Kubernetes CRD reference
Packages
toolhive.stacklok.dev/v1alpha1
Package v1alpha1 contains API Schema definitions for the toolhive v1alpha1 API group
Resource Types
AuditConfig
AuditConfig defines audit logging configuration for the MCP server
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean | Enabled controls whether audit logging is enabled When true, enables audit logging with default configuration | false |
AuthzConfigRef
AuthzConfigRef defines a reference to authorization configuration
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
type string | Type is the type of authorization configuration | configMap | Enum: [configMap inline] |
configMap ConfigMapAuthzRef | ConfigMap references a ConfigMap containing authorization configuration Only used when Type is "configMap" | ||
inline InlineAuthzConfig | Inline contains direct authorization configuration Only used when Type is "inline" |
ConfigMapAuthzRef
ConfigMapAuthzRef references a ConfigMap containing authorization configuration
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name is the name of the ConfigMap | Required: {} | |
key string | Key is the key in the ConfigMap that contains the authorization configuration | authz.json |
ConfigMapOIDCRef
ConfigMapOIDCRef references a ConfigMap containing OIDC configuration
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name is the name of the ConfigMap | Required: {} | |
key string | Key is the key in the ConfigMap that contains the OIDC configuration | oidc.json |
ConfigMapSource
ConfigMapSource defines ConfigMap source configuration
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name is the name of the ConfigMap | MinLength: 1 Required: {} | |
key string | Key is the key in the ConfigMap that contains the registry data | registry.json | MinLength: 1 |
EnvVar
EnvVar represents an environment variable in a container
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name of the environment variable | Required: {} | |
value string | Value of the environment variable | Required: {} |
InlineAuthzConfig
InlineAuthzConfig contains direct authorization configuration
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
policies string array | Policies is a list of Cedar policy strings | MinItems: 1 Required: {} | |
entitiesJson string | EntitiesJSON is a JSON string representing Cedar entities | [] |
InlineOIDCConfig
InlineOIDCConfig contains direct OIDC configuration
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
issuer string | Issuer is the OIDC issuer URL | Required: {} | |
audience string | Audience is the expected audience for the token | ||
jwksUrl string | JWKSURL is the URL to fetch the JWKS from | ||
introspectionUrl string | IntrospectionURL is the URL for token introspection endpoint | ||
clientId string | ClientID is the OIDC client ID | ||
clientSecret string | ClientSecret is the client secret for introspection (optional) | ||
thvCABundlePath string | ThvCABundlePath is the path to CA certificate bundle file for HTTPS requests The file must be mounted into the pod (e.g., via ConfigMap or Secret volume) | ||
jwksAuthTokenPath string | JWKSAuthTokenPath is the path to file containing bearer token for JWKS/OIDC requests The file must be mounted into the pod (e.g., via Secret volume) | ||
jwksAllowPrivateIP boolean | JWKSAllowPrivateIP allows JWKS/OIDC endpoints on private IP addresses Use with caution - only enable for trusted internal IDPs | false |
KubernetesOIDCConfig
KubernetesOIDCConfig configures OIDC for Kubernetes service account token validation
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
serviceAccount string | ServiceAccount is the name of the service account to validate tokens for If empty, uses the pod's service account | ||
namespace string | Namespace is the namespace of the service account If empty, uses the MCPServer's namespace | ||
audience string | Audience is the expected audience for the token | toolhive | |
issuer string | Issuer is the OIDC issuer URL | https://kubernetes.default.svc | |
jwksUrl string | JWKSURL is the URL to fetch the JWKS from If empty, OIDC discovery will be used to automatically determine the JWKS URL | ||
introspectionUrl string | IntrospectionURL is the URL for token introspection endpoint If empty, OIDC discovery will be used to automatically determine the introspection URL | ||
useClusterAuth boolean | UseClusterAuth enables using the Kubernetes cluster's CA bundle and service account token When true, uses /var/run/secrets/kubernetes.io/serviceaccount/ca.crt for TLS verification and /var/run/secrets/kubernetes.io/serviceaccount/token for bearer token authentication Defaults to true if not specified |
MCPRegistry
MCPRegistry is the Schema for the mcpregistries API ⚠️ Experimental API (v1alpha1) — subject to change.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | toolhive.stacklok.dev/v1alpha1 | ||
kind string | MCPRegistry | ||
kind string | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | ||
apiVersion string | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec MCPRegistrySpec | |||
status MCPRegistryStatus |
MCPRegistryList
MCPRegistryList contains a list of MCPRegistry
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | toolhive.stacklok.dev/v1alpha1 | ||
kind string | MCPRegistryList | ||
kind string | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | ||
apiVersion string | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | ||
metadata ListMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
items MCPRegistry array |
MCPRegistryPhase
Underlying type: string
MCPRegistryPhase represents the phase of the MCPRegistry
Validation:
- Enum: [Pending Ready Failed Syncing Terminating]
Appears in:
| Field | Description |
|---|---|
Pending | MCPRegistryPhasePending means the MCPRegistry is being initialized |
Ready | MCPRegistryPhaseReady means the MCPRegistry is ready and operational |
Failed | MCPRegistryPhaseFailed means the MCPRegistry has failed |
Syncing | MCPRegistryPhaseSyncing means the MCPRegistry is currently syncing data |
Terminating | MCPRegistryPhaseTerminating means the MCPRegistry is being deleted |
MCPRegistrySource
MCPRegistrySource defines the source configuration for registry data
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
type string | Type is the type of source (configmap) | configmap | Enum: [configmap] |
format string | Format is the data format (toolhive, upstream) | toolhive | Enum: [toolhive upstream] |
configmap ConfigMapSource | ConfigMap defines the ConfigMap source configuration Only used when Type is "configmap" |
MCPRegistrySpec
MCPRegistrySpec defines the desired state of MCPRegistry
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
displayName string | DisplayName is a human-readable name for the registry | ||
source MCPRegistrySource | Source defines the configuration for the registry data source | Required: {} | |
syncPolicy SyncPolicy | SyncPolicy defines the automatic synchronization behavior for the registry. If specified, enables automatic synchronization at the given interval. Manual synchronization is always supported via annotation-based triggers regardless of this setting. | ||
filter RegistryFilter | Filter defines include/exclude patterns for registry content |
MCPRegistryStatus
MCPRegistryStatus defines the observed state of MCPRegistry
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
phase MCPRegistryPhase | Phase represents the current phase of the MCPRegistry | Enum: [Pending Ready Failed Syncing Terminating] | |
message string | Message provides additional information about the current phase | ||
lastSyncTime Time | LastSyncTime is the timestamp of the last successful sync | ||
lastSyncHash string | LastSyncHash is the hash of the last successfully synced data Used to detect changes in source data | ||
serverCount integer | ServerCount is the total number of servers in the registry | Minimum: 0 | |
deployedServerCount integer | DeployedServerCount is the number of deployed servers with matching labels | Minimum: 0 | |
syncAttempts integer | SyncAttempts is the number of sync attempts since last success | Minimum: 0 | |
apiEndpoint string | APIEndpoint is the URL of the registry API service | ||
storageRef StorageReference | StorageRef is a reference to the internal storage location | ||
conditions Condition array | Conditions represent the latest available observations of the MCPRegistry's state |
MCPServer
MCPServer is the Schema for the mcpservers API
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | toolhive.stacklok.dev/v1alpha1 | ||
kind string | MCPServer | ||
kind string | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | ||
apiVersion string | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec MCPServerSpec | |||
status MCPServerStatus |
MCPServerList
MCPServerList contains a list of MCPServer
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | toolhive.stacklok.dev/v1alpha1 | ||
kind string | MCPServerList | ||
kind string | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | ||
apiVersion string | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | ||
metadata ListMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
items MCPServer array |
MCPServerPhase
Underlying type: string
MCPServerPhase is the phase of the MCPServer
Validation:
- Enum: [Pending Running Failed Terminating]
Appears in:
| Field | Description |
|---|---|
Pending | MCPServerPhasePending means the MCPServer is being created |
Running | MCPServerPhaseRunning means the MCPServer is running |
Failed | MCPServerPhaseFailed means the MCPServer failed to start |
Terminating | MCPServerPhaseTerminating means the MCPServer is being deleted |
MCPServerSpec
MCPServerSpec defines the desired state of MCPServer
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
image string | Image is the container image for the MCP server | Required: {} | |
transport string | Transport is the transport method for the MCP server (stdio, streamable-http or sse) | stdio | Enum: [stdio streamable-http sse] |
proxyMode string | ProxyMode is the proxy mode for stdio transport (sse or streamable-http) This setting is only used when Transport is "stdio" | sse | Enum: [sse streamable-http] |
port integer | Port is the port to expose the MCP server on | 8080 | Maximum: 65535 Minimum: 1 |
targetPort integer | TargetPort is the port that MCP server listens to | Maximum: 65535 Minimum: 1 | |
args string array | Args are additional arguments to pass to the MCP server | ||
env EnvVar array | Env are environment variables to set in the MCP server container | ||
volumes Volume array | Volumes are volumes to mount in the MCP server container | ||
resources ResourceRequirements | Resources defines the resource requirements for the MCP server container | ||
secrets SecretRef array | Secrets are references to secrets to mount in the MCP server container | ||
serviceAccount string | ServiceAccount is the name of an already existing service account to use by the MCP server. If not specified, a ServiceAccount will be created automatically and used by the MCP server. | ||
permissionProfile PermissionProfileRef | PermissionProfile defines the permission profile to use | ||
podTemplateSpec PodTemplateSpec | PodTemplateSpec defines the pod template to use for the MCP server This allows for customizing the pod configuration beyond what is provided by the other fields. Note that to modify the specific container the MCP server runs in, you must specify the mcp container name in the PodTemplateSpec. | ||
resourceOverrides ResourceOverrides | ResourceOverrides allows overriding annotations and labels for resources created by the operator | ||
oidcConfig OIDCConfigRef | OIDCConfig defines OIDC authentication configuration for the MCP server | ||
authzConfig AuthzConfigRef | AuthzConfig defines authorization policy configuration for the MCP server | ||
audit AuditConfig | Audit defines audit logging configuration for the MCP server | ||
tools string array | ToolsFilter is the filter on tools applied to the MCP server Deprecated: Use ToolConfigRef instead | ||
toolConfigRef ToolConfigRef | ToolConfigRef references a MCPToolConfig resource for tool filtering and renaming. The referenced MCPToolConfig must exist in the same namespace as this MCPServer. Cross-namespace references are not supported for security and isolation reasons. If specified, this takes precedence over the inline ToolsFilter field. | ||
telemetry TelemetryConfig | Telemetry defines observability configuration for the MCP server |
MCPServerStatus
MCPServerStatus defines the observed state of MCPServer
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | Conditions represent the latest available observations of the MCPServer's state | ||
toolConfigHash string | ToolConfigHash stores the hash of the referenced ToolConfig for change detection | ||
url string | URL is the URL where the MCP server can be accessed | ||
phase MCPServerPhase | Phase is the current phase of the MCPServer | Enum: [Pending Running Failed Terminating] | |
message string | Message provides additional information about the current phase |
MCPToolConfig
MCPToolConfig is the Schema for the mcptoolconfigs API. MCPToolConfig resources are namespace-scoped and can only be referenced by MCPServer resources within the same namespace. Cross-namespace references are not supported for security and isolation reasons.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | toolhive.stacklok.dev/v1alpha1 | ||
kind string | MCPToolConfig | ||
kind string | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | ||
apiVersion string | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec MCPToolConfigSpec | |||
status MCPToolConfigStatus |
MCPToolConfigList
MCPToolConfigList contains a list of MCPToolConfig
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | toolhive.stacklok.dev/v1alpha1 | ||
kind string | MCPToolConfigList | ||
kind string | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | ||
apiVersion string | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | ||
metadata ListMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
items MCPToolConfig array |
MCPToolConfigSpec
MCPToolConfigSpec defines the desired state of MCPToolConfig. MCPToolConfig resources are namespace-scoped and can only be referenced by MCPServer resources in the same namespace.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
toolsFilter string array | ToolsFilter is a list of tool names to filter (allow list). Only tools in this list will be exposed by the MCP server. If empty, all tools are exposed. | ||
toolsOverride object (keys:string, values:ToolOverride) | ToolsOverride is a map from actual tool names to their overridden configuration. This allows renaming tools and/or changing their descriptions. |
MCPToolConfigStatus
MCPToolConfigStatus defines the observed state of MCPToolConfig
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
observedGeneration integer | ObservedGeneration is the most recent generation observed for this MCPToolConfig. It corresponds to the MCPToolConfig's generation, which is updated on mutation by the API Server. | ||
configHash string | ConfigHash is a hash of the current configuration for change detection | ||
referencingServers string array | ReferencingServers is a list of MCPServer resources that reference this MCPToolConfig This helps track which servers need to be reconciled when this config changes |
NameFilter
NameFilter defines name-based filtering
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
include string array | Include is a list of glob patterns to include | ||
exclude string array | Exclude is a list of glob patterns to exclude |
NetworkPermissions
NetworkPermissions defines the network permissions for an MCP server
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
outbound OutboundNetworkPermissions | Outbound defines the outbound network permissions |
OIDCConfigRef
OIDCConfigRef defines a reference to OIDC configuration
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
type string | Type is the type of OIDC configuration | kubernetes | Enum: [kubernetes configMap inline] |
resourceUrl string | ResourceURL is the explicit resource URL for OAuth discovery endpoint (RFC 9728) If not specified, defaults to the in-cluster Kubernetes service URL | ||
kubernetes KubernetesOIDCConfig | Kubernetes configures OIDC for Kubernetes service account token validation Only used when Type is "kubernetes" | ||
configMap ConfigMapOIDCRef | ConfigMap references a ConfigMap containing OIDC configuration Only used when Type is "configmap" | ||
inline InlineOIDCConfig | Inline contains direct OIDC configuration Only used when Type is "inline" |
OpenTelemetryConfig
OpenTelemetryConfig defines pure OpenTelemetry configuration
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean | Enabled controls whether OpenTelemetry is enabled | false | |
endpoint string | Endpoint is the OTLP endpoint URL for tracing and metrics | ||
serviceName string | ServiceName is the service name for telemetry If not specified, defaults to the MCPServer name | ||
headers string array | Headers contains authentication headers for the OTLP endpoint Specified as key=value pairs | ||
insecure boolean | Insecure indicates whether to use HTTP instead of HTTPS for the OTLP endpoint | false | |
metrics OpenTelemetryMetricsConfig | Metrics defines OpenTelemetry metrics-specific configuration | ||
tracing OpenTelemetryTracingConfig | Tracing defines OpenTelemetry tracing configuration |
OpenTelemetryMetricsConfig
OpenTelemetryMetricsConfig defines OpenTelemetry metrics configuration
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean | Enabled controls whether OTLP metrics are sent | false |
OpenTelemetryTracingConfig
OpenTelemetryTracingConfig defines OpenTelemetry tracing configuration
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean | Enabled controls whether OTLP tracing is sent | false | |
samplingRate string | SamplingRate is the trace sampling rate (0.0-1.0) | 0.05 |
OutboundNetworkPermissions
OutboundNetworkPermissions defines the outbound network permissions
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
insecureAllowAll boolean | InsecureAllowAll allows all outbound network connections (not recommended) | false | |
allowHost string array | AllowHost is a list of hosts to allow connections to | ||
allowPort integer array | AllowPort is a list of ports to allow connections to |
PermissionProfileRef
PermissionProfileRef defines a reference to a permission profile
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
type string | Type is the type of permission profile reference | builtin | Enum: [builtin configmap] |
name string | Name is the name of the permission profile If Type is "builtin", Name must be one of: "none", "network" If Type is "configmap", Name is the name of the ConfigMap | Required: {} | |
key string | Key is the key in the ConfigMap that contains the permission profile Only used when Type is "configmap" |
PrometheusConfig
PrometheusConfig defines Prometheus-specific configuration
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean | Enabled controls whether Prometheus metrics endpoint is exposed | false |
ProxyDeploymentOverrides
ProxyDeploymentOverrides defines overrides specific to the proxy deployment
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
annotations object (keys:string, values:string) | Annotations to add or override on the resource | ||
labels object (keys:string, values:string) | Labels to add or override on the resource | ||
podTemplateMetadataOverrides ResourceMetadataOverrides | |||
env EnvVar array | Env are environment variables to set in the proxy container (thv run process) These affect the toolhive proxy itself, not the MCP server it manages |
RegistryFilter
RegistryFilter defines include/exclude patterns for registry content
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
names NameFilter | NameFilters defines name-based filtering | ||
tags TagFilter | Tags defines tag-based filtering |
ResourceList
ResourceList is a set of (resource name, quantity) pairs
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
cpu string | CPU is the CPU limit in cores (e.g., "500m" for 0.5 cores) | ||
memory string | Memory is the memory limit in bytes (e.g., "64Mi" for 64 megabytes) |
ResourceMetadataOverrides
ResourceMetadataOverrides defines metadata overrides for a resource
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
annotations object (keys:string, values:string) | Annotations to add or override on the resource | ||
labels object (keys:string, values:string) | Labels to add or override on the resource |
ResourceOverrides
ResourceOverrides defines overrides for annotations and labels on created resources
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
proxyDeployment ProxyDeploymentOverrides | ProxyDeployment defines overrides for the Proxy Deployment resource (toolhive proxy) | ||
proxyService ResourceMetadataOverrides | ProxyService defines overrides for the Proxy Service resource (points to the proxy deployment) |
ResourceRequirements
ResourceRequirements describes the compute resource requirements
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
limits ResourceList | Limits describes the maximum amount of compute resources allowed | ||
requests ResourceList | Requests describes the minimum amount of compute resources required |
SecretRef
SecretRef is a reference to a secret
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name is the name of the secret | Required: {} | |
key string | Key is the key in the secret itself | Required: {} | |
targetEnvName string | TargetEnvName is the environment variable to be used when setting up the secret in the MCP server If left unspecified, it defaults to the key |
StorageReference
StorageReference defines a reference to internal storage
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
type string | Type is the storage type (configmap) | Enum: [configmap] | |
configMapRef LocalObjectReference | ConfigMapRef is a reference to a ConfigMap storage Only used when Type is "configmap" |
SyncPolicy
SyncPolicy defines automatic synchronization behavior. When specified, enables automatic synchronization at the given interval. Manual synchronization via annotation-based triggers is always available regardless of this policy setting.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
interval string | Interval is the sync interval for automatic synchronization (Go duration format) Examples: "1h", "30m", "24h" | Pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ Required: {} |
TagFilter
TagFilter defines tag-based filtering
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
include string array | Include is a list of tags to include | ||
exclude string array | Exclude is a list of tags to exclude |
TelemetryConfig
TelemetryConfig defines observability configuration for the MCP server
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
openTelemetry OpenTelemetryConfig | OpenTelemetry defines OpenTelemetry configuration | ||
prometheus PrometheusConfig | Prometheus defines Prometheus-specific configuration |
ToolConfigRef
ToolConfigRef defines a reference to a MCPToolConfig resource. The referenced MCPToolConfig must be in the same namespace as the MCPServer.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name is the name of the MCPToolConfig resource in the same namespace | Required: {} |
ToolOverride
ToolOverride represents a tool override configuration. Both Name and Description can be overridden independently, but they can't be both empty.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name is the redefined name of the tool | ||
description string | Description is the redefined description of the tool |
Volume
Volume represents a volume to mount in a container
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name is the name of the volume | Required: {} | |
hostPath string | HostPath is the path on the host to mount | Required: {} | |
mountPath string | MountPath is the path in the container to mount to | Required: {} | |
readOnly boolean | ReadOnly specifies whether the volume should be mounted read-only | false |