NO-JIRA: docs(openshift): add OpenShift MCP Server user guide#179
NO-JIRA: docs(openshift): add OpenShift MCP Server user guide#179lberk wants to merge 6 commits intoopenshift:mainfrom
Conversation
Adds a user guide covering enterprise features, toolsets, safety best practices, data ownership, security guardrails, and troubleshooting for the MCP server for Red Hat OpenShift. Includes the Lightspeed data flow diagram image. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
|
Important Review skippedReview was skipped due to path filters ⛔ Files ignored due to path filters (1)
CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
WalkthroughAdds a new OpenShift MCP Server user guide documenting authentication (OAuth/OIDC), modular toolsets, observability, deployment guardrails, configuration (config.toml/Helm), data flow, toolset examples, BYOM, RBAC/access revocation, safety practices, and troubleshooting. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes ✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: lberk The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 5
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/openshift/user-guide.md`:
- Line 64: Remove the empty markdown headings that break document structure:
delete the standalone "####" at the location matching the diff and the empty
"##" (and any other orphan heading markers noted) or replace them with
meaningful content; also ensure "### Contact" contains the expected contact
details before the following "## Additional Information" heading. Update the
file so there are no empty heading tokens (e.g., "####", empty "##", or empty
"### Contact") left in the document.
- Around line 24-26: Add appropriate language identifiers to the markdown fenced
code blocks containing the shown snippets so they render and lint correctly:
update the block with toolsets = ["core", "olm", "kubevirt"] to start with
```toml, the block that begins with # Deny access to Secrets and ConfigMaps /
[[denied_resources]] / kind = "ClusterRoleBinding" to ```toml, and the block
containing # Only enable specific tools / enabled_tools = ["pods_list",
"pods_get", "pods_log"] / disabled_tools = ["resources_delete", "pods_delete"]
to ```toml; apply the same change to the other affected blocks referenced in the
comment (the sections around the symbols toolsets, [[denied_resources]], and
enabled_tools).
- Around line 120-127: The table contains placeholders and incomplete entries
(e.g., "OCP 4.XX" header, the "IBM Watson.x | Granite ??" row, and blank
evaluation results for "Anthropic | Claude 4.5 Sonnet"); update these to real,
published values or remove the rows/placeholder text before publishing: replace
"OCP 4.XX" with the exact OpenShift version, fill in verified evaluation scores
for "Claude 4.5 Sonnet" and "Granite" (or drop those provider rows if results
are not available), and ensure every table cell under "Evaluation Results"
contains a concrete score or a clear note like "Not evaluated."
- Around line 224-229: Replace the brittle PR URL and generic "link" labels in
the block that mentions `helm uninstall openshift-mcp-server`, the RBAC docs,
and the MCPServerRegistration CR with durable, authoritative documentation URLs
and descriptive link text; update the `helm uninstall openshift-mcp-server`
reference to point to the official OpenShift/Helm docs, replace the PR link to
the stable repository or release docs, change the RBAC "link" to the specific
Red Hat OpenShift RBAC API doc, and replace the MCPServerRegistration "link"
with the Kuadrant MCP Gateway registration guide, while keeping the inline
commands (`helm uninstall openshift-mcp-server` and `oc delete mcpsr <name of
registration>`) unchanged.
- Line 145: Update the typo in the authentication provider name: change the
string "Keyclock" to "Keycloak" in the MCP server audit log instruction (the
sentence that currently reads "Ensure that authorization is enabled via OAuth
(Keyclock) or MCP Gateway[...]") so the documentation correctly references
Keycloak.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 3b693cd3-e744-47ab-b62c-a5bc33bac6f1
⛔ Files ignored due to path filters (1)
docs/openshift/images/lightspeed-data-flow.pngis excluded by!**/*.png
📒 Files selected for processing (1)
docs/openshift/user-guide.md
- Remove empty #### and ## heading markers - Remove empty ### Contact section - Add toml language identifiers to fenced code blocks - Fix Keyclock -> Keycloak typo - Improve generic [link] labels to descriptive text Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
There was a problem hiding this comment.
♻️ Duplicate comments (2)
docs/openshift/user-guide.md (2)
221-223:⚠️ Potential issue | 🟠 MajorReplace the PR URL and generic “link” text with durable documentation links.
helm uninstall openshift-mcp-servercurrently references a PR URL and uses non-descriptive link text. Please point to stable uninstall docs (project or Helm/OpenShift docs) and use descriptive anchor text.As per coding guidelines: "Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/openshift/user-guide.md` around lines 221 - 223, The helm uninstall line uses a PR URL and non-descriptive link text; replace that PR link with a stable, durable documentation URL (e.g., official project uninstall docs, Helm chart README, or OpenShift removal docs) and change the anchor text from "link" to a descriptive phrase like "uninstall instructions" or "MCP Server uninstall docs" so the line reading `helm uninstall openshift-mcp-server` points to the permanent uninstall documentation; update the markdown anchor accordingly where the current `helm uninstall openshift-mcp-server` reference appears.
118-126:⚠️ Potential issue | 🟠 MajorRemove placeholder model-evaluation data before publishing.
This section still includes non-final values (
OCP 4.XX,Granite ??) and blank result cells, which makes the guide unreliable for users. Please replace with verified values or explicitly mark rows as “Not evaluated” and remove unknown placeholders.As per coding guidelines: "Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/openshift/user-guide.md` around lines 118 - 126, The table in the user guide contains placeholder and incomplete entries ("OCP 4.XX", "Granite ??", blank Evaluation Results for "Claude 4.5 Sonnet")—replace these with verified values or explicitly mark those rows as "Not evaluated" (or "TBD/Not evaluated") and remove the "??" placeholder; update the header note if OCP version is uncertain and ensure every Model/Provider row has either a numeric result or the "Not evaluated" marker so the table contains only final, non-ambiguous entries.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In `@docs/openshift/user-guide.md`:
- Around line 221-223: The helm uninstall line uses a PR URL and non-descriptive
link text; replace that PR link with a stable, durable documentation URL (e.g.,
official project uninstall docs, Helm chart README, or OpenShift removal docs)
and change the anchor text from "link" to a descriptive phrase like "uninstall
instructions" or "MCP Server uninstall docs" so the line reading `helm uninstall
openshift-mcp-server` points to the permanent uninstall documentation; update
the markdown anchor accordingly where the current `helm uninstall
openshift-mcp-server` reference appears.
- Around line 118-126: The table in the user guide contains placeholder and
incomplete entries ("OCP 4.XX", "Granite ??", blank Evaluation Results for
"Claude 4.5 Sonnet")—replace these with verified values or explicitly mark those
rows as "Not evaluated" (or "TBD/Not evaluated") and remove the "??"
placeholder; update the header note if OCP version is uncertain and ensure every
Model/Provider row has either a numeric result or the "Not evaluated" marker so
the table contains only final, non-ambiguous entries.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: ba4808dc-b2cb-4782-82fd-09116c059f99
📒 Files selected for processing (1)
docs/openshift/user-guide.md
Replace blank evaluation cells with 'Not evaluated', fix 'Granite ??' to 'Granite', and remove the inline containers/pull/178 link from the helm uninstall step. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
|
/override "Konflux kflux-prd-rh02 / openshift-mcp-server-on-pull-request" |
|
@Kaustubh-pande: Overrode contexts on behalf of Kaustubh-pande: Konflux kflux-prd-rh02 / openshift-mcp-server-on-pull-request DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Kaustubh-pande
changed the title
openshift-ci-robot
added
the
jira/valid-reference
|
@lberk: This pull request explicitly references no jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Replace lightspeed-data-flow.png with the updated diagram exported from 'MCP server w_ OLS.svg' at 144 DPI (1443x674). Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
docs/openshift/user-guide.md (1)
118-125:⚠️ Potential issue | 🟠 MajorReplace remaining placeholder and fix product branding.
Two issues remain in the evaluation table:
- Line 118: "OCP 4.XX" is still a placeholder. Replace it with the actual OpenShift version tested (e.g., "OCP 4.21").
- Line 125: "IBM Watson.x" uses incorrect branding. The official product name is "IBM watsonx" (lowercase 'w', no period).
📝 Proposed fix
-The following models have been evaluated on OCP 4.XX +The following models have been evaluated on OCP 4.21 | Provider | Model | Evaluation Results | | :---- | :---- | :---- | | OpenAI | gpt-5 | 17/24 | | Anthropic | Claude 4.5 Sonnet | Not evaluated | | Google | Gemini 3.1 Pro | 15/24 | -| IBM Watson.x | Granite | Not evaluated | +| IBM watsonx | Granite | Not evaluated |🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/openshift/user-guide.md` around lines 118 - 125, Replace the placeholder and fix branding in the evaluation table: change the "OCP 4.XX" text to the actual OpenShift version tested (for example "OCP 4.21") and update the product name "IBM Watson.x" to the correct branding "IBM watsonx" (lowercase 'w', no period) wherever those exact strings appear in the table.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/openshift/user-guide.md`:
- Line 157: Update the sentence that currently reads "These metrics do not
collect specific details of the calls, requests are errors themselves, only
providing aggregate overall sums of the usage." to fix the grammar and clarify
meaning by replacing "requests are errors themselves" with "requests or errors"
and adjust punctuation for readability, e.g., "These metrics do not collect
specific details of calls—requests or errors—only providing aggregate overall
sums of usage." Locate the sentence by searching for the phrase "These metrics
do not collect specific details of the calls" and update that line accordingly.
---
Duplicate comments:
In `@docs/openshift/user-guide.md`:
- Around line 118-125: Replace the placeholder and fix branding in the
evaluation table: change the "OCP 4.XX" text to the actual OpenShift version
tested (for example "OCP 4.21") and update the product name "IBM Watson.x" to
the correct branding "IBM watsonx" (lowercase 'w', no period) wherever those
exact strings appear in the table.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 590485c0-7df6-4c43-a7cd-747a70d1fe6b
⛔ Files ignored due to path filters (1)
docs/openshift/images/lightspeed-data-flow.pngis excluded by!**/*.png
📒 Files selected for processing (1)
docs/openshift/user-guide.md
- Openshift → OpenShift - MCP Server → MCP server - MCP Gateway → MCP gateway Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (2)
docs/openshift/user-guide.md (2)
118-126:⚠️ Potential issue | 🟠 MajorReplace unreleased placeholders in the model evaluation section before publish
Line 118 still uses
OCP 4.XX, which makes this section non-verifiable for users. Please replace with the exact supported OpenShift version (or explicitly mark the whole table as draft/internal-only).🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/openshift/user-guide.md` around lines 118 - 126, The heading "The following models have been evaluated on OCP 4.XX" contains an unreleased placeholder; replace "OCP 4.XX" with the exact supported OpenShift version (e.g., "OCP 4.12") or, if the evaluations are not final, mark the entire table as draft/internal-only and add a clear note; update any other occurrences of "OCP 4.XX" in the same section and ensure the table caption or a footnote indicates the evaluation date and scope so readers can verify results.
157-157:⚠️ Potential issue | 🟠 MajorClarify telemetry-data scope statement to avoid policy ambiguity
Line 157 is currently unclear (
requests are errors themselves) and weakens the data collection guarantee in this section. Replace with explicit wording such as: “These metrics do not collect details of individual calls, requests, or errors; they only provide aggregate totals.”🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/openshift/user-guide.md` at line 157, Replace the unclear sentence "These metrics do not collect specific details of the calls, requests are errors themselves, only providing aggregate overall sums of the usage." with an explicit statement clarifying telemetry scope, for example: "These metrics do not collect details of individual calls, requests, or errors; they only provide aggregate totals." Update this in the user-guide.md content near the existing line so the documentation unambiguously states that no per-request or per-error details are collected.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/openshift/user-guide.md`:
- Line 22: Update the statement in docs/openshift/user-guide.md that currently
asserts MCP is "read-only by default" to accurately reflect that the default
configuration (mcp_config.toml / docs/configuration.md) sets read_only = false;
change the wording to state that the default allows write/delete operations
unless read_only is explicitly enabled, and mention that the "core" toolset
includes destructive capabilities (pods_delete, pods_exec, pods_run,
resources_create_or_update, resources_delete, resources_scale) so operators must
set read_only = true in config.toml (or Helm's config section) to enforce
read-only behavior.
---
Duplicate comments:
In `@docs/openshift/user-guide.md`:
- Around line 118-126: The heading "The following models have been evaluated on
OCP 4.XX" contains an unreleased placeholder; replace "OCP 4.XX" with the exact
supported OpenShift version (e.g., "OCP 4.12") or, if the evaluations are not
final, mark the entire table as draft/internal-only and add a clear note; update
any other occurrences of "OCP 4.XX" in the same section and ensure the table
caption or a footnote indicates the evaluation date and scope so readers can
verify results.
- Line 157: Replace the unclear sentence "These metrics do not collect specific
details of the calls, requests are errors themselves, only providing aggregate
overall sums of the usage." with an explicit statement clarifying telemetry
scope, for example: "These metrics do not collect details of individual calls,
requests, or errors; they only provide aggregate totals." Update this in the
user-guide.md content near the existing line so the documentation unambiguously
states that no per-request or per-error details are collected.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 9fd89150-e456-46fa-8ab8-fcb82122c24b
📒 Files selected for processing (1)
docs/openshift/user-guide.md
|
|
||
| ## Toolsets and Functionality | ||
|
|
||
| By default the MCP server for Red Hat OpenShift enables only "core" and "config" tools in a read-only mode. In order to enable other available toolsets, like Kiali/OSSM or Kubevirt, those must be enabled in the config.toml file. In case of using Helm there is a "config" section which needs to be updated, like: |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify whether documented defaults are actually read-only.
# Expected result:
# - Either explicit read-only enforcement exists for default toolsets, OR
# - docs/openshift/user-guide.md should be updated to avoid claiming read-only defaults.
set -euo pipefail
echo "== Find configuration docs and chart values files =="
fd -a 'configuration\.md|values\.yaml|values\.yml|config\.toml|README\.md'
echo
echo "== Search for default toolset/tool filter settings =="
rg -n -C3 'toolsets|enabled_tools|disabled_tools|read-only|readonly|pods_delete|resources_delete|resources_create_or_update|pods_exec|pods_run'
echo
echo "== Inspect specific docs referenced by this guide =="
fd -a 'configuration\.md|values\.yaml' | xargs -r sed -n '1,260p'Repository: openshift/openshift-mcp-server
Length of output: 50387
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== Extract docs/configuration.md (first 300 lines) =="
head -300 /home/jailuser/git/docs/configuration.md
echo
echo "== Extract docs/openshift/user-guide.md around line 22 =="
sed -n '1,50p' /home/jailuser/git/docs/openshift/user-guide.md
echo
echo "== Search for tool definitions (non-vendor) =="
rg -n 'pods_delete|pods_exec|pods_run|resources_create_or_update|resources_delete|resources_scale|enabled_tools|toolsets' --type-list | head -20
rg -n -A5 'pods_delete|pods_exec|pods_run|resources_create_or_update|resources_delete|resources_scale' --type md,toml,yaml 2>/dev/null | head -100Repository: openshift/openshift-mcp-server
Length of output: 15890
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== Check mcp_config.toml (main config) =="
cat /home/jailuser/git/mcp_config.toml
echo
echo "== Check Helm values.yaml for defaults =="
sed -n '1,150p' /home/jailuser/git/charts/kubernetes-mcp-server/values.yaml
echo
echo "== Search for read_only defaults in code =="
rg -n 'read_only|read-only' -t go --max-count 20 | head -50Repository: openshift/openshift-mcp-server
Length of output: 13533
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== Check if there's an OpenShift-specific override =="
grep -r "read_only" docs/openshift/ 2>/dev/null || echo "No read_only override in OpenShift docs"
echo
echo "== Verify: does 'core' toolset definition in docs mention mutating tools? =="
sed -n '35,80p' /home/jailuser/git/docs/openshift/user-guide.mdRepository: openshift/openshift-mcp-server
Length of output: 3686
Correct the "read-only by default" claim—actual defaults enable write operations
Line 22 claims the MCP server enables "core" and "config" tools in a read-only mode by default. However:
- The actual default configuration (
mcp_config.toml,docs/configuration.md) hasread_only = false - The "core" toolset includes destructive operations:
pods_delete,pods_exec,pods_run,resources_create_or_update,resources_delete,resources_scale
This documentation-to-implementation mismatch is a security concern. Users relying on the docs will assume safe defaults when write/delete operations are actually enabled. Update the user guide to accurately describe that defaults permit write operations unless explicitly disabled via configuration.
🧰 Tools
🪛 LanguageTool
[style] ~22-~22: Consider a more concise word here.
Context: ...and "config" tools in a read-only mode. In order to enable other available toolsets, like K...
(IN_ORDER_TO_PREMIUM)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/openshift/user-guide.md` at line 22, Update the statement in
docs/openshift/user-guide.md that currently asserts MCP is "read-only by
default" to accurately reflect that the default configuration (mcp_config.toml /
docs/configuration.md) sets read_only = false; change the wording to state that
the default allows write/delete operations unless read_only is explicitly
enabled, and mention that the "core" toolset includes destructive capabilities
(pods_delete, pods_exec, pods_run, resources_create_or_update, resources_delete,
resources_scale) so operators must set read_only = true in config.toml (or
Helm's config section) to enforce read-only behavior.
|
|
||
| ## Toolsets and Functionality | ||
|
|
||
| By default the MCP server for Red Hat OpenShift enables only "core" and "config" tools in a read-only mode. In order to enable other available toolsets, like Kiali/OSSM or Kubevirt, those must be enabled in the config.toml file. In case of using Helm there is a "config" section which needs to be updated, like: |
There was a problem hiding this comment.
could we format core and config ?
There was a problem hiding this comment.
and those are toolsets not "tools"
Refresh lightspeed-data-flow.png from updated SVG source. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
| By default the MCP server for Red Hat OpenShift enables only "core" and "config" tools in a read-only mode. In order to enable other available toolsets, like Kiali/OSSM or Kubevirt, those must be enabled in the config.toml file. In case of using Helm there is a "config" section which needs to be updated, like: | ||
|
|
||
| ```toml | ||
| toolsets = ["core", "olm", "kubevirt"] |
There was a problem hiding this comment.
In case of using Helm there is a "config" section which needs to be updated, like:
does not match
|
|
||
| \- **resources\_list**\*\* – List Kubernetes resources by apiVersion and kind with optional namespace and selectors | ||
| \- **resources\_get**\*\* – Get a specific resource by apiVersion, kind, name, and optional namespace | ||
| \- **resources\_create\_or\_update** – Create or update a resource from a YAML or JSON representation |
There was a problem hiding this comment.
by default we come with read only so, the "create/updaet" and "delete" are not there
perhaps grouping this different?
| \- **vm\_lifecycle** – Manage VirtualMachine lifecycle: start, stop, or restart a VM. | ||
| \- **vm\_clone** – Clone a KubeVirt VirtualMachine by creating a VirtualMachineClone resource. This creates a copy of the source VM with a new name using the KubeVirt Clone API. | ||
|
|
||
| ### Netedge |
There was a problem hiding this comment.
@bentito mind take a looksie?
But we can change afterwards
|
|
||
| \- **get\_coredns\_config** – Retrieves the current CoreDNS configuration (Corefile) from the cluster by reading the \`dns-default\` ConfigMap in the \`openshift-dns\` namespace | ||
|
|
||
| ### OLM |
There was a problem hiding this comment.
are these in the server? https://github.com/openshift/openshift-mcp-server/pull/166/changes
|
@lberk: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
|
||
| ### Core | ||
|
|
||
| #### Pods |
There was a problem hiding this comment.
The formatting of all tools looks not good. should be a table?
|
|
||
| ### Accuracy | ||
|
|
||
| Large Language Models (LLM's) are probabilistic in nature, which are inherently different in testing than traditional, procedural programming. While we've made every effort to thoroughly and reliably evaluate our MCP server against a variety of prompts that mimic real world scenarios. Despite best efforts, this list may not be exhaustive, so please ensure you follow our recommendations around safety and best practices, data ownership, and security guardrails below (and note where there are any gaps/risks associated with your data flow). |
There was a problem hiding this comment.
should we say that the mcp server does not directly use a model?
its (the mcp server's) tools are used by agents, connected to a model
|
|
||
| ### Verification & Evaluation Process | ||
|
|
||
| MCP server for Red Hat OpenShift uses [mcpchecker](https://github.com/mcpchecker/mcpchecker) for evaluations and verifies the tool we described is successfully called based on possible prompts via the Agent. |
There was a problem hiding this comment.
I like that - perhaps we bundle some of those? With the drop?
| version = "v1" | ||
| kind = "Secret" | ||
|
|
||
| [[denied_resources]] |
There was a problem hiding this comment.
let's remove that configmap
for ACM we did similar: https://github.com/openshift/openshift-mcp-server/blob/main/docs/openshift/acm.md#configuration-reference-toml-format
but not including CMs
|
|
||
| # Or disable specific tools from enabled toolsets | ||
| disabled_tools = ["resources_delete", "pods_delete"] | ||
| ``` |
There was a problem hiding this comment.
perhaps also include disable_destructive ?
|
|
||
| MCP server for Red Hat OpenShift uses [mcpchecker](https://github.com/mcpchecker/mcpchecker) for evaluations and verifies the tool we described is successfully called based on possible prompts via the Agent. | ||
|
|
||
| The following models have been evaluated on OCP 4.XX |
There was a problem hiding this comment.
| The following models have been evaluated on OCP 4.XX | |
| The following models have been evaluated on OCP 4.21 |
6 participants
Adds a user guide covering enterprise features, toolsets, safety best practices, data ownership, security guardrails, and troubleshooting for the MCP server for Red Hat OpenShift. Includes the Lightspeed data flow diagram image.