"
+)
+
+var _ = Describe("TroubleshootKubernetesListTopUnavailablePods Tool", func() {
+	var (
+		tool       *tools.TroubleshootKubernetesListTopUnavailablePods
+		mockSysdig *mocks.MockExtendedClientWithResponsesInterface
+		mcpServer  *server.MCPServer
+		ctrl       *gomock.Controller
+	)
+
+	BeforeEach(func() {
+		ctrl = gomock.NewController(GinkgoT())
+		mockSysdig = mocks.NewMockExtendedClientWithResponsesInterface(ctrl)
+		tool = tools.NewTroubleshootKubernetesListTopUnavailablePods(mockSysdig)
+		mcpServer = server.NewMCPServer("test", "test")
+		tool.RegisterInServer(mcpServer)
+	})
+
+	It("should register successfully in the server", func() {
+		Expect(mcpServer.GetTool("troubleshoot_kubernetes_list_top_unavailable_pods")).NotTo(BeNil())
+	})
+
+	When("querying top unavailable pods", func() {
+		DescribeTable("it succeeds", func(ctx context.Context, toolName string, request mcp.CallToolRequest, expectedParamsRequested sysdig.GetQueryV1Params) {
+			mockSysdig.EXPECT().GetQueryV1(gomock.Any(), &expectedParamsRequested).Return(&http.Response{
+				StatusCode: http.StatusOK,
+				Body:       io.NopCloser(bytes.NewBufferString(`{"status":"success"}`)),
+			}, nil)
+
+			serverTool := mcpServer.GetTool(toolName)
+			result, err := serverTool.Handler(ctx, request)
+			Expect(err).NotTo(HaveOccurred())
+
+			resultData, ok := result.Content[0].(mcp.TextContent)
+			Expect(ok).To(BeTrue())
+			Expect(resultData.Text).To(MatchJSON(`{"status":"success"}`))
+		},
+			Entry("default params",
+				"troubleshoot_kubernetes_list_top_unavailable_pods",
+				mcp.CallToolRequest{
+					Params: mcp.CallToolParams{
+						Name:      "troubleshoot_kubernetes_list_top_unavailable_pods",
+						Arguments: map[string]any{},
+					},
+				},
+				sysdig.GetQueryV1Params{
+					Query: `topk (
+  20,
+    (
+      sum by (kube_cluster_name, kube_namespace_name, kube_workload_name) (
+        kube_workload_status_desired{}
+      )
+    )
+  -
+      (
+          sum by (kube_cluster_name, kube_namespace_name, kube_workload_name) (
+              kube_workload_status_ready{kube_workload_type!="daemonset"}
+            or
+              kube_daemonset_status_number_ready{}
+          )
+        or
+          vector(0)
+      )
+    >
+      0 or vector(0)
+)`,
+				},
+			),
+			Entry("with specific limit and cluster",
+				"troubleshoot_kubernetes_list_top_unavailable_pods",
+				mcp.CallToolRequest{
+					Params: mcp.CallToolParams{
+						Name: "troubleshoot_kubernetes_list_top_unavailable_pods",
+						Arguments: map[string]any{
+							"limit":        5,
+							"cluster_name": "my-cluster",
+						},
+					},
+				},
+				sysdig.GetQueryV1Params{
+					Query: `topk (
+  5,
+    (
+      sum by (kube_cluster_name, kube_namespace_name, kube_workload_name) (
+        kube_workload_status_desired{kube_cluster_name="my-cluster"}
+      )
+    )
+  -
+      (
+          sum by (kube_cluster_name, kube_namespace_name, kube_workload_name) (
+              kube_workload_status_ready{kube_workload_type!="daemonset",kube_cluster_name="my-cluster"}
+            or
+              kube_daemonset_status_number_ready{kube_cluster_name="my-cluster"}
+          )
+        or
+          vector(0)
+      )
+    >
+      0 or vector(0)
+)`,
+				},
+			),
+			Entry("with all filters",
+				"troubleshoot_kubernetes_list_top_unavailable_pods",
+				mcp.CallToolRequest{
+					Params: mcp.CallToolParams{
+						Name: "troubleshoot_kubernetes_list_top_unavailable_pods",
+						Arguments: map[string]any{
+							"limit":          10,
+							"cluster_name":   "my-cluster",
+							"namespace_name": "my-ns",
+							"workload_type":  "deployment",
+							"workload_name":  "my-app",
+						},
+					},
+				},
+				sysdig.GetQueryV1Params{
+					Query: `topk (
+  10,
+    (
+      sum by (kube_cluster_name, kube_namespace_name, kube_workload_name) (
+        kube_workload_status_desired{kube_cluster_name="my-cluster",kube_namespace_name="my-ns",kube_workload_type="deployment",kube_workload_name="my-app"}
+      )
+    )
+  -
+      (
+          sum by (kube_cluster_name, kube_namespace_name, kube_workload_name) (
+              kube_workload_status_ready{kube_workload_type!="daemonset",kube_cluster_name="my-cluster",kube_namespace_name="my-ns",kube_workload_type="deployment",kube_workload_name="my-app"}
+            or
+              kube_daemonset_status_number_ready{kube_cluster_name="my-cluster",kube_namespace_name="my-ns",kube_workload_type="deployment",kube_workload_name="my-app"}
+          )
+        or
+          vector(0)
+      )
+    >
+      0 or vector(0)
+)`,
+				},
+			),
+		)
+	})
+})