Uploaded image for project: 'Network Edge'
  1. Network Edge
  2. NE-2278

Implement Read-Only NIDS Resource Inspection Tools (Live Cluster)

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • Implement Read-Only NIDS Resource Inspection Tools (Live Cluster)
    • To Do
    • Product / Portfolio Work
    • OCPSTRAT-2811Integrate Model Context Protocol for Agentic AI-driven Ingress and DNS Troubleshooting
    • 86% To Do, 14% In Progress, 0% Done
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • None
    • None
    • None
    • 8
    • 0

      Description

      Implement the foundational set of read-only NIDS diagnostic tools using native Go libraries (client-go). These tools provide safe, non-mutating inspection of Ingress and DNS resources on a live cluster. This execution replaces the previous CLI-wrapper approach with a robust, product-ready Go implementation.

      Goals

      1. Create, or adopt, a Go-based MCP server skeleton.
      2. Implement inspection tools for Route, Service, Endpoints, and CoreDNS.
      3. Ensure strict read-only execution.

      Tool Definitions

      1. inspect_route

      • Description: Retrieve the Route resource and attempt to inspect the associated Service and Endpoints to build a complete view of the ingress path.
      • Input Schema: 
        {
  "type": "object",
  "properties": {
    "namespace": { "type": "string", "description": "Route namespace" },
    "name": { "type": "string", "description": "Route name" }
  },
  "required": ["namespace", "name"]
}
      • Output Schema: 
        {
  "route": { /* standard Route object */ },
  "service": { /* standard Service object (spec) */ },
  "endpoints": { /* standard Endpoints object (subsets) */ },
  "error": "string (optional)"
}

      2. get_service_endpoints

      • Description: Return Endpoints object for a Service to verify backend pod availability.
      • Input Schema: 
        {
  "type": "object",
  "properties": {
    "namespace": { "type": "string", "description": "Service namespace" },
    "service": { "type": "string", "description": "Service name" }
  },
  "required": ["namespace", "service"]
}
      • Output Schema: 
        {
  "endpoints": { /* standard Endpoints object */ }
}

      3. get_coredns_config

      • Description: Retrieve the CoreDNS ConfigMap to inspect the Corefile.
      • Input Schema: 
        {
  "type": "object",
  "properties": {
    "namespace": { "type": "string", "description": "Namespace (default: openshift-dns)" },
    "configmap": { "type": "string", "description": "ConfigMap name (default: dns-default)" }
  },
  "required": ["namespace"]
}
      • Output Schema: 
        {
  "configmap": { /* standard ConfigMap object */ },
  "corefile": "string (extracted corefile content)"
}

      4. query_prometheus

      • Description: Run a Prometheus query_range query against the platform monitoring stack.
      • Input Schema: 
        {
  "type": "object",
  "properties": {
    "query": { "type": "string", "description": "PromQL expression" },
    "start": { "type": "string", "description": "RFC3339 timestamp" },
    "end": { "type": "string", "description": "RFC3339 timestamp" },
    "step": { "type": "string", "description": "Step duration (e.g., 30s)" }
  },
  "required": ["query", "start", "end", "step"]
}
      • Output Schema: 
        {
  "status": "success/error",
  "data": {
    "resultType": "matrix/vector",
    "result": [ /* Prometheus result array */ ]
  }
}

      Implementation Steps

      1. If not adopting an existing MCP server project, initialize Go Project:
        • Set up a new Go module/package for the NIDS tools.
        • Import net/http (for MCP), k8s.io/client-go, and controller-runtime (optional, for client convenience).
      2. Implement inspect_route:
        • Logic:
          • Fetch Route object via K8s client.
          • Extract spec.to.name (Service name).
          • Fetch Service object.
          • Fetch Endpoints object for that Service.
      3. Implement get_service_endpoints:
        • Logic: Fetch and return the Endpoints (or EndpointSlice) object.
      4. Implement get_coredns_config:
        • Logic: Fetch the ConfigMap and return the Corefile.
      5. Implement query_prometheus:
        • Logic:
          • Discover the Thanos Querier route (namespace openshift-monitoring).
          • Obtain a Bearer Token (using the pod's ServiceAccount or the running user's context).
          • Execute the query against the Thanos API using a Go net/http client.
      6. Constraint Checklist:
        • No usage of exec.Command("oc", ...) or exec.Command("dig", ...).
        • Must use structured error handling.

      Acceptance Criteria

      • MCP tool inspect_route matches schema and returns Route+Service+Endpoints details.
      • MCP tool get_service_endpoints matches schema.
      • MCP tool get_coredns_config matches schema.
      • MCP tool query_prometheus matches schema and successfully queries.
      • All implementation is native Go (no shell-outs).

              Unassigned Unassigned
              btofelrh Brett Tofel
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: