From a90b4d34894a39b1f061f0ef9034a3cdb0e34221 Mon Sep 17 00:00:00 2001 From: Sebastian Maniak Date: Mon, 9 Mar 2026 15:55:45 -0400 Subject: [PATCH 1/2] docs: add comprehensive concept, CRD reference, and enterprise documentation Add 17 new MDX pages covering: - Core Concepts: tools ecosystem, human-in-the-loop, agent memory, prompt templates, multi-runtime (Go/Python ADK), git-based skills, context management - Resources: full Agent CRD reference (Agent, ModelConfig, RemoteMCPServer, MCPServer, ModelProviderConfig) - Solo Enterprise: overview, installation, security & access control, multicluster federation, observability (OTel/ClickHouse), enterprise UI, BYO agent frameworks (ADK/CrewAI/LangGraph), model providers, tools & MCP Update navigation.json with entries for all new pages. Co-Authored-By: Claude Opus 4.6 --- .../kagent/concepts/agent-memory/page.mdx | 104 +++++++++ .../concepts/context-management/page.mdx | 57 +++++ .../kagent/concepts/git-based-skills/page.mdx | 137 ++++++++++++ .../concepts/human-in-the-loop/page.mdx | 130 +++++++++++ .../kagent/concepts/multi-runtime/page.mdx | 104 +++++++++ .../kagent/concepts/prompt-templates/page.mdx | 102 +++++++++ .../kagent/concepts/tools-ecosystem/page.mdx | 204 ++++++++++++++++++ .../enterprise/agent-frameworks/page.mdx | 92 ++++++++ .../kagent/enterprise/enterprise-ui/page.mdx | 100 +++++++++ .../kagent/enterprise/installation/page.mdx | 113 ++++++++++ .../enterprise/model-providers/page.mdx | 68 ++++++ .../kagent/enterprise/multicluster/page.mdx | 91 ++++++++ .../kagent/enterprise/observability/page.mdx | 131 +++++++++++ src/app/docs/kagent/enterprise/page.mdx | 58 +++++ .../docs/kagent/enterprise/security/page.mdx | 93 ++++++++ .../enterprise/tools-mcp-servers/page.mdx | 82 +++++++ .../resources/agent-crd-reference/page.mdx | 194 +++++++++++++++++ src/config/navigation.json | 87 ++++++++ 18 files changed, 1947 insertions(+) create mode 100644 src/app/docs/kagent/concepts/agent-memory/page.mdx create mode 100644 src/app/docs/kagent/concepts/context-management/page.mdx create mode 100644 src/app/docs/kagent/concepts/git-based-skills/page.mdx create mode 100644 src/app/docs/kagent/concepts/human-in-the-loop/page.mdx create mode 100644 src/app/docs/kagent/concepts/multi-runtime/page.mdx create mode 100644 src/app/docs/kagent/concepts/prompt-templates/page.mdx create mode 100644 src/app/docs/kagent/concepts/tools-ecosystem/page.mdx create mode 100644 src/app/docs/kagent/enterprise/agent-frameworks/page.mdx create mode 100644 src/app/docs/kagent/enterprise/enterprise-ui/page.mdx create mode 100644 src/app/docs/kagent/enterprise/installation/page.mdx create mode 100644 src/app/docs/kagent/enterprise/model-providers/page.mdx create mode 100644 src/app/docs/kagent/enterprise/multicluster/page.mdx create mode 100644 src/app/docs/kagent/enterprise/observability/page.mdx create mode 100644 src/app/docs/kagent/enterprise/page.mdx create mode 100644 src/app/docs/kagent/enterprise/security/page.mdx create mode 100644 src/app/docs/kagent/enterprise/tools-mcp-servers/page.mdx create mode 100644 src/app/docs/kagent/resources/agent-crd-reference/page.mdx diff --git a/src/app/docs/kagent/concepts/agent-memory/page.mdx b/src/app/docs/kagent/concepts/agent-memory/page.mdx new file mode 100644 index 0000000..bd4f059 --- /dev/null +++ b/src/app/docs/kagent/concepts/agent-memory/page.mdx @@ -0,0 +1,104 @@ +--- +title: "Agent Memory" +pageOrder: 5 +description: "Enable vector-backed long-term memory for agents to learn from past interactions." +--- + +export const metadata = { + title: "Agent Memory", + description: "Enable vector-backed long-term memory for agents to learn from past interactions.", + author: "kagent.dev" +}; + +# Agent Memory + +kagent provides long-term memory for agents using vector similarity search. Agents can automatically save and retrieve relevant context across conversations. + +## Overview + +Memory in kagent is: +- **Vector-backed** — Uses embedding models to encode memories as 768-dimensional vectors +- **Searchable** — Retrieves relevant memories via cosine similarity +- **Automatic** — Extracts and saves memories periodically without explicit user action +- **Time-bounded** — Memories expire after a configurable TTL (default 15 days) + +## Supported Storage Backends + +| Backend | Description | +|---------|-------------| +| **pgvector** (PostgreSQL) | Full-featured vector search using the pgvector extension | +| **Turso/libSQL** (SQLite) | Lightweight alternative using SQLite-compatible storage | + +## Configuration + +### Enable Memory on an Agent + +```yaml +apiVersion: kagent.dev/v1alpha2 +kind: Agent +metadata: + name: memory-agent +spec: + type: Declarative + declarative: + modelConfig: default-model-config + systemMessage: "You are a helpful assistant with long-term memory." + memory: + enabled: true + embeddingProvider: + type: OpenAI + model: text-embedding-3-small +``` + +### Memory with Separate Embedding Provider + +```yaml +memory: + enabled: true + embeddingProvider: + type: OpenAI + model: text-embedding-3-small + secretRef: + name: openai-embedding-key +``` + +## How Memory Works + +### Automatic Save Cycle + +1. The agent processes user messages normally +2. Every 5th user message, the agent automatically extracts key information +3. Extracted memories are summarized and encoded as embedding vectors +4. Vectors are stored in the database with metadata and timestamps + +### Memory Retrieval (Prefetch) + +Before generating a response, the agent: +1. Encodes the current user message as an embedding vector +2. Searches stored memories by cosine similarity +3. Injects the most relevant memories into the agent's context + +### Memory Tools + +When memory is enabled, three tools are injected into the agent: + +| Tool | Description | +|------|-------------| +| `save_memory` | Explicitly save a piece of information | +| `load_memory` | Search for relevant memories by query | +| `prefetch_memory` | Automatically run before response generation | + +## Memory Management via API + +``` +GET /api/memories/{agentId} # List memories +DELETE /api/memories/{agentId} # Clear all memories +DELETE /api/memories/{agentId}/{id} # Delete specific memory +``` + +## Technical Details + +- Embedding vectors are normalized to 768 dimensions +- Background TTL pruning runs periodically (default retention: 15 days) +- Memory is per-agent — each agent has its own isolated memory store +- Memories include timestamps and source session references diff --git a/src/app/docs/kagent/concepts/context-management/page.mdx b/src/app/docs/kagent/concepts/context-management/page.mdx new file mode 100644 index 0000000..c58ddb6 --- /dev/null +++ b/src/app/docs/kagent/concepts/context-management/page.mdx @@ -0,0 +1,57 @@ +--- +title: "Context Management" +pageOrder: 9 +description: "Automatically summarize older messages to stay within LLM context windows during long conversations." +--- + +export const metadata = { + title: "Context Management", + description: "Automatically summarize older messages to stay within LLM context windows during long conversations.", + author: "kagent.dev" +}; + +# Context Management + +Long conversations can exceed LLM context windows. kagent provides **event compaction** to automatically summarize older messages, preserving key information while reducing token count. + +## Configuration + +```yaml +apiVersion: kagent.dev/v1alpha2 +kind: Agent +metadata: + name: long-conversation-agent +spec: + type: Declarative + declarative: + modelConfig: default-model-config + systemMessage: "You are a helpful agent for extended sessions." + context: + eventsCompaction: + enabled: true +``` + +## How It Works + +1. As the conversation progresses, events accumulate in the session history +2. When the history approaches the model's context limit, compaction triggers +3. Older events are summarized while preserving: + - Key decisions and outcomes + - Important tool results + - Critical context from earlier in the conversation +4. The agent continues with the compacted history seamlessly + +## When to Use + +Enable event compaction when: +- Agents handle long-running conversations (debugging sessions, investigations) +- Agents call many tools that generate large outputs +- You want to support extended interactions without hitting context limits + +You may not need it for: +- Short, single-turn interactions +- Agents with small tool sets that generate compact outputs + +## Context Caching Note + +Prompt caching (a separate optimization that caches the prompt prefix for faster responses) is **not** configured at the agent level. Most LLM providers enable prompt caching by default. diff --git a/src/app/docs/kagent/concepts/git-based-skills/page.mdx b/src/app/docs/kagent/concepts/git-based-skills/page.mdx new file mode 100644 index 0000000..4e04a64 --- /dev/null +++ b/src/app/docs/kagent/concepts/git-based-skills/page.mdx @@ -0,0 +1,137 @@ +--- +title: "Git-Based Skills" +pageOrder: 8 +description: "Load markdown knowledge documents from Git repositories to guide agent behavior." +--- + +export const metadata = { + title: "Git-Based Skills", + description: "Load markdown knowledge documents from Git repositories to guide agent behavior.", + author: "kagent.dev" +}; + +# Git-Based Skills + +Skills are markdown-based knowledge documents that agents load at startup. They provide domain-specific instructions, best practices, and procedures that guide agent behavior. + +kagent supports two sources for skills: +- **OCI images** — Container images containing skill files (original approach) +- **Git repositories** — Clone skills directly from Git repos + +## Skill File Format + +Each skill is a directory containing a `SKILL.md` file with YAML frontmatter: + +```markdown +--- +name: kubernetes-troubleshooting +description: Guide for diagnosing and fixing common Kubernetes issues +--- + +# Kubernetes Troubleshooting + +## Pod Crash Loops + +When a pod is in CrashLoopBackOff: + +1. Check logs: `kubectl logs --previous` +2. Check events: `kubectl describe pod ` +3. Verify resource limits... +``` + +## Git Repository Configuration + +### Basic Example + +```yaml +apiVersion: kagent.dev/v1alpha2 +kind: Agent +metadata: + name: my-agent +spec: + type: Declarative + declarative: + modelConfig: default-model-config + systemMessage: "You are a helpful agent." + skills: + gitRefs: + - url: https://github.com/myorg/agent-skills.git + ref: main +``` + +### With Subdirectory + +```yaml +skills: + gitRefs: + - url: https://github.com/myorg/monorepo.git + ref: main + path: skills/kubernetes +``` + +### Multiple Sources + +Combine Git and OCI skills: + +```yaml +skills: + refs: + - image: ghcr.io/myorg/k8s-skills:latest + gitRefs: + - url: https://github.com/myorg/skills-repo.git + ref: main + - url: https://github.com/myorg/another-repo.git + ref: develop + path: agent-skills +``` + +## Authentication + +### HTTPS Token Auth + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: git-credentials +type: Opaque +stringData: + token: ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +``` + +```yaml +skills: + gitAuthSecretRef: + name: git-credentials + gitRefs: + - url: https://github.com/myorg/private-skills.git + ref: main +``` + +### SSH Key Auth + +```yaml +skills: + gitAuthSecretRef: + name: git-ssh-key + gitRefs: + - url: git@github.com:myorg/private-skills.git + ref: main +``` + +> A single `gitAuthSecretRef` applies to all Git repositories in the agent. All repos must use the same authentication method. + +## How It Works + +Under the hood, kagent uses a lightweight init container (~30MB) containing Git and krane tools: + +1. Before the agent pod starts, the `skills-init` container runs +2. It clones each Git repository to the skills volume +3. It also pulls any OCI skill images +4. The agent runtime discovers skills from the mounted volume at startup + +## Skill Discovery at Runtime + +Once loaded, skills are available through the built-in `SkillsTool`: +- **List skills:** The agent calls the tool with no arguments to see available skills +- **Load skill:** The agent calls the tool with a skill name to get the full content diff --git a/src/app/docs/kagent/concepts/human-in-the-loop/page.mdx b/src/app/docs/kagent/concepts/human-in-the-loop/page.mdx new file mode 100644 index 0000000..6d14344 --- /dev/null +++ b/src/app/docs/kagent/concepts/human-in-the-loop/page.mdx @@ -0,0 +1,130 @@ +--- +title: "Human-in-the-Loop" +pageOrder: 4 +description: "Configure tool approval workflows and the Ask User interactive tool for human oversight of agent actions." +--- + +export const metadata = { + title: "Human-in-the-Loop", + description: "Configure tool approval workflows and the Ask User interactive tool for human oversight of agent actions.", + author: "kagent.dev" +}; + +# Human-in-the-Loop (HITL) + +kagent implements Human-in-the-Loop functionality through two mechanisms: + +1. **Tool Approval** — Require user confirmation before executing sensitive tools +2. **Ask User** — Allow agents to interactively ask users questions during execution + +Both features pause agent execution and wait for user input before continuing. + +## Tool Approval + +### Overview + +Tool approval lets you mark specific tools as requiring user confirmation before execution. When an agent attempts to call an approval-required tool, execution pauses and the UI presents Approve/Reject buttons. + +This is useful for destructive or sensitive operations like: +- Deleting Kubernetes resources +- Writing files +- Executing shell commands +- Modifying infrastructure + +### Configuration + +Add `requireApproval` to your Agent's tool specification. The values must be a subset of `toolNames`: + +```yaml +apiVersion: kagent.dev/v1alpha2 +kind: Agent +metadata: + name: k8s-agent +spec: + type: Declarative + declarative: + modelConfig: default-model-config + systemMessage: "You are a Kubernetes management agent." + tools: + - type: McpServer + mcpServer: + name: kagent-tool-server + kind: RemoteMCPServer + toolNames: + - read_file + - write_file + - delete_file + requireApproval: + - delete_file + - write_file +``` + +In this example, `read_file` executes immediately, but `write_file` and `delete_file` will pause for user approval. + +### How It Works + +**Interrupt Phase:** +1. The agent calls a tool marked for approval +2. The ADK generates an `adk_request_confirmation` event +3. The UI receives the event and displays approval controls + +**Decision Phase:** +4. The user clicks **Approve** or **Reject** in the UI +5. Optionally, the user provides a rejection reason + +**Resume Phase:** +6. **Approved** tools execute normally and return results +7. **Rejected** tools return a rejection message — the LLM sees this and responds accordingly + +### Parallel Tool Approval + +When an agent generates multiple tool calls simultaneously, all pending approvals are presented together. Users can approve/reject individually or in batch. + +### Rejection Reasons + +When rejecting a tool call, users can provide a free-text explanation. This reason is passed back to the LLM as context, helping it understand why the tool was blocked and adjust its approach. + +--- + +## Ask User Tool + +The `ask_user` tool is a built-in tool automatically added to every agent. It allows agents to pose questions to users with optional predefined choices during execution. + +Use cases: +- Clarifying ambiguous user requests +- Offering choices between implementation approaches +- Collecting configuration preferences +- Getting confirmation on proposed plans + +### Question Types + +| Type | Configuration | UI Rendering | +|------|--------------|--------------| +| Single-select | `choices: [...]`, `multiple: false` | Choice chips (select one) | +| Multi-select | `choices: [...]`, `multiple: true` | Choice chips (select many) | +| Free-text | `choices: []` | Text input field | + +### No Configuration Required + +The `ask_user` tool is added unconditionally to every agent as a built-in tool. You don't need to add it to your Agent spec — it's always available. + +## Architecture Summary + +``` +User --> UI --> A2A Message --> Executor --> ADK --> Tool + | + request_confirmation() + | + <-- input_required --> + | +User <-- UI <-- A2A Event <-- Executor <---- ADK <----+ + | + v (Approve/Reject/Answer) + | +User --> UI --> A2A Message --> Executor --> ADK --> Tool (resumes) +``` + +Key design principles: +- **Deterministic replay** — Approved calls re-invoke via ADK preprocessor without additional LLM calls +- **Minimal custom logic** — The executor only handles the resume path +- **Unified mechanism** — Both tool approval and ask_user share the same `request_confirmation` infrastructure diff --git a/src/app/docs/kagent/concepts/multi-runtime/page.mdx b/src/app/docs/kagent/concepts/multi-runtime/page.mdx new file mode 100644 index 0000000..0fe4481 --- /dev/null +++ b/src/app/docs/kagent/concepts/multi-runtime/page.mdx @@ -0,0 +1,104 @@ +--- +title: "Multi-Runtime Support" +pageOrder: 7 +description: "Choose between Go and Python ADK runtimes for your agents." +--- + +export const metadata = { + title: "Multi-Runtime Support", + description: "Choose between Go and Python ADK runtimes for your agents.", + author: "kagent.dev" +}; + +# Multi-Runtime Support (Go / Python ADK) + +kagent supports two Agent Development Kit (ADK) runtimes for declarative agents. + +## Overview + +| Feature | Python ADK | Go ADK | +|---------|-----------|--------| +| Startup time | ~15 seconds | ~2 seconds | +| Ecosystem | Google ADK, LangGraph, CrewAI integrations | Native Go implementation | +| Resource usage | Higher (Python runtime) | Lower (compiled binary) | +| Default | Yes | No | +| Memory support | Yes | Yes | +| MCP support | Yes | Yes | +| HITL support | Yes | Yes | + +## Configuration + +### Python Runtime (Default) + +```yaml +apiVersion: kagent.dev/v1alpha2 +kind: Agent +metadata: + name: python-agent +spec: + type: Declarative + declarative: + runtime: python + modelConfig: default-model-config + systemMessage: "You are a helpful agent." +``` + +### Go Runtime + +```yaml +apiVersion: kagent.dev/v1alpha2 +kind: Agent +metadata: + name: go-agent +spec: + type: Declarative + declarative: + runtime: go + modelConfig: default-model-config + systemMessage: "You are a fast-starting agent." +``` + +## When to Use Which + +**Choose Go when:** +- Fast startup matters (autoscaling, cold starts) +- Lower resource consumption is important +- You don't need Python-specific framework integrations + +**Choose Python when:** +- You need Google ADK-native features +- You want to use CrewAI, LangGraph, or OpenAI framework integrations +- You need Python-based custom tools or skills + +## Go ADK Built-in Tools + +| Tool | Description | +|------|-------------| +| `SkillsTool` | Discover and load skills from the skills directory | +| `BashTool` | Execute shell commands with timeout handling | +| `ReadFile` | Read file contents with line numbers and pagination | +| `WriteFile` | Write content to files (creates directories as needed) | +| `EditFile` | String replacement with ambiguity detection | + +## BYO (Bring Your Own) Agents + +For maximum flexibility, bring your own agent container: + +```yaml +apiVersion: kagent.dev/v1alpha2 +kind: Agent +metadata: + name: custom-agent +spec: + type: BYO + byo: + image: myregistry/my-custom-agent:v1.0 + deployment: + replicas: 1 + resources: + requests: + memory: "512Mi" + cpu: "500m" +``` + +BYO agents must implement the A2A protocol endpoint for communication with the kagent platform. diff --git a/src/app/docs/kagent/concepts/prompt-templates/page.mdx b/src/app/docs/kagent/concepts/prompt-templates/page.mdx new file mode 100644 index 0000000..af3a5ab --- /dev/null +++ b/src/app/docs/kagent/concepts/prompt-templates/page.mdx @@ -0,0 +1,102 @@ +--- +title: "Prompt Templates" +pageOrder: 6 +description: "Use Go template syntax to compose reusable prompt fragments from ConfigMaps." +--- + +export const metadata = { + title: "Prompt Templates", + description: "Use Go template syntax to compose reusable prompt fragments from ConfigMaps.", + author: "kagent.dev" +}; + +# Prompt Templates + +kagent supports Go `text/template` syntax in Agent system messages, enabling composition from reusable fragments stored in ConfigMaps. + +## Overview + +Instead of duplicating safety guidelines and tool usage instructions in every agent, you can: +1. Store common prompt fragments in ConfigMaps +2. Reference them using `{{include "source/key"}}` syntax +3. Use agent context variables for dynamic interpolation + +Template resolution happens during controller reconciliation — the final system message is fully expanded before reaching the agent runtime. + +## Built-in Prompt Templates + +kagent ships a `kagent-builtin-prompts` ConfigMap with five reusable templates: + +| Template Key | Description | +|-------------|-------------| +| `skills-usage` | Instructions for discovering and using skills | +| `tool-usage-best-practices` | Best practices for tool invocation | +| `safety-guardrails` | Safety and operational guardrails | +| `kubernetes-context` | Kubernetes-specific operational context | +| `a2a-communication` | Agent-to-agent communication guidelines | + +## Usage + +```yaml +apiVersion: kagent.dev/v1alpha2 +kind: Agent +metadata: + name: k8s-agent +spec: + type: Declarative + declarative: + modelConfig: default-model-config + promptTemplate: + dataSources: + - configMapRef: + name: kagent-builtin-prompts + - configMapRef: + name: my-custom-prompts + systemMessage: | + You are a Kubernetes management agent named {{.AgentName}}. + + {{include "kagent-builtin-prompts/safety-guardrails"}} + {{include "kagent-builtin-prompts/tool-usage-best-practices"}} + {{include "my-custom-prompts/k8s-specific-rules"}} + + Your tools: {{.ToolNames}} + Your skills: {{.SkillNames}} +``` + +### Available Template Variables + +| Variable | Description | +|----------|-------------| +| `{{.AgentName}}` | Name of the Agent resource | +| `{{.AgentNamespace}}` | Namespace of the Agent resource | +| `{{.Description}}` | Agent description | +| `{{.ToolNames}}` | Comma-separated list of tool names | +| `{{.SkillNames}}` | Comma-separated list of skill names | + +### Creating Custom Prompt Templates + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-custom-prompts +data: + incident-response: | + ## Incident Response Guidelines + When responding to incidents: + 1. Assess the severity (P1-P4) + 2. Check affected services and dependencies + 3. Review recent deployments and changes + 4. Collect relevant logs and metrics + 5. Propose remediation steps +``` + +## How It Works + +1. The controller watches ConfigMaps referenced in `promptTemplate.dataSources` +2. During reconciliation, `{{include "configmap-name/key"}}` directives are resolved +3. Template variables are interpolated +4. The fully expanded system message is written to the ADK config +5. ConfigMap changes trigger automatic re-reconciliation + +> **Security Note:** Only ConfigMaps are supported as data sources — Secret references were intentionally excluded to avoid leaking sensitive data into prompts sent to LLM providers. diff --git a/src/app/docs/kagent/concepts/tools-ecosystem/page.mdx b/src/app/docs/kagent/concepts/tools-ecosystem/page.mdx new file mode 100644 index 0000000..133b562 --- /dev/null +++ b/src/app/docs/kagent/concepts/tools-ecosystem/page.mdx @@ -0,0 +1,204 @@ +--- +title: "Tools Ecosystem" +pageOrder: 3 +description: "Explore the built-in MCP tools for Kubernetes, Helm, Istio, Prometheus, Grafana, Cilium, and Argo Rollouts." +--- + +export const metadata = { + title: "Tools Ecosystem", + description: "Explore the built-in MCP tools for Kubernetes, Helm, Istio, Prometheus, Grafana, Cilium, and Argo Rollouts.", + author: "kagent.dev" +}; + +# Tools Ecosystem + +kagent provides a rich set of built-in tools through MCP (Model Context Protocol) servers, plus the ability to add custom tools. All tools are integrated via the kagent-tools package. + +## Built-in Tool Categories + +### Kubernetes + +Comprehensive cluster management tools: + +| Tool | Description | +|------|-------------| +| `kubectl_get` | Query resources (pods, deployments, services, etc.) | +| `kubectl_describe` | Detailed resource information | +| `kubectl_scale` | Scale deployments and statefulsets | +| `kubectl_patch` | Patch resources with strategic merge | +| `kubectl_label` | Add/remove labels | +| `kubectl_annotate` | Add/remove annotations | +| `kubectl_delete` | Delete resources | +| `kubectl_apply` | Apply YAML manifests | +| `kubectl_exec` | Execute commands in pods | +| `kubectl_logs` | Retrieve pod logs | +| `kubectl_events` | Get cluster events | +| `kubectl_connectivity_test` | Test service connectivity | + +### Helm + +| Tool | Description | +|------|-------------| +| `helm_list` | List installed releases | +| `helm_install` | Install a chart | +| `helm_upgrade` | Upgrade a release | +| `helm_uninstall` | Remove a release | +| `helm_repo_add` | Add chart repository | +| `helm_repo_update` | Update chart repositories | + +### Istio + +| Tool | Description | +|------|-------------| +| `istio_proxy_status` | Check proxy synchronization status | +| `istio_proxy_config` | Inspect proxy configuration | +| `istio_install` | Install Istio | +| `istio_manifest_generate` | Generate installation manifests | +| `istio_analyze` | Analyze Istio configuration for issues | +| `istio_version` | Get Istio version info | +| `istio_remote_clusters` | Manage remote cluster configuration | +| `istio_waypoint` | Manage waypoint proxies | + +### Argo Rollouts + +| Tool | Description | +|------|-------------| +| `argo_rollouts_verify` | Verify controller is running | +| `argo_rollouts_check_plugins` | Check installed plugins | +| `argo_rollouts_promote` | Promote a rollout | +| `argo_rollouts_pause` | Pause a rollout | +| `argo_rollouts_set_image` | Update rollout image | + +### Cilium + +| Tool | Description | +|------|-------------| +| `cilium_status` | Check Cilium status | +| `cilium_install` | Install Cilium | +| `cilium_upgrade` | Upgrade Cilium | +| `cilium_clustermesh` | Manage cluster mesh | +| `cilium_bgp_peers` | View BGP peers | +| `cilium_bgp_routes` | View BGP routes | + +### Prometheus + +| Tool | Description | +|------|-------------| +| `prometheus_query` | Execute instant PromQL queries | +| `prometheus_query_range` | Execute range PromQL queries | +| `prometheus_labels` | Discover available labels | +| `prometheus_targets` | List scrape targets and status | + +### Grafana + +| Tool | Description | +|------|-------------| +| `grafana_orgs` | Manage organizations | +| `grafana_dashboards` | List/manage dashboards | +| `grafana_alerts` | View/manage alerts | +| `grafana_datasources` | Manage data sources | + +### Utilities + +| Tool | Description | +|------|-------------| +| `datetime_format` | Format timestamps | +| `datetime_parse` | Parse date strings | +| `shell_execute` | Run shell commands | +| `docs_query` | Query product documentation | + +## Agent Built-in Tools + +These tools are automatically available to every agent (no configuration needed): + +| Tool | Description | +|------|-------------| +| `ask_user` | Pose questions to users with optional choices | +| `SkillsTool` | Discover and load skills | +| `BashTool` | Execute shell commands (Go ADK) | +| `ReadFile` | Read files with pagination (Go ADK) | +| `WriteFile` | Write file content (Go ADK) | +| `EditFile` | Edit files via string replacement (Go ADK) | + +## Configuring Tools on an Agent + +### Single MCP Server + +```yaml +apiVersion: kagent.dev/v1alpha2 +kind: Agent +metadata: + name: k8s-agent +spec: + type: Declarative + declarative: + modelConfig: default-model-config + systemMessage: "You manage Kubernetes clusters." + tools: + - type: McpServer + mcpServer: + name: kagent-tool-server + kind: RemoteMCPServer + toolNames: + - kubectl_get + - kubectl_describe + - kubectl_logs + - kubectl_events +``` + +### With Tool Approval + +```yaml +tools: + - type: McpServer + mcpServer: + name: kagent-tool-server + kind: RemoteMCPServer + toolNames: + - kubectl_get + - kubectl_describe + - kubectl_delete + - kubectl_apply + requireApproval: + - kubectl_delete + - kubectl_apply +``` + +### Agent as Tool (A2A) + +Use another agent as a tool via the A2A protocol: + +```yaml +tools: + - type: Agent + agent: + name: specialist-agent + namespace: default +``` + +## Community / Contrib MCP Servers + +Additional MCP servers available in `contrib/tools/`: + +| Server | Description | +|--------|-------------| +| **GitHub MCP Server** | GitHub Copilot MCP server with tools for issues, PRs, repos, actions, and more | +| **k8sgpt MCP Server** | K8sGPT integration for AI-powered Kubernetes diagnostics | +| **Grafana MCP** | Extended Grafana integration | + +## Read-Only Mode + +kagent-tools supports a read-only mode for safer operation: + +```yaml +# In Helm values +kagentTools: + readOnly: true # Disables all write/mutating operations +``` + +## Observability + +kagent-tools exposes Prometheus metrics for monitoring: +- Tool invocation counts +- Tool execution duration +- Error rates by tool diff --git a/src/app/docs/kagent/enterprise/agent-frameworks/page.mdx b/src/app/docs/kagent/enterprise/agent-frameworks/page.mdx new file mode 100644 index 0000000..98a859a --- /dev/null +++ b/src/app/docs/kagent/enterprise/agent-frameworks/page.mdx @@ -0,0 +1,92 @@ +--- +title: "Agent Frameworks (BYO)" +pageOrder: 6 +description: "Bring your own agents with Google ADK, CrewAI, or LangGraph frameworks." +--- + +export const metadata = { + title: "Agent Frameworks (BYO)", + description: "Bring your own agents with Google ADK, CrewAI, or LangGraph frameworks.", + author: "kagent.dev" +}; + +# Agent Frameworks (BYO) + +Solo Enterprise for kagent supports multiple agent frameworks for bringing your own (BYO) agents. Unlike declarative agents defined entirely through kagent CRDs, BYO agents give you full control over agent logic. + +## Supported Frameworks + +| Framework | Description | +|-----------|-------------| +| **Google ADK** | Full control over agent behavior; well-suited for complex workflows | +| **CrewAI** | Multi-agent orchestration framework for collaborative AI agents | +| **LangGraph** | Graph-based agent framework from LangChain for stateful, multi-step workflows | + +## BYO Agent with ADK + +### Agent Resource + +```yaml +apiVersion: kagent.dev/v1alpha2 +kind: Agent +metadata: + name: basic-agent + namespace: kagent +spec: + description: This agent can roll a die and determine if a number is prime. + type: BYO + byo: + deployment: + image: gcr.io/solo-public/docs/test-byo-agent:latest + cmd: "kagent-adk" + args: ["run", "basic", "--host", "0.0.0.0", "--port", "8080"] + env: + - name: GOOGLE_API_KEY + valueFrom: + secretKeyRef: + name: kagent-google + key: GOOGLE_API_KEY + - name: ADK_ALLOW_WIP_FEATURES + value: "true" +``` + +### A2A Protocol Endpoint + +BYO agents are exposed via the A2A protocol on port 8083: + +```bash +# Port-forward the A2A endpoint +kubectl port-forward svc/kagent-controller 8083:8083 -n kagent --context $MGMT_CONTEXT + +# Query the agent card +curl localhost:8083/api/a2a/kagent/basic-agent/.well-known/agent.json +``` + +### Invoking BYO Agents + +**Via Enterprise UI:** +Navigate to Agents, find your agent tile, and start chatting. + +**Via kagent CLI:** + +```bash +kagent invoke --agent basic-agent --task "Roll a die with 6 sides" +``` + +**Via A2A Host CLI:** + +```bash +git clone https://github.com/a2aproject/a2a-samples.git +cd a2a-samples/samples/python/hosts/cli +uv run . --agent http://127.0.0.1:8083/api/a2a/kagent/basic-agent +``` + +## Declarative vs BYO Agents + +| Aspect | Declarative | BYO | +|--------|------------|-----| +| Definition | kagent CRDs (system message, model, tools) | Custom container image | +| Control | kagent manages behavior | You manage agent logic | +| Framework | kagent ADK | ADK, CrewAI, LangGraph, or custom | +| Protocol | Internal | A2A protocol | +| Use case | Standard agents with tools | Complex workflows, custom integrations | diff --git a/src/app/docs/kagent/enterprise/enterprise-ui/page.mdx b/src/app/docs/kagent/enterprise/enterprise-ui/page.mdx new file mode 100644 index 0000000..fd6f0de --- /dev/null +++ b/src/app/docs/kagent/enterprise/enterprise-ui/page.mdx @@ -0,0 +1,100 @@ +--- +title: "Enterprise UI" +pageOrder: 5 +description: "Interactive management dashboard for agents, tools, models, tracing, and cluster federation." +--- + +export const metadata = { + title: "Enterprise UI", + description: "Interactive management dashboard for agents, tools, models, tracing, and cluster federation.", + author: "kagent.dev" +}; + +# Enterprise UI + +Solo Enterprise for kagent includes an interactive management UI for managing agents, tools, models, and clusters across your federated environment. + +## Accessing the UI + +**Via LoadBalancer:** + +```bash +export UI_ADDRESS=$(kubectl get svc -n kagent solo-enterprise-ui \ + --context $MGMT_CONTEXT \ + -o jsonpath="{.status.loadBalancer.ingress[0]['hostname','ip']}") +open ${UI_ADDRESS} +``` + +**Via Port Forward:** + +```bash +kubectl port-forward service/solo-enterprise-ui -n kagent \ + --context $MGMT_CONTEXT 4000:80 & +# Open http://localhost:4000 +``` + +You can also expose the UI on a custom domain with HTTPS (e.g., `https://kagent.myapp.com`). + +## Authentication + +The UI requires OIDC authentication: + +- **Default auth IdP** — Automatically logged in as Admin user +- **Production** — Configure an external IdP (Keycloak, Okta, Entra ID, or Generic OIDC) +- Users must belong to a group mapped to at least a **Reader** role + +## Setup Wizard + +On first login, the UI presents a setup wizard: + +1. **Connected Clusters** — Review and register new workload clusters +2. **Models** — Review configured LLM models; add new models +3. **MCP Tools** — Review discovered MCP tools; add new tool servers +4. **OIDC Configuration** — Review IdP details +5. Click **Finish Enterprise Setup** to complete + +## Dashboard + +The Dashboard provides an overview of: + +- Total cluster, agent, model, and tool counts +- **Deployed Agent tiles** — Click any tile to start chatting with that agent + +## Agents Page + +- View all agents deployed across all clusters +- Click an agent tile to open the chat interface +- View Human-in-the-Loop approval requests during agent execution + +## Tracing Page + +End-to-end trace visualization: + +- **Time Range filter** — Filter spans by time window +- **Sortable trace list** — Sort by execution start time +- **Trace detail view** with three sub-views: + - **Execution Flow** — Interactive graph with play/stop replay + - **Trace Tree** — Timeline of agents, tools, and decision points + - **Agent Trace Details** — User input, agent output, metadata + +## Inventory + +### Models +View and add LLM models available in each cluster. Supported providers: OpenAI, Anthropic, Azure OpenAI, Google Gemini, Google Vertex AI, Amazon Bedrock, Ollama, BYO OpenAI-compatible. + +### Tools +View all MCP tools available to agents with descriptions. + +### Tool Servers +View and add tool servers providing MCP tools. + +### Clusters +View connected clusters with region and status filters. Register new clusters via the UI. + +## User Management + +| Role | Description | +|------|-------------| +| **Admin** | Full access to all features and user management | +| **Writer** | Create, modify, and delete agents, tools, models | +| **Reader** | View-only access to agents, tools, traces, dashboards | diff --git a/src/app/docs/kagent/enterprise/installation/page.mdx b/src/app/docs/kagent/enterprise/installation/page.mdx new file mode 100644 index 0000000..fe62391 --- /dev/null +++ b/src/app/docs/kagent/enterprise/installation/page.mdx @@ -0,0 +1,113 @@ +--- +title: "Installation & Operations" +pageOrder: 1 +description: "Install, upgrade, and manage Solo Enterprise for kagent across management and workload clusters." +--- + +export const metadata = { + title: "Installation & Operations", + description: "Install, upgrade, and manage Solo Enterprise for kagent across management and workload clusters.", + author: "kagent.dev" +}; + +# Installation & Operations + +Solo Enterprise for kagent provides a comprehensive installation process covering the management plane, workload clusters, Istio ambient mesh, and agentgateway. + +## Prerequisites + +- A Solo Enterprise for kagent license key (contact your Solo account representative) +- Kubernetes clusters for management and workload roles +- `helm` and `kubectl` CLI installed +- `kagent` CLI installed (optional, for agent invocation) + +## Installation Components + +The full installation includes these components in order: + +| Step | Component | Description | +|------|-----------|-------------| +| 1 | **Istio ambient mesh** | Service mesh for mTLS, policy enforcement, and multicluster connectivity | +| 2 | **Solo Enterprise for agentgateway** | Waypoint proxy for agent traffic policy enforcement | +| 3 | **Solo Enterprise for kagent** | Management plane (UI, OTel, ClickHouse) and workload plane (controller, agents, tools) | + +### Helm Charts + +| Chart | Registry | Purpose | +|-------|----------|---------| +| `kagent-enterprise` | `oci://us-docker.pkg.dev/solo-public/kagent-enterprise-helm/charts/kagent-enterprise` | Core kagent enterprise | +| `management` | Solo Enterprise Helm registry | Management plane components | +| `relay` | Solo Enterprise Helm registry | Workload cluster relay | +| Gloo Operator | Solo Enterprise Helm registry | Lifecycle operator | + +## Quick Start + +### Environment Setup + +```bash +export MGMT_CONTEXT= +export REMOTE_CONTEXT= +``` + +### Install kagent-enterprise + +```bash +helm upgrade -i kagent \ + oci://us-docker.pkg.dev/solo-public/kagent-enterprise-helm/charts/kagent-enterprise \ + --kube-context ${REMOTE_CONTEXT} \ + -n kagent --version 0.3.4 \ + -f workload-values.yaml +``` + +## Upgrade + +To upgrade Solo Enterprise for kagent: + +1. Review the changelog for the target version +2. Update Helm chart versions in your values files +3. Upgrade each component in order: + - Istio ambient mesh + - Solo Enterprise for agentgateway + - Solo Enterprise for kagent (management cluster first, then workload clusters) + +## Debugging + +### Check Pod Status + +```bash +kubectl get pods -n kagent --context $MGMT_CONTEXT +kubectl get pods -n kagent --context $REMOTE_CONTEXT +``` + +### Check Tunnel Connectivity + +```bash +# Management cluster - tunnel server +kubectl -n kagent port-forward deployment/solo-enterprise-ui 8080 --context $MGMT_CONTEXT +# Check http://localhost:8080/metrics for kagent_tunnel_server_tunnel_up + +# Workload cluster - tunnel client +kubectl -n kagent port-forward deployment/kagent-enterprise-agent 8080 --context $REMOTE_CONTEXT +# Check http://localhost:8080/metrics for kagent_tunnel_client_tunnel_up +``` + +### Check OTel Pipeline + +```bash +kubectl get cm kagent-enterprise-otel-config -n kagent -o yaml --context $MGMT_CONTEXT +``` + +## Uninstall + +Remove components in reverse order: + +1. Solo Enterprise for kagent (workload clusters, then management cluster) +2. Solo Enterprise for agentgateway +3. Istio ambient mesh + +## Key Namespaces + +| Namespace | Purpose | +|-----------|---------| +| `kagent` | Main namespace for kagent controller, agents, tools, OTel config | +| `agentgateway-system` | Agentgateway components | diff --git a/src/app/docs/kagent/enterprise/model-providers/page.mdx b/src/app/docs/kagent/enterprise/model-providers/page.mdx new file mode 100644 index 0000000..e498dce --- /dev/null +++ b/src/app/docs/kagent/enterprise/model-providers/page.mdx @@ -0,0 +1,68 @@ +--- +title: "Model Providers" +pageOrder: 7 +description: "Configure and manage LLM providers across clusters: OpenAI, Anthropic, Azure, Gemini, Vertex AI, Bedrock, Ollama." +--- + +export const metadata = { + title: "Model Providers", + description: "Configure and manage LLM providers across clusters: OpenAI, Anthropic, Azure, Gemini, Vertex AI, Bedrock, Ollama.", + author: "kagent.dev" +}; + +# Model Providers + +Solo Enterprise for kagent supports a wide range of LLM providers. Models are configured per-cluster and per-namespace, and can be managed through the Enterprise UI or via Kubernetes resources. + +## Supported Providers + +| Provider | Auth Method | Description | +|----------|-------------|-------------| +| **OpenAI** | API key via Secret | GPT-4, GPT-4.1, GPT-4.1-mini | +| **Anthropic (Claude)** | API key via Secret | Claude 3.5, Claude 4 family | +| **Azure OpenAI** | Endpoint + API key | Azure-hosted OpenAI models | +| **Google Gemini** | API key via Secret | Gemini models via Google AI API | +| **Google Vertex AI** | Service account credentials | Gemini and other models via Vertex AI | +| **Amazon Bedrock** | AWS credentials | Claude, Titan, and other Bedrock models | +| **Ollama** | Base URL (local/remote) | Self-hosted open-source models | +| **BYO OpenAI-compatible** | Custom configuration | Any model with an OpenAI-compatible API | + +## Managing Models + +### Via Enterprise UI + +1. Navigate to **Inventory > Models** +2. Click **+ Add New Model** +3. Select the cluster and namespace +4. Choose the provider and model +5. Enter your API key or authentication parameters +6. Click **Create Model** + +### Via Kubernetes Resources + +```yaml +apiVersion: kagent.dev/v1alpha2 +kind: ModelConfig +metadata: + name: my-openai-model + namespace: kagent +spec: + provider: OpenAI + model: gpt-4.1-mini + apiKeySecretRef: + name: openai-key + key: api-key +``` + +```bash +kubectl create secret generic openai-key -n kagent \ + --from-literal=api-key=$OPENAI_API_KEY +``` + +## Multicluster Model Management + +Models are configured per-cluster. The Enterprise UI displays all models across all connected clusters, allowing you to: + +- View which models are available in which clusters +- Add new models to specific clusters +- Manage API keys and authentication centrally diff --git a/src/app/docs/kagent/enterprise/multicluster/page.mdx b/src/app/docs/kagent/enterprise/multicluster/page.mdx new file mode 100644 index 0000000..4d3cc82 --- /dev/null +++ b/src/app/docs/kagent/enterprise/multicluster/page.mdx @@ -0,0 +1,91 @@ +--- +title: "Multicluster Federation" +pageOrder: 3 +description: "Federated agent management across multiple Kubernetes clusters with a management-agent relay architecture." +--- + +export const metadata = { + title: "Multicluster Federation", + description: "Federated agent management across multiple Kubernetes clusters with a management-agent relay architecture.", + author: "kagent.dev" +}; + +# Multicluster Federation + +Solo Enterprise for kagent supports federated agent management across multiple Kubernetes clusters through a management-agent relay architecture. + +## Architecture + +The multicluster setup uses a hub-and-spoke model: + +``` + Management Cluster + solo-enterprise-ui + OTel GW + ClickHouse + kagent controller + Tunnel Server (receives connections) + | + Tunnel (relay) + | | + Workload Workload + Cluster 1 Cluster 2 + kagent- kagent- + enterprise enterprise + -agent (relay) -agent (relay) + Agents Agents +``` + +## Components + +### Management Cluster + +| Component | Description | +|-----------|-------------| +| `solo-enterprise-ui` | Enterprise management UI, OTel gateway, and ClickHouse telemetry storage | +| Tunnel Server | Accepts relay connections from workload clusters | +| kagent controller | Manages agent lifecycle, generates OBO tokens, serves JWKS endpoint | + +### Workload Clusters + +| Component | Description | +|-----------|-------------| +| `kagent-enterprise-agent` | Relay client that connects back to the management cluster tunnel server | +| OTel Collector | Collects telemetry data and sends to OTel gateway in management cluster | +| Agents | Agent pods running in the workload cluster | +| Agentgateway | Waypoint proxy for policy enforcement | + +## Tunnel Architecture + +The management-agent tunnel provides: + +- **Secure connectivity** between management and workload clusters +- **Telemetry relay** for forwarding OTel data to the management cluster +- **Agent federation** for managing agents across clusters from a single UI + +### Tunnel Metrics + +| Metric | Description | +|--------|-------------| +| `kagent_tunnel_server_tunnel_up` | Whether the tunnel server is running (gauge) | +| `kagent_tunnel_client_tunnel_up` | Whether the tunnel client is connected (gauge) | + +## Registering Clusters + +Register new workload clusters through the Enterprise UI: + +1. Navigate to **Inventory > Clusters** +2. Click **+ Register New Cluster** +3. Get the tunnel server endpoint: + ```bash + kubectl get svc -n kagent solo-enterprise-ui \ + --context ${MGMT_CONTEXT} \ + -o jsonpath="{.status.loadBalancer.ingress[0]['hostname','ip']}" + ``` +4. Paste the endpoint and run the generated CLI commands + +## Multicluster Agent Communication + +With Istio ambient mesh deployed across clusters, agents communicate securely: + +- **mTLS** — Automatic mutual TLS between agents across clusters +- **Policy enforcement** — AccessPolicies apply across cluster boundaries +- **Traceable** — Cross-cluster agent interactions are captured in distributed traces diff --git a/src/app/docs/kagent/enterprise/observability/page.mdx b/src/app/docs/kagent/enterprise/observability/page.mdx new file mode 100644 index 0000000..7c9f6d7 --- /dev/null +++ b/src/app/docs/kagent/enterprise/observability/page.mdx @@ -0,0 +1,131 @@ +--- +title: "Observability" +pageOrder: 4 +description: "Built-in OpenTelemetry pipeline with distributed tracing, metrics, and interactive UI visualization." +--- + +export const metadata = { + title: "Observability", + description: "Built-in OpenTelemetry pipeline with distributed tracing, metrics, and interactive UI visualization.", + author: "kagent.dev" +}; + +# Observability + +Solo Enterprise for kagent provides a built-in OpenTelemetry (OTel) pipeline with distributed tracing, metrics, and an interactive UI for visualizing agent execution flows across federated clusters. + +## Architecture + +``` +Management Cluster + solo-enterprise-ui pod + UI container + opentelemetry-gateway container + ClickHouse (telemetry storage) + | + receives telemetry + | +Workload Cluster + kagent-enterprise-agent pod + opentelemetry-collector container +``` + +| Component | Location | Role | +|-----------|----------|------| +| OTel Gateway | Management cluster | Receives telemetry from all workload cluster collectors | +| OTel Collector | Each workload cluster | Scrapes and forwards telemetry data to the gateway | +| ClickHouse | Management cluster | Stores all telemetry data (traces, metrics) | + +## Distributed Tracing + +### What Traces Capture + +Traces provide complete execution paths for all agent interactions: + +- All LLM interactions (prompts sent and responses received) +- Tool invocations and their results +- Decision points the agent makes +- Cross-agent calls (A2A protocol flows) +- Cross-cluster execution paths + +### Enabling Tracing + +**Management cluster:** + +```yaml +otel: + tracing: + enabled: true + exporter: + otlp: + endpoint: solo-enterprise-ui.kagent.svc.cluster.local:4317 + insecure: true +``` + +**Workload cluster:** + +```yaml +otel: + tracing: + enabled: true + exporter: + otlp: + endpoint: kagent-enterprise-relay.kagent.svc.cluster.local:4317 + insecure: true +``` + +### Reviewing Traces in the UI + +1. Navigate to **Tracing** in the sidebar menu +2. Adjust the **Time Range** to filter spans +3. Click a trace ID to view the complete execution path + +Each trace provides three views: + +| View | Description | +|------|-------------| +| **Execution Flow** | Interactive graph visualization with play/stop replay controls | +| **Trace Tree** | Detailed timeline of agents, tools, and decision points | +| **Agent Trace Details** | User input, agent output, metadata (roles, tools, token usage) | + +## Metrics + +### Control Plane Metrics + +The management plane exposes metrics on port 8080: + +```bash +kubectl -n kagent port-forward deployment/solo-enterprise-ui 8080 \ + --context kind-mgmt-cluster +# Open http://localhost:8080/metrics +``` + +| Metric | Type | Description | +|--------|------|-------------| +| `kagent_tunnel_server_tunnel_up` | Gauge | Whether the tunnel server is running | + +### Data Plane Metrics + +Each workload cluster agent exposes metrics on port 8080: + +```bash +kubectl -n kagent port-forward deployment/kagent-enterprise-agent 8080 \ + --context kind-cluster-1 +# Open http://localhost:8080/metrics +``` + +| Metric | Type | Description | +|--------|------|-------------| +| `kagent_tunnel_client_tunnel_up` | Gauge | Whether the tunnel client is connected | + +## OTel Configuration + +View the default OTel configuration: + +```bash +# Management cluster +kubectl get cm kagent-enterprise-otel-config -n kagent -o yaml --context kind-mgmt-cluster + +# Workload cluster +kubectl get cm kagent-enterprise-otel-config -n kagent -o yaml --context kind-cluster-1 +``` diff --git a/src/app/docs/kagent/enterprise/page.mdx b/src/app/docs/kagent/enterprise/page.mdx new file mode 100644 index 0000000..6b058e0 --- /dev/null +++ b/src/app/docs/kagent/enterprise/page.mdx @@ -0,0 +1,58 @@ +--- +title: "Solo Enterprise for kagent" +pageOrder: 10 +description: "Production-ready enterprise distribution with multicluster federation, advanced security, and built-in observability." +--- + +export const metadata = { + title: "Solo Enterprise for kagent", + description: "Production-ready enterprise distribution with multicluster federation, advanced security, and built-in observability.", + author: "kagent.dev" +}; + +# Solo Enterprise for kagent + +Solo Enterprise for kagent is a hardened, production-ready distribution of the open-source kagent project, offered by Solo.io. It adds an enterprise management plane, advanced security, multicluster federation, and built-in observability. + +## Enterprise vs Open Source + +| Feature | Enterprise | Open Source | +|---------|-----------|-------------| +| Built-in agents and tools | Yes | Yes | +| Agent lifecycle management | Yes | Yes | +| BYO agent support (ADK, CrewAI, LangGraph) | Yes | Yes | +| BYO MCP tool servers | Yes | Yes | +| Multicluster and federated agent support | Yes | No | +| Built-in OTel pipeline for observability and tracing | Yes | No | +| Interactive UI with trace visualization | Yes | No | +| Security and access control (OIDC, RBAC) | Yes | No | +| Authorization policies (AccessPolicy) | Yes | No | +| On-behalf-of (OBO) token identity propagation | Yes | No | +| Agentgateway integration | Yes | No | +| Istio ambient mesh integration | Yes | No | +| FIPS and compliance builds | Yes | No | +| 24x7 production support | Yes | No | + +## Architecture + +``` +Management Cluster + solo-enterprise-ui (mgmt plane) + OTel Gateway (telemetry) + ClickHouse (storage) + kagent controller + Tunnel Server + | + Tunnel (relay) + | +Workload Cluster(s) + kagent-enterprise-agent (relay) + OTel Collector (telemetry) + agentgateway (waypoint proxy) + Agents (pods) + MCP Tool Servers +``` + +## Licensing + +Solo Enterprise for kagent requires a commercial license from Solo.io. Contact your Solo account representative to obtain a license key. diff --git a/src/app/docs/kagent/enterprise/security/page.mdx b/src/app/docs/kagent/enterprise/security/page.mdx new file mode 100644 index 0000000..c09e351 --- /dev/null +++ b/src/app/docs/kagent/enterprise/security/page.mdx @@ -0,0 +1,93 @@ +--- +title: "Security & Access Control" +pageOrder: 2 +description: "OIDC authentication, OBO token identity propagation, AccessPolicy authorization, and agentgateway enforcement." +--- + +export const metadata = { + title: "Security & Access Control", + description: "OIDC authentication, OBO token identity propagation, AccessPolicy authorization, and agentgateway enforcement.", + author: "kagent.dev" +}; + +# Security & Access Control + +Solo Enterprise for kagent provides a complete security stack: OIDC-based authentication, on-behalf-of (OBO) token identity propagation, fine-grained authorization via AccessPolicies, and network-level enforcement through agentgateway and Istio ambient mesh. + +## Security Architecture + +The security flow consists of three phases: + +``` +User --> IdP (OIDC) --> kagent controller --> agentgateway --> Agent/MCP Tool + | | | + 1. Authenticate 2. Generate OBO 3. Enforce + with IdP token AccessPolicy +``` + +### Phase 1: User Authentication (OIDC) + +Users authenticate through an OpenID Connect (OIDC) identity provider. The kagent controller validates the user's token using the IdP's public key. + +### Phase 2: Identity Propagation (OBO Tokens) + +After validating the user's OIDC token, the kagent controller generates an on-behalf-of (OBO) token. This token represents the agent's identity acting on behalf of the user, and is used for all downstream requests. + +Key details: +- The OBO token is signed by a private RSA signing key (2048-bit) provided via a `jwt` Kubernetes Secret +- Agentgateway validates via the JWKS endpoint (`/jwks.json`) on the kagent controller +- Standard JWT claims are validated: issuer, audience, expiration, not-before +- The `X-User-ID` header is set automatically on forwarded requests + +### Phase 3: Authorization (AccessPolicy) + +After OBO token validation, agentgateway evaluates `AccessPolicy` resources to determine whether the request should be allowed based on: +- **Subjects** — users and agents making requests +- **Targets** — agents and MCP servers being accessed + +## Supported Identity Providers + +| Provider | Description | +|----------|-------------| +| **Auto** | Default sample IdP for getting started | +| **Generic OIDC** | Any OpenID Connect-compliant provider | +| **Keycloak** | Open-source identity and access management | +| **Microsoft Entra ID** | Azure Active Directory | +| **Okta** | Enterprise identity management | + +## RBAC Roles + +| Role | Permissions | +|------|-------------| +| **Admin** | Full access to all features, user management, and configuration | +| **Writer** | Create, modify, and delete agents, tools, and models | +| **Reader** | View-only access to agents, tools, traces, and dashboards | + +Roles are mapped from IdP groups via the `rbac-config` ConfigMap using CEL expressions. + +## Network Enforcement with Agentgateway + +Because Solo Enterprise for agentgateway proxies traffic to agentic resources, you can set up: + +- **Timeouts** — Request timeouts for agent and tool calls +- **Retries** — Retry policies for resilience +- **mTLS** — Automatic mutual TLS via Istio ambient mesh +- **Policy enforcement** — Agentgateway acts as a waypoint proxy in the ambient mesh + +## Complete Security Flow + +``` +1. User --> IdP --> Login with credentials +2. IdP --> User --> Return user's OIDC token (signed by IdP key) +3. User --> kagent controller --> API request with OIDC token +4. kagent controller --> Validate OIDC token (using IdP public key) +5. kagent controller --> Generate OBO token (signed by kagent RSA key) +6. kagent controller --> agentgateway --> Forward request with OBO token +7. agentgateway --> kagent controller --> Fetch JWKS from /jwks.json +8. kagent controller --> agentgateway --> Return kagent's public key +9. agentgateway --> Verify JWT signature & validate claims +10. agentgateway --> Check AccessPolicy +11. agentgateway --> Agent/MCP Tool --> Forward request (if authorized) +12. Agent/MCP Tool --> agentgateway --> Response +13. agentgateway --> User --> Return response +``` diff --git a/src/app/docs/kagent/enterprise/tools-mcp-servers/page.mdx b/src/app/docs/kagent/enterprise/tools-mcp-servers/page.mdx new file mode 100644 index 0000000..4d4671c --- /dev/null +++ b/src/app/docs/kagent/enterprise/tools-mcp-servers/page.mdx @@ -0,0 +1,82 @@ +--- +title: "Tools & MCP Servers" +pageOrder: 8 +description: "Built-in tools, Kubernetes services as MCP, remote MCP servers, and agents as tools." +--- + +export const metadata = { + title: "Tools & MCP Servers", + description: "Built-in tools, Kubernetes services as MCP, remote MCP servers, and agents as tools.", + author: "kagent.dev" +}; + +# Tools & MCP Servers + +Solo Enterprise for kagent provides multiple ways to integrate MCP (Model Context Protocol) tools with your agents. + +## Tool Types + +| Type | Description | +|------|-------------| +| **Built-in tools** | Pre-packaged tools for Kubernetes, Helm, Istio, Prometheus, Grafana, Cilium, Argo Rollouts | +| **Kubernetes Services as MCP servers** | Discover HTTP tools from OpenAPI-compliant services | +| **Remote MCP servers** | Connect to external MCP-compatible tool servers | +| **Custom MCP servers** | Build your own MCP tool server from scratch | +| **Agents as tools** | Reference other agents as tools via A2A protocol | + +## Built-in Tools + +Comprehensive built-in tools for: + +- **Pod management and monitoring** — List, describe, get logs, exec into pods +- **Service discovery and configuration** — Query services, endpoints, configs +- **Helm operations** — Install, upgrade, uninstall releases +- **Istio operations** — Proxy status, config, analyze, install +- **Prometheus queries** — Instant and range PromQL queries +- **Grafana management** — Organizations, dashboards, alerts +- **Cilium operations** — Status, install, upgrade, cluster mesh +- **Argo Rollouts** — Verify, promote, pause, set image + +## Managing Tools via the UI + +1. Navigate to **Inventory > Tools** to view all discovered MCP tools +2. Navigate to **Inventory > Tool Servers** to view tool server configurations +3. Click **+ Add New Tool Server** to register a new server + +## Remote MCP Servers + +```yaml +apiVersion: kagent.dev/v1alpha2 +kind: RemoteMCPServer +metadata: + name: my-remote-server + namespace: kagent +spec: + protocol: SSE # or STREAMABLE_HTTP + url: http://my-mcp-server:8080/sse + headersFrom: + - secretRef: + name: server-auth-token + key: Authorization +``` + +## Agents as Tools + +Any agent can be used as a tool by other agents: + +```yaml +tools: + - type: Agent + agent: + name: specialist-agent + namespace: default +``` + +## Agentgateway Integration + +Agentgateway is built into the MCP tool servers, providing: + +- Secure communication +- AccessPolicy enforcement +- Timeout and retry policies +- Network-level observability diff --git a/src/app/docs/kagent/resources/agent-crd-reference/page.mdx b/src/app/docs/kagent/resources/agent-crd-reference/page.mdx new file mode 100644 index 0000000..33dbde2 --- /dev/null +++ b/src/app/docs/kagent/resources/agent-crd-reference/page.mdx @@ -0,0 +1,194 @@ +--- +title: "Agent CRD Reference" +pageOrder: 2 +description: "Complete reference for the kagent Agent Custom Resource Definition (v1alpha2)." +--- + +export const metadata = { + title: "Agent CRD Reference", + description: "Complete reference for the kagent Agent Custom Resource Definition (v1alpha2).", + author: "kagent.dev" +}; + +# Agent CRD Reference + +Complete reference for the kagent Agent Custom Resource Definition (v1alpha2). + +## Agent Resource + +```yaml +apiVersion: kagent.dev/v1alpha2 +kind: Agent +metadata: + name: + namespace: +spec: + type: Declarative | BYO + declarative: + byo: + skills: + allowedNamespaces: [] +``` + +## DeclarativeAgentSpec + +```yaml +declarative: + runtime: python | go + modelConfig: + systemMessage: + promptTemplate: + dataSources: + - configMapRef: + name: + tools: + - type: McpServer | Agent + mcpServer: + agent: + a2aServer: + enabled: + port: + memory: + enabled: + embeddingProvider: + type: + model: + secretRef: + name: + context: + eventsCompaction: + enabled: + deployment: +``` + +## McpServerTool + +```yaml +mcpServer: + name: + kind: RemoteMCPServer | MCPServer + toolNames: + - + requireApproval: + - + propagateHeaders: + enabled: +``` + +## AgentTool + +```yaml +agent: + name: + namespace: +``` + +## SkillForAgent + +```yaml +skills: + refs: + - image: + gitRefs: + - url: + ref: + path: + name: + gitAuthSecretRef: + name: + insecureSkipVerify: +``` + +## SharedDeploymentSpec + +```yaml +deployment: + replicas: + imageRegistry: + resources: + requests: + cpu: + memory: + limits: + cpu: + memory: + tolerations: [] + affinity: + nodeSelector: + securityContext: + serviceAccountName: + volumes: [] + volumeMounts: [] + imagePullPolicy: + imagePullSecrets: [] +``` + +## ModelConfig Resource + +```yaml +apiVersion: kagent.dev/v1alpha2 +kind: ModelConfig +metadata: + name: +spec: + provider: OpenAI | Anthropic | Gemini | GeminiVertexAI | AnthropicVertexAI | AzureOpenAI | Bedrock | Ollama + model: + apiKeySecret: + apiKeySecretKey: + baseURL: + azureEndpoint: + region: +``` + +## RemoteMCPServer Resource + +```yaml +apiVersion: kagent.dev/v1alpha2 +kind: RemoteMCPServer +metadata: + name: +spec: + protocol: SSE | STREAMABLE_HTTP + url: + headersFrom: + - secretRef: + name: + key: +status: + discoveredTools: [] +``` + +## MCPServer Resource (kmcp) + +```yaml +apiVersion: kagent.dev/v1alpha1 +kind: MCPServer +metadata: + name: +spec: + deployment: + image: + cmd: + args: [] + port: + secretRefs: + - name: + transportType: stdio +``` + +## ModelProviderConfig Resource + +```yaml +apiVersion: kagent.dev/v1alpha2 +kind: ModelProviderConfig +metadata: + name: +spec: + provider: OpenAI | Anthropic | Gemini | ... + apiKeySecretRef: + name: + key: +status: + discoveredModels: [] + ready: +``` diff --git a/src/config/navigation.json b/src/config/navigation.json index 98dcb2c..50ef686 100644 --- a/src/config/navigation.json +++ b/src/config/navigation.json @@ -83,6 +83,41 @@ "title": "Tools", "href": "/docs/kagent/concepts/tools", "description": "Understand the different types of tools kagent can use, including built-in, MCP, and HTTP tools, and how tool discovery works." + }, + { + "title": "Tools Ecosystem", + "href": "/docs/kagent/concepts/tools-ecosystem", + "description": "Comprehensive catalog of built-in tools for Kubernetes, Helm, Istio, Prometheus, Grafana, Cilium, and Argo Rollouts." + }, + { + "title": "Human-in-the-Loop", + "href": "/docs/kagent/concepts/human-in-the-loop", + "description": "Configure tool approval gates and interactive user prompts for agent oversight." + }, + { + "title": "Agent Memory", + "href": "/docs/kagent/concepts/agent-memory", + "description": "Enable vector-backed long-term memory for agents using pgvector or Turso." + }, + { + "title": "Prompt Templates", + "href": "/docs/kagent/concepts/prompt-templates", + "description": "Compose reusable prompt fragments from ConfigMaps using Go template syntax." + }, + { + "title": "Multi-Runtime Support", + "href": "/docs/kagent/concepts/multi-runtime", + "description": "Choose between Go and Python ADK runtimes for your agents." + }, + { + "title": "Git-Based Skills", + "href": "/docs/kagent/concepts/git-based-skills", + "description": "Load markdown knowledge documents from Git repositories to guide agent behavior." + }, + { + "title": "Context Management", + "href": "/docs/kagent/concepts/context-management", + "description": "Automatically summarize older messages to stay within LLM context windows." } ] }, @@ -254,6 +289,11 @@ "href": "/docs/kagent/resources/helm", "description": "kagent Helm chart configuration reference" }, + { + "title": "Agent CRD Reference", + "href": "/docs/kagent/resources/agent-crd-reference", + "description": "Complete reference for the Agent, ModelConfig, RemoteMCPServer, MCPServer, and ModelProviderConfig CRDs." + }, { "title": "FAQs", "href": "/docs/kagent/resources/faq", @@ -266,6 +306,53 @@ } ] } + { + "title": "Solo Enterprise", + "href": "/docs/kagent/enterprise", + "description": "Production-ready enterprise distribution with multicluster federation, advanced security, and built-in observability.", + "items": [ + { + "title": "Installation & Operations", + "href": "/docs/kagent/enterprise/installation", + "description": "Install, upgrade, and manage Solo Enterprise for kagent." + }, + { + "title": "Security & Access Control", + "href": "/docs/kagent/enterprise/security", + "description": "OIDC authentication, OBO tokens, AccessPolicy, and agentgateway enforcement." + }, + { + "title": "Multicluster Federation", + "href": "/docs/kagent/enterprise/multicluster", + "description": "Management-agent relay architecture for federated agent management." + }, + { + "title": "Observability", + "href": "/docs/kagent/enterprise/observability", + "description": "Built-in OTel pipeline, distributed tracing, metrics, and ClickHouse storage." + }, + { + "title": "Enterprise UI", + "href": "/docs/kagent/enterprise/enterprise-ui", + "description": "Interactive dashboard for agents, tools, models, tracing, and cluster management." + }, + { + "title": "Agent Frameworks (BYO)", + "href": "/docs/kagent/enterprise/agent-frameworks", + "description": "Bring your own agents with Google ADK, CrewAI, or LangGraph." + }, + { + "title": "Model Providers", + "href": "/docs/kagent/enterprise/model-providers", + "description": "Configure LLM providers across clusters." + }, + { + "title": "Tools & MCP Servers", + "href": "/docs/kagent/enterprise/tools-mcp-servers", + "description": "Built-in tools, remote MCP servers, and agents as tools." + } + ] + } ] }, { From 12a2e8783eb874f65fb26db03284182e0111c3b7 Mon Sep 17 00:00:00 2001 From: Sebastian Maniak Date: Mon, 9 Mar 2026 16:28:03 -0400 Subject: [PATCH 2/2] docs: remove CRD reference and enterprise pages, keep only core concepts Co-Authored-By: Claude Opus 4.6 --- .../enterprise/agent-frameworks/page.mdx | 92 --------- .../kagent/enterprise/enterprise-ui/page.mdx | 100 --------- .../kagent/enterprise/installation/page.mdx | 113 ---------- .../enterprise/model-providers/page.mdx | 68 ------ .../kagent/enterprise/multicluster/page.mdx | 91 -------- .../kagent/enterprise/observability/page.mdx | 131 ------------ src/app/docs/kagent/enterprise/page.mdx | 58 ------ .../docs/kagent/enterprise/security/page.mdx | 93 --------- .../enterprise/tools-mcp-servers/page.mdx | 82 -------- .../resources/agent-crd-reference/page.mdx | 194 ------------------ src/config/navigation.json | 54 +---- 11 files changed, 1 insertion(+), 1075 deletions(-) delete mode 100644 src/app/docs/kagent/enterprise/agent-frameworks/page.mdx delete mode 100644 src/app/docs/kagent/enterprise/enterprise-ui/page.mdx delete mode 100644 src/app/docs/kagent/enterprise/installation/page.mdx delete mode 100644 src/app/docs/kagent/enterprise/model-providers/page.mdx delete mode 100644 src/app/docs/kagent/enterprise/multicluster/page.mdx delete mode 100644 src/app/docs/kagent/enterprise/observability/page.mdx delete mode 100644 src/app/docs/kagent/enterprise/page.mdx delete mode 100644 src/app/docs/kagent/enterprise/security/page.mdx delete mode 100644 src/app/docs/kagent/enterprise/tools-mcp-servers/page.mdx delete mode 100644 src/app/docs/kagent/resources/agent-crd-reference/page.mdx diff --git a/src/app/docs/kagent/enterprise/agent-frameworks/page.mdx b/src/app/docs/kagent/enterprise/agent-frameworks/page.mdx deleted file mode 100644 index 98a859a..0000000 --- a/src/app/docs/kagent/enterprise/agent-frameworks/page.mdx +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: "Agent Frameworks (BYO)" -pageOrder: 6 -description: "Bring your own agents with Google ADK, CrewAI, or LangGraph frameworks." ---- - -export const metadata = { - title: "Agent Frameworks (BYO)", - description: "Bring your own agents with Google ADK, CrewAI, or LangGraph frameworks.", - author: "kagent.dev" -}; - -# Agent Frameworks (BYO) - -Solo Enterprise for kagent supports multiple agent frameworks for bringing your own (BYO) agents. Unlike declarative agents defined entirely through kagent CRDs, BYO agents give you full control over agent logic. - -## Supported Frameworks - -| Framework | Description | -|-----------|-------------| -| **Google ADK** | Full control over agent behavior; well-suited for complex workflows | -| **CrewAI** | Multi-agent orchestration framework for collaborative AI agents | -| **LangGraph** | Graph-based agent framework from LangChain for stateful, multi-step workflows | - -## BYO Agent with ADK - -### Agent Resource - -```yaml -apiVersion: kagent.dev/v1alpha2 -kind: Agent -metadata: - name: basic-agent - namespace: kagent -spec: - description: This agent can roll a die and determine if a number is prime. - type: BYO - byo: - deployment: - image: gcr.io/solo-public/docs/test-byo-agent:latest - cmd: "kagent-adk" - args: ["run", "basic", "--host", "0.0.0.0", "--port", "8080"] - env: - - name: GOOGLE_API_KEY - valueFrom: - secretKeyRef: - name: kagent-google - key: GOOGLE_API_KEY - - name: ADK_ALLOW_WIP_FEATURES - value: "true" -``` - -### A2A Protocol Endpoint - -BYO agents are exposed via the A2A protocol on port 8083: - -```bash -# Port-forward the A2A endpoint -kubectl port-forward svc/kagent-controller 8083:8083 -n kagent --context $MGMT_CONTEXT - -# Query the agent card -curl localhost:8083/api/a2a/kagent/basic-agent/.well-known/agent.json -``` - -### Invoking BYO Agents - -**Via Enterprise UI:** -Navigate to Agents, find your agent tile, and start chatting. - -**Via kagent CLI:** - -```bash -kagent invoke --agent basic-agent --task "Roll a die with 6 sides" -``` - -**Via A2A Host CLI:** - -```bash -git clone https://github.com/a2aproject/a2a-samples.git -cd a2a-samples/samples/python/hosts/cli -uv run . --agent http://127.0.0.1:8083/api/a2a/kagent/basic-agent -``` - -## Declarative vs BYO Agents - -| Aspect | Declarative | BYO | -|--------|------------|-----| -| Definition | kagent CRDs (system message, model, tools) | Custom container image | -| Control | kagent manages behavior | You manage agent logic | -| Framework | kagent ADK | ADK, CrewAI, LangGraph, or custom | -| Protocol | Internal | A2A protocol | -| Use case | Standard agents with tools | Complex workflows, custom integrations | diff --git a/src/app/docs/kagent/enterprise/enterprise-ui/page.mdx b/src/app/docs/kagent/enterprise/enterprise-ui/page.mdx deleted file mode 100644 index fd6f0de..0000000 --- a/src/app/docs/kagent/enterprise/enterprise-ui/page.mdx +++ /dev/null @@ -1,100 +0,0 @@ ---- -title: "Enterprise UI" -pageOrder: 5 -description: "Interactive management dashboard for agents, tools, models, tracing, and cluster federation." ---- - -export const metadata = { - title: "Enterprise UI", - description: "Interactive management dashboard for agents, tools, models, tracing, and cluster federation.", - author: "kagent.dev" -}; - -# Enterprise UI - -Solo Enterprise for kagent includes an interactive management UI for managing agents, tools, models, and clusters across your federated environment. - -## Accessing the UI - -**Via LoadBalancer:** - -```bash -export UI_ADDRESS=$(kubectl get svc -n kagent solo-enterprise-ui \ - --context $MGMT_CONTEXT \ - -o jsonpath="{.status.loadBalancer.ingress[0]['hostname','ip']}") -open ${UI_ADDRESS} -``` - -**Via Port Forward:** - -```bash -kubectl port-forward service/solo-enterprise-ui -n kagent \ - --context $MGMT_CONTEXT 4000:80 & -# Open http://localhost:4000 -``` - -You can also expose the UI on a custom domain with HTTPS (e.g., `https://kagent.myapp.com`). - -## Authentication - -The UI requires OIDC authentication: - -- **Default auth IdP** — Automatically logged in as Admin user -- **Production** — Configure an external IdP (Keycloak, Okta, Entra ID, or Generic OIDC) -- Users must belong to a group mapped to at least a **Reader** role - -## Setup Wizard - -On first login, the UI presents a setup wizard: - -1. **Connected Clusters** — Review and register new workload clusters -2. **Models** — Review configured LLM models; add new models -3. **MCP Tools** — Review discovered MCP tools; add new tool servers -4. **OIDC Configuration** — Review IdP details -5. Click **Finish Enterprise Setup** to complete - -## Dashboard - -The Dashboard provides an overview of: - -- Total cluster, agent, model, and tool counts -- **Deployed Agent tiles** — Click any tile to start chatting with that agent - -## Agents Page - -- View all agents deployed across all clusters -- Click an agent tile to open the chat interface -- View Human-in-the-Loop approval requests during agent execution - -## Tracing Page - -End-to-end trace visualization: - -- **Time Range filter** — Filter spans by time window -- **Sortable trace list** — Sort by execution start time -- **Trace detail view** with three sub-views: - - **Execution Flow** — Interactive graph with play/stop replay - - **Trace Tree** — Timeline of agents, tools, and decision points - - **Agent Trace Details** — User input, agent output, metadata - -## Inventory - -### Models -View and add LLM models available in each cluster. Supported providers: OpenAI, Anthropic, Azure OpenAI, Google Gemini, Google Vertex AI, Amazon Bedrock, Ollama, BYO OpenAI-compatible. - -### Tools -View all MCP tools available to agents with descriptions. - -### Tool Servers -View and add tool servers providing MCP tools. - -### Clusters -View connected clusters with region and status filters. Register new clusters via the UI. - -## User Management - -| Role | Description | -|------|-------------| -| **Admin** | Full access to all features and user management | -| **Writer** | Create, modify, and delete agents, tools, models | -| **Reader** | View-only access to agents, tools, traces, dashboards | diff --git a/src/app/docs/kagent/enterprise/installation/page.mdx b/src/app/docs/kagent/enterprise/installation/page.mdx deleted file mode 100644 index fe62391..0000000 --- a/src/app/docs/kagent/enterprise/installation/page.mdx +++ /dev/null @@ -1,113 +0,0 @@ ---- -title: "Installation & Operations" -pageOrder: 1 -description: "Install, upgrade, and manage Solo Enterprise for kagent across management and workload clusters." ---- - -export const metadata = { - title: "Installation & Operations", - description: "Install, upgrade, and manage Solo Enterprise for kagent across management and workload clusters.", - author: "kagent.dev" -}; - -# Installation & Operations - -Solo Enterprise for kagent provides a comprehensive installation process covering the management plane, workload clusters, Istio ambient mesh, and agentgateway. - -## Prerequisites - -- A Solo Enterprise for kagent license key (contact your Solo account representative) -- Kubernetes clusters for management and workload roles -- `helm` and `kubectl` CLI installed -- `kagent` CLI installed (optional, for agent invocation) - -## Installation Components - -The full installation includes these components in order: - -| Step | Component | Description | -|------|-----------|-------------| -| 1 | **Istio ambient mesh** | Service mesh for mTLS, policy enforcement, and multicluster connectivity | -| 2 | **Solo Enterprise for agentgateway** | Waypoint proxy for agent traffic policy enforcement | -| 3 | **Solo Enterprise for kagent** | Management plane (UI, OTel, ClickHouse) and workload plane (controller, agents, tools) | - -### Helm Charts - -| Chart | Registry | Purpose | -|-------|----------|---------| -| `kagent-enterprise` | `oci://us-docker.pkg.dev/solo-public/kagent-enterprise-helm/charts/kagent-enterprise` | Core kagent enterprise | -| `management` | Solo Enterprise Helm registry | Management plane components | -| `relay` | Solo Enterprise Helm registry | Workload cluster relay | -| Gloo Operator | Solo Enterprise Helm registry | Lifecycle operator | - -## Quick Start - -### Environment Setup - -```bash -export MGMT_CONTEXT= -export REMOTE_CONTEXT= -``` - -### Install kagent-enterprise - -```bash -helm upgrade -i kagent \ - oci://us-docker.pkg.dev/solo-public/kagent-enterprise-helm/charts/kagent-enterprise \ - --kube-context ${REMOTE_CONTEXT} \ - -n kagent --version 0.3.4 \ - -f workload-values.yaml -``` - -## Upgrade - -To upgrade Solo Enterprise for kagent: - -1. Review the changelog for the target version -2. Update Helm chart versions in your values files -3. Upgrade each component in order: - - Istio ambient mesh - - Solo Enterprise for agentgateway - - Solo Enterprise for kagent (management cluster first, then workload clusters) - -## Debugging - -### Check Pod Status - -```bash -kubectl get pods -n kagent --context $MGMT_CONTEXT -kubectl get pods -n kagent --context $REMOTE_CONTEXT -``` - -### Check Tunnel Connectivity - -```bash -# Management cluster - tunnel server -kubectl -n kagent port-forward deployment/solo-enterprise-ui 8080 --context $MGMT_CONTEXT -# Check http://localhost:8080/metrics for kagent_tunnel_server_tunnel_up - -# Workload cluster - tunnel client -kubectl -n kagent port-forward deployment/kagent-enterprise-agent 8080 --context $REMOTE_CONTEXT -# Check http://localhost:8080/metrics for kagent_tunnel_client_tunnel_up -``` - -### Check OTel Pipeline - -```bash -kubectl get cm kagent-enterprise-otel-config -n kagent -o yaml --context $MGMT_CONTEXT -``` - -## Uninstall - -Remove components in reverse order: - -1. Solo Enterprise for kagent (workload clusters, then management cluster) -2. Solo Enterprise for agentgateway -3. Istio ambient mesh - -## Key Namespaces - -| Namespace | Purpose | -|-----------|---------| -| `kagent` | Main namespace for kagent controller, agents, tools, OTel config | -| `agentgateway-system` | Agentgateway components | diff --git a/src/app/docs/kagent/enterprise/model-providers/page.mdx b/src/app/docs/kagent/enterprise/model-providers/page.mdx deleted file mode 100644 index e498dce..0000000 --- a/src/app/docs/kagent/enterprise/model-providers/page.mdx +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: "Model Providers" -pageOrder: 7 -description: "Configure and manage LLM providers across clusters: OpenAI, Anthropic, Azure, Gemini, Vertex AI, Bedrock, Ollama." ---- - -export const metadata = { - title: "Model Providers", - description: "Configure and manage LLM providers across clusters: OpenAI, Anthropic, Azure, Gemini, Vertex AI, Bedrock, Ollama.", - author: "kagent.dev" -}; - -# Model Providers - -Solo Enterprise for kagent supports a wide range of LLM providers. Models are configured per-cluster and per-namespace, and can be managed through the Enterprise UI or via Kubernetes resources. - -## Supported Providers - -| Provider | Auth Method | Description | -|----------|-------------|-------------| -| **OpenAI** | API key via Secret | GPT-4, GPT-4.1, GPT-4.1-mini | -| **Anthropic (Claude)** | API key via Secret | Claude 3.5, Claude 4 family | -| **Azure OpenAI** | Endpoint + API key | Azure-hosted OpenAI models | -| **Google Gemini** | API key via Secret | Gemini models via Google AI API | -| **Google Vertex AI** | Service account credentials | Gemini and other models via Vertex AI | -| **Amazon Bedrock** | AWS credentials | Claude, Titan, and other Bedrock models | -| **Ollama** | Base URL (local/remote) | Self-hosted open-source models | -| **BYO OpenAI-compatible** | Custom configuration | Any model with an OpenAI-compatible API | - -## Managing Models - -### Via Enterprise UI - -1. Navigate to **Inventory > Models** -2. Click **+ Add New Model** -3. Select the cluster and namespace -4. Choose the provider and model -5. Enter your API key or authentication parameters -6. Click **Create Model** - -### Via Kubernetes Resources - -```yaml -apiVersion: kagent.dev/v1alpha2 -kind: ModelConfig -metadata: - name: my-openai-model - namespace: kagent -spec: - provider: OpenAI - model: gpt-4.1-mini - apiKeySecretRef: - name: openai-key - key: api-key -``` - -```bash -kubectl create secret generic openai-key -n kagent \ - --from-literal=api-key=$OPENAI_API_KEY -``` - -## Multicluster Model Management - -Models are configured per-cluster. The Enterprise UI displays all models across all connected clusters, allowing you to: - -- View which models are available in which clusters -- Add new models to specific clusters -- Manage API keys and authentication centrally diff --git a/src/app/docs/kagent/enterprise/multicluster/page.mdx b/src/app/docs/kagent/enterprise/multicluster/page.mdx deleted file mode 100644 index 4d3cc82..0000000 --- a/src/app/docs/kagent/enterprise/multicluster/page.mdx +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: "Multicluster Federation" -pageOrder: 3 -description: "Federated agent management across multiple Kubernetes clusters with a management-agent relay architecture." ---- - -export const metadata = { - title: "Multicluster Federation", - description: "Federated agent management across multiple Kubernetes clusters with a management-agent relay architecture.", - author: "kagent.dev" -}; - -# Multicluster Federation - -Solo Enterprise for kagent supports federated agent management across multiple Kubernetes clusters through a management-agent relay architecture. - -## Architecture - -The multicluster setup uses a hub-and-spoke model: - -``` - Management Cluster - solo-enterprise-ui + OTel GW + ClickHouse - kagent controller - Tunnel Server (receives connections) - | - Tunnel (relay) - | | - Workload Workload - Cluster 1 Cluster 2 - kagent- kagent- - enterprise enterprise - -agent (relay) -agent (relay) - Agents Agents -``` - -## Components - -### Management Cluster - -| Component | Description | -|-----------|-------------| -| `solo-enterprise-ui` | Enterprise management UI, OTel gateway, and ClickHouse telemetry storage | -| Tunnel Server | Accepts relay connections from workload clusters | -| kagent controller | Manages agent lifecycle, generates OBO tokens, serves JWKS endpoint | - -### Workload Clusters - -| Component | Description | -|-----------|-------------| -| `kagent-enterprise-agent` | Relay client that connects back to the management cluster tunnel server | -| OTel Collector | Collects telemetry data and sends to OTel gateway in management cluster | -| Agents | Agent pods running in the workload cluster | -| Agentgateway | Waypoint proxy for policy enforcement | - -## Tunnel Architecture - -The management-agent tunnel provides: - -- **Secure connectivity** between management and workload clusters -- **Telemetry relay** for forwarding OTel data to the management cluster -- **Agent federation** for managing agents across clusters from a single UI - -### Tunnel Metrics - -| Metric | Description | -|--------|-------------| -| `kagent_tunnel_server_tunnel_up` | Whether the tunnel server is running (gauge) | -| `kagent_tunnel_client_tunnel_up` | Whether the tunnel client is connected (gauge) | - -## Registering Clusters - -Register new workload clusters through the Enterprise UI: - -1. Navigate to **Inventory > Clusters** -2. Click **+ Register New Cluster** -3. Get the tunnel server endpoint: - ```bash - kubectl get svc -n kagent solo-enterprise-ui \ - --context ${MGMT_CONTEXT} \ - -o jsonpath="{.status.loadBalancer.ingress[0]['hostname','ip']}" - ``` -4. Paste the endpoint and run the generated CLI commands - -## Multicluster Agent Communication - -With Istio ambient mesh deployed across clusters, agents communicate securely: - -- **mTLS** — Automatic mutual TLS between agents across clusters -- **Policy enforcement** — AccessPolicies apply across cluster boundaries -- **Traceable** — Cross-cluster agent interactions are captured in distributed traces diff --git a/src/app/docs/kagent/enterprise/observability/page.mdx b/src/app/docs/kagent/enterprise/observability/page.mdx deleted file mode 100644 index 7c9f6d7..0000000 --- a/src/app/docs/kagent/enterprise/observability/page.mdx +++ /dev/null @@ -1,131 +0,0 @@ ---- -title: "Observability" -pageOrder: 4 -description: "Built-in OpenTelemetry pipeline with distributed tracing, metrics, and interactive UI visualization." ---- - -export const metadata = { - title: "Observability", - description: "Built-in OpenTelemetry pipeline with distributed tracing, metrics, and interactive UI visualization.", - author: "kagent.dev" -}; - -# Observability - -Solo Enterprise for kagent provides a built-in OpenTelemetry (OTel) pipeline with distributed tracing, metrics, and an interactive UI for visualizing agent execution flows across federated clusters. - -## Architecture - -``` -Management Cluster - solo-enterprise-ui pod - UI container - opentelemetry-gateway container - ClickHouse (telemetry storage) - | - receives telemetry - | -Workload Cluster - kagent-enterprise-agent pod - opentelemetry-collector container -``` - -| Component | Location | Role | -|-----------|----------|------| -| OTel Gateway | Management cluster | Receives telemetry from all workload cluster collectors | -| OTel Collector | Each workload cluster | Scrapes and forwards telemetry data to the gateway | -| ClickHouse | Management cluster | Stores all telemetry data (traces, metrics) | - -## Distributed Tracing - -### What Traces Capture - -Traces provide complete execution paths for all agent interactions: - -- All LLM interactions (prompts sent and responses received) -- Tool invocations and their results -- Decision points the agent makes -- Cross-agent calls (A2A protocol flows) -- Cross-cluster execution paths - -### Enabling Tracing - -**Management cluster:** - -```yaml -otel: - tracing: - enabled: true - exporter: - otlp: - endpoint: solo-enterprise-ui.kagent.svc.cluster.local:4317 - insecure: true -``` - -**Workload cluster:** - -```yaml -otel: - tracing: - enabled: true - exporter: - otlp: - endpoint: kagent-enterprise-relay.kagent.svc.cluster.local:4317 - insecure: true -``` - -### Reviewing Traces in the UI - -1. Navigate to **Tracing** in the sidebar menu -2. Adjust the **Time Range** to filter spans -3. Click a trace ID to view the complete execution path - -Each trace provides three views: - -| View | Description | -|------|-------------| -| **Execution Flow** | Interactive graph visualization with play/stop replay controls | -| **Trace Tree** | Detailed timeline of agents, tools, and decision points | -| **Agent Trace Details** | User input, agent output, metadata (roles, tools, token usage) | - -## Metrics - -### Control Plane Metrics - -The management plane exposes metrics on port 8080: - -```bash -kubectl -n kagent port-forward deployment/solo-enterprise-ui 8080 \ - --context kind-mgmt-cluster -# Open http://localhost:8080/metrics -``` - -| Metric | Type | Description | -|--------|------|-------------| -| `kagent_tunnel_server_tunnel_up` | Gauge | Whether the tunnel server is running | - -### Data Plane Metrics - -Each workload cluster agent exposes metrics on port 8080: - -```bash -kubectl -n kagent port-forward deployment/kagent-enterprise-agent 8080 \ - --context kind-cluster-1 -# Open http://localhost:8080/metrics -``` - -| Metric | Type | Description | -|--------|------|-------------| -| `kagent_tunnel_client_tunnel_up` | Gauge | Whether the tunnel client is connected | - -## OTel Configuration - -View the default OTel configuration: - -```bash -# Management cluster -kubectl get cm kagent-enterprise-otel-config -n kagent -o yaml --context kind-mgmt-cluster - -# Workload cluster -kubectl get cm kagent-enterprise-otel-config -n kagent -o yaml --context kind-cluster-1 -``` diff --git a/src/app/docs/kagent/enterprise/page.mdx b/src/app/docs/kagent/enterprise/page.mdx deleted file mode 100644 index 6b058e0..0000000 --- a/src/app/docs/kagent/enterprise/page.mdx +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: "Solo Enterprise for kagent" -pageOrder: 10 -description: "Production-ready enterprise distribution with multicluster federation, advanced security, and built-in observability." ---- - -export const metadata = { - title: "Solo Enterprise for kagent", - description: "Production-ready enterprise distribution with multicluster federation, advanced security, and built-in observability.", - author: "kagent.dev" -}; - -# Solo Enterprise for kagent - -Solo Enterprise for kagent is a hardened, production-ready distribution of the open-source kagent project, offered by Solo.io. It adds an enterprise management plane, advanced security, multicluster federation, and built-in observability. - -## Enterprise vs Open Source - -| Feature | Enterprise | Open Source | -|---------|-----------|-------------| -| Built-in agents and tools | Yes | Yes | -| Agent lifecycle management | Yes | Yes | -| BYO agent support (ADK, CrewAI, LangGraph) | Yes | Yes | -| BYO MCP tool servers | Yes | Yes | -| Multicluster and federated agent support | Yes | No | -| Built-in OTel pipeline for observability and tracing | Yes | No | -| Interactive UI with trace visualization | Yes | No | -| Security and access control (OIDC, RBAC) | Yes | No | -| Authorization policies (AccessPolicy) | Yes | No | -| On-behalf-of (OBO) token identity propagation | Yes | No | -| Agentgateway integration | Yes | No | -| Istio ambient mesh integration | Yes | No | -| FIPS and compliance builds | Yes | No | -| 24x7 production support | Yes | No | - -## Architecture - -``` -Management Cluster - solo-enterprise-ui (mgmt plane) - OTel Gateway (telemetry) - ClickHouse (storage) - kagent controller - Tunnel Server - | - Tunnel (relay) - | -Workload Cluster(s) - kagent-enterprise-agent (relay) - OTel Collector (telemetry) - agentgateway (waypoint proxy) - Agents (pods) - MCP Tool Servers -``` - -## Licensing - -Solo Enterprise for kagent requires a commercial license from Solo.io. Contact your Solo account representative to obtain a license key. diff --git a/src/app/docs/kagent/enterprise/security/page.mdx b/src/app/docs/kagent/enterprise/security/page.mdx deleted file mode 100644 index c09e351..0000000 --- a/src/app/docs/kagent/enterprise/security/page.mdx +++ /dev/null @@ -1,93 +0,0 @@ ---- -title: "Security & Access Control" -pageOrder: 2 -description: "OIDC authentication, OBO token identity propagation, AccessPolicy authorization, and agentgateway enforcement." ---- - -export const metadata = { - title: "Security & Access Control", - description: "OIDC authentication, OBO token identity propagation, AccessPolicy authorization, and agentgateway enforcement.", - author: "kagent.dev" -}; - -# Security & Access Control - -Solo Enterprise for kagent provides a complete security stack: OIDC-based authentication, on-behalf-of (OBO) token identity propagation, fine-grained authorization via AccessPolicies, and network-level enforcement through agentgateway and Istio ambient mesh. - -## Security Architecture - -The security flow consists of three phases: - -``` -User --> IdP (OIDC) --> kagent controller --> agentgateway --> Agent/MCP Tool - | | | - 1. Authenticate 2. Generate OBO 3. Enforce - with IdP token AccessPolicy -``` - -### Phase 1: User Authentication (OIDC) - -Users authenticate through an OpenID Connect (OIDC) identity provider. The kagent controller validates the user's token using the IdP's public key. - -### Phase 2: Identity Propagation (OBO Tokens) - -After validating the user's OIDC token, the kagent controller generates an on-behalf-of (OBO) token. This token represents the agent's identity acting on behalf of the user, and is used for all downstream requests. - -Key details: -- The OBO token is signed by a private RSA signing key (2048-bit) provided via a `jwt` Kubernetes Secret -- Agentgateway validates via the JWKS endpoint (`/jwks.json`) on the kagent controller -- Standard JWT claims are validated: issuer, audience, expiration, not-before -- The `X-User-ID` header is set automatically on forwarded requests - -### Phase 3: Authorization (AccessPolicy) - -After OBO token validation, agentgateway evaluates `AccessPolicy` resources to determine whether the request should be allowed based on: -- **Subjects** — users and agents making requests -- **Targets** — agents and MCP servers being accessed - -## Supported Identity Providers - -| Provider | Description | -|----------|-------------| -| **Auto** | Default sample IdP for getting started | -| **Generic OIDC** | Any OpenID Connect-compliant provider | -| **Keycloak** | Open-source identity and access management | -| **Microsoft Entra ID** | Azure Active Directory | -| **Okta** | Enterprise identity management | - -## RBAC Roles - -| Role | Permissions | -|------|-------------| -| **Admin** | Full access to all features, user management, and configuration | -| **Writer** | Create, modify, and delete agents, tools, and models | -| **Reader** | View-only access to agents, tools, traces, and dashboards | - -Roles are mapped from IdP groups via the `rbac-config` ConfigMap using CEL expressions. - -## Network Enforcement with Agentgateway - -Because Solo Enterprise for agentgateway proxies traffic to agentic resources, you can set up: - -- **Timeouts** — Request timeouts for agent and tool calls -- **Retries** — Retry policies for resilience -- **mTLS** — Automatic mutual TLS via Istio ambient mesh -- **Policy enforcement** — Agentgateway acts as a waypoint proxy in the ambient mesh - -## Complete Security Flow - -``` -1. User --> IdP --> Login with credentials -2. IdP --> User --> Return user's OIDC token (signed by IdP key) -3. User --> kagent controller --> API request with OIDC token -4. kagent controller --> Validate OIDC token (using IdP public key) -5. kagent controller --> Generate OBO token (signed by kagent RSA key) -6. kagent controller --> agentgateway --> Forward request with OBO token -7. agentgateway --> kagent controller --> Fetch JWKS from /jwks.json -8. kagent controller --> agentgateway --> Return kagent's public key -9. agentgateway --> Verify JWT signature & validate claims -10. agentgateway --> Check AccessPolicy -11. agentgateway --> Agent/MCP Tool --> Forward request (if authorized) -12. Agent/MCP Tool --> agentgateway --> Response -13. agentgateway --> User --> Return response -``` diff --git a/src/app/docs/kagent/enterprise/tools-mcp-servers/page.mdx b/src/app/docs/kagent/enterprise/tools-mcp-servers/page.mdx deleted file mode 100644 index 4d4671c..0000000 --- a/src/app/docs/kagent/enterprise/tools-mcp-servers/page.mdx +++ /dev/null @@ -1,82 +0,0 @@ ---- -title: "Tools & MCP Servers" -pageOrder: 8 -description: "Built-in tools, Kubernetes services as MCP, remote MCP servers, and agents as tools." ---- - -export const metadata = { - title: "Tools & MCP Servers", - description: "Built-in tools, Kubernetes services as MCP, remote MCP servers, and agents as tools.", - author: "kagent.dev" -}; - -# Tools & MCP Servers - -Solo Enterprise for kagent provides multiple ways to integrate MCP (Model Context Protocol) tools with your agents. - -## Tool Types - -| Type | Description | -|------|-------------| -| **Built-in tools** | Pre-packaged tools for Kubernetes, Helm, Istio, Prometheus, Grafana, Cilium, Argo Rollouts | -| **Kubernetes Services as MCP servers** | Discover HTTP tools from OpenAPI-compliant services | -| **Remote MCP servers** | Connect to external MCP-compatible tool servers | -| **Custom MCP servers** | Build your own MCP tool server from scratch | -| **Agents as tools** | Reference other agents as tools via A2A protocol | - -## Built-in Tools - -Comprehensive built-in tools for: - -- **Pod management and monitoring** — List, describe, get logs, exec into pods -- **Service discovery and configuration** — Query services, endpoints, configs -- **Helm operations** — Install, upgrade, uninstall releases -- **Istio operations** — Proxy status, config, analyze, install -- **Prometheus queries** — Instant and range PromQL queries -- **Grafana management** — Organizations, dashboards, alerts -- **Cilium operations** — Status, install, upgrade, cluster mesh -- **Argo Rollouts** — Verify, promote, pause, set image - -## Managing Tools via the UI - -1. Navigate to **Inventory > Tools** to view all discovered MCP tools -2. Navigate to **Inventory > Tool Servers** to view tool server configurations -3. Click **+ Add New Tool Server** to register a new server - -## Remote MCP Servers - -```yaml -apiVersion: kagent.dev/v1alpha2 -kind: RemoteMCPServer -metadata: - name: my-remote-server - namespace: kagent -spec: - protocol: SSE # or STREAMABLE_HTTP - url: http://my-mcp-server:8080/sse - headersFrom: - - secretRef: - name: server-auth-token - key: Authorization -``` - -## Agents as Tools - -Any agent can be used as a tool by other agents: - -```yaml -tools: - - type: Agent - agent: - name: specialist-agent - namespace: default -``` - -## Agentgateway Integration - -Agentgateway is built into the MCP tool servers, providing: - -- Secure communication -- AccessPolicy enforcement -- Timeout and retry policies -- Network-level observability diff --git a/src/app/docs/kagent/resources/agent-crd-reference/page.mdx b/src/app/docs/kagent/resources/agent-crd-reference/page.mdx deleted file mode 100644 index 33dbde2..0000000 --- a/src/app/docs/kagent/resources/agent-crd-reference/page.mdx +++ /dev/null @@ -1,194 +0,0 @@ ---- -title: "Agent CRD Reference" -pageOrder: 2 -description: "Complete reference for the kagent Agent Custom Resource Definition (v1alpha2)." ---- - -export const metadata = { - title: "Agent CRD Reference", - description: "Complete reference for the kagent Agent Custom Resource Definition (v1alpha2).", - author: "kagent.dev" -}; - -# Agent CRD Reference - -Complete reference for the kagent Agent Custom Resource Definition (v1alpha2). - -## Agent Resource - -```yaml -apiVersion: kagent.dev/v1alpha2 -kind: Agent -metadata: - name: - namespace: -spec: - type: Declarative | BYO - declarative: - byo: - skills: - allowedNamespaces: [] -``` - -## DeclarativeAgentSpec - -```yaml -declarative: - runtime: python | go - modelConfig: - systemMessage: - promptTemplate: - dataSources: - - configMapRef: - name: - tools: - - type: McpServer | Agent - mcpServer: - agent: - a2aServer: - enabled: - port: - memory: - enabled: - embeddingProvider: - type: - model: - secretRef: - name: - context: - eventsCompaction: - enabled: - deployment: -``` - -## McpServerTool - -```yaml -mcpServer: - name: - kind: RemoteMCPServer | MCPServer - toolNames: - - - requireApproval: - - - propagateHeaders: - enabled: -``` - -## AgentTool - -```yaml -agent: - name: - namespace: -``` - -## SkillForAgent - -```yaml -skills: - refs: - - image: - gitRefs: - - url: - ref: - path: - name: - gitAuthSecretRef: - name: - insecureSkipVerify: -``` - -## SharedDeploymentSpec - -```yaml -deployment: - replicas: - imageRegistry: - resources: - requests: - cpu: - memory: - limits: - cpu: - memory: - tolerations: [] - affinity: - nodeSelector: - securityContext: - serviceAccountName: - volumes: [] - volumeMounts: [] - imagePullPolicy: - imagePullSecrets: [] -``` - -## ModelConfig Resource - -```yaml -apiVersion: kagent.dev/v1alpha2 -kind: ModelConfig -metadata: - name: -spec: - provider: OpenAI | Anthropic | Gemini | GeminiVertexAI | AnthropicVertexAI | AzureOpenAI | Bedrock | Ollama - model: - apiKeySecret: - apiKeySecretKey: - baseURL: - azureEndpoint: - region: -``` - -## RemoteMCPServer Resource - -```yaml -apiVersion: kagent.dev/v1alpha2 -kind: RemoteMCPServer -metadata: - name: -spec: - protocol: SSE | STREAMABLE_HTTP - url: - headersFrom: - - secretRef: - name: - key: -status: - discoveredTools: [] -``` - -## MCPServer Resource (kmcp) - -```yaml -apiVersion: kagent.dev/v1alpha1 -kind: MCPServer -metadata: - name: -spec: - deployment: - image: - cmd: - args: [] - port: - secretRefs: - - name: - transportType: stdio -``` - -## ModelProviderConfig Resource - -```yaml -apiVersion: kagent.dev/v1alpha2 -kind: ModelProviderConfig -metadata: - name: -spec: - provider: OpenAI | Anthropic | Gemini | ... - apiKeySecretRef: - name: - key: -status: - discoveredModels: [] - ready: -``` diff --git a/src/config/navigation.json b/src/config/navigation.json index 50ef686..b72a0eb 100644 --- a/src/config/navigation.json +++ b/src/config/navigation.json @@ -289,12 +289,7 @@ "href": "/docs/kagent/resources/helm", "description": "kagent Helm chart configuration reference" }, - { - "title": "Agent CRD Reference", - "href": "/docs/kagent/resources/agent-crd-reference", - "description": "Complete reference for the Agent, ModelConfig, RemoteMCPServer, MCPServer, and ModelProviderConfig CRDs." - }, - { +{ "title": "FAQs", "href": "/docs/kagent/resources/faq", "description": "Find answers to frequently asked questions about kagent." @@ -306,53 +301,6 @@ } ] } - { - "title": "Solo Enterprise", - "href": "/docs/kagent/enterprise", - "description": "Production-ready enterprise distribution with multicluster federation, advanced security, and built-in observability.", - "items": [ - { - "title": "Installation & Operations", - "href": "/docs/kagent/enterprise/installation", - "description": "Install, upgrade, and manage Solo Enterprise for kagent." - }, - { - "title": "Security & Access Control", - "href": "/docs/kagent/enterprise/security", - "description": "OIDC authentication, OBO tokens, AccessPolicy, and agentgateway enforcement." - }, - { - "title": "Multicluster Federation", - "href": "/docs/kagent/enterprise/multicluster", - "description": "Management-agent relay architecture for federated agent management." - }, - { - "title": "Observability", - "href": "/docs/kagent/enterprise/observability", - "description": "Built-in OTel pipeline, distributed tracing, metrics, and ClickHouse storage." - }, - { - "title": "Enterprise UI", - "href": "/docs/kagent/enterprise/enterprise-ui", - "description": "Interactive dashboard for agents, tools, models, tracing, and cluster management." - }, - { - "title": "Agent Frameworks (BYO)", - "href": "/docs/kagent/enterprise/agent-frameworks", - "description": "Bring your own agents with Google ADK, CrewAI, or LangGraph." - }, - { - "title": "Model Providers", - "href": "/docs/kagent/enterprise/model-providers", - "description": "Configure LLM providers across clusters." - }, - { - "title": "Tools & MCP Servers", - "href": "/docs/kagent/enterprise/tools-mcp-servers", - "description": "Built-in tools, remote MCP servers, and agents as tools." - } - ] - } ] }, {