Uploaded image for project: 'Network Edge'
  1. Network Edge
  2. NE-2276

Spike: Evaluate Path to Productization

XMLWordPrintable

    • Icon: Spike Spike
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • None
    • None

      Description

      This spike aims to define the architectural direction for productizing the NIDS MCP tools. While the initial prototype wrapped CLI tools, the productized version must leverage openshift-mcp-server (or equivalent) to satisfy security, authentication, and RBAC requirements. This story focuses on research and decision-making, not implementation.

      Goals

      1. Determine the best integration strategy with openshift-mcp-server.
      2. Define how to support both "Live Cluster" (online) and "Must-Gather/sos-report" (offline) analysis with a unified codebase.
      3. Evaluate the Deployment Topology for accessing offline data (e.g., how the server process reaches the must-gather files in a cluster environment).
      4. Establish the authentication and RBAC model.

      Implementation Steps

      1. Analyze openshift-mcp-server:
        • Review the architecture of openshift-mcp-server (K8s MCP Server).
        • Determine if NIDS tools should be a plugin, a module, or a standalone binary that inherits libraries.
        • Evaluate how it handles user identity and impersonation.
      2. Evaluate Offline Strategy & Deployment:
        • The NIDS tools must work against must-gather and sos-report archives.
        • Propose an abstraction layer (e.g., DataAccess interface) that allows the same tool logic (e.g., "Find Service for Route") to switch between a K8sClient implementation and a FlatFile implementation.
        • Evaluate Deployment Options:
          • How does the remote MCP server access the offline files?
          • Assess the feasibility of using Persistent Volume Claims (PVCs) or sidecar containers to mount the must-gather data.
          • Define the lifecycle of provisioning this data to the server (external orchestrator vs server-managed download).
      3. Produce Decision Record:
        • Write a document (ADR) recommending the architecture.
        • Deliverable: A Markdown file in the repo outlining the chosen path (e.g., "We will build a standalone Go binary using client-go that implements the openshift-mcp-server security patterns..." or "We will contribute a module to...").

      Acceptance Criteria

      • Integration strategy with openshift-mcp-server is defined and documented.
      • Architecture for unifying Online/Offline modes is defined (Interface definitions).
      • Deployment topology for data access (PVC/Mounts) is analyzed and recommended.
      • Plan for RBAC/Auth integration is documented.

              btofelrh Brett Tofel
              btofelrh Brett Tofel
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: