{ "description": "MCPServer is the Schema for the mcpservers API", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": [ "string", "null" ] }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": [ "string", "null" ] }, "metadata": { "type": [ "object", "null" ] }, "spec": { "additionalProperties": false, "description": "MCPServerSpec defines the desired state of MCPServer", "properties": { "args": { "description": "Args are additional arguments to pass to the MCP server", "items": { "type": "string" }, "type": [ "array", "null" ], "x-kubernetes-list-type": "atomic" }, "audit": { "additionalProperties": false, "description": "Audit defines audit logging configuration for the MCP server", "properties": { "enabled": { "default": false, "description": "Enabled controls whether audit logging is enabled\nWhen true, enables audit logging with default configuration", "type": [ "boolean", "null" ] } }, "type": [ "object", "null" ] }, "authServerRef": { "additionalProperties": false, "description": "AuthServerRef optionally references a resource that configures an embedded\nOAuth 2.0/OIDC authorization server to authenticate MCP clients.\nCurrently the only supported kind is MCPExternalAuthConfig (type: embeddedAuthServer).", "properties": { "kind": { "default": "MCPExternalAuthConfig", "description": "Kind identifies the type of the referenced resource.", "enum": [ "MCPExternalAuthConfig" ], "type": "string" }, "name": { "description": "Name is the name of the referenced resource in the same namespace.", "minLength": 1, "type": "string" } }, "required": [ "kind", "name" ], "type": [ "object", "null" ] }, "authzConfig": { "additionalProperties": false, "description": "AuthzConfig defines authorization policy configuration for the MCP server", "properties": { "configMap": { "additionalProperties": false, "description": "ConfigMap references a ConfigMap containing authorization configuration\nOnly used when Type is \"configMap\"", "properties": { "key": { "default": "authz.json", "description": "Key is the key in the ConfigMap that contains the authorization configuration", "type": [ "string", "null" ] }, "name": { "description": "Name is the name of the ConfigMap", "type": "string" } }, "required": [ "name" ], "type": [ "object", "null" ] }, "inline": { "additionalProperties": false, "description": "Inline contains direct authorization configuration\nOnly used when Type is \"inline\"", "properties": { "entitiesJson": { "default": "[]", "description": "EntitiesJSON is a JSON string representing Cedar entities", "type": [ "string", "null" ] }, "policies": { "description": "Policies is a list of Cedar policy strings", "items": { "type": "string" }, "minItems": 1, "type": "array", "x-kubernetes-list-type": "atomic" } }, "required": [ "policies" ], "type": [ "object", "null" ] }, "type": { "default": "configMap", "description": "Type is the type of authorization configuration", "enum": [ "configMap", "inline" ], "type": "string" } }, "required": [ "type" ], "type": [ "object", "null" ], "x-kubernetes-validations": [ { "message": "configMap must be set when type is 'configMap', and must not be set otherwise", "rule": "self.type == 'configMap' ? has(self.configMap) : !has(self.configMap)" }, { "message": "inline must be set when type is 'inline', and must not be set otherwise", "rule": "self.type == 'inline' ? has(self.inline) : !has(self.inline)" } ] }, "backendReplicas": { "description": "BackendReplicas is the desired number of MCP server backend pod replicas.\nThis controls the backend Deployment (the MCP server container itself),\nindependent of the proxy runner controlled by Replicas.\nWhen nil, the operator does not set Deployment.Spec.Replicas, leaving replica\nmanagement to an HPA or other external controller.", "format": "int32", "minimum": 0, "type": [ "integer", "null" ] }, "endpointPrefix": { "description": "EndpointPrefix is the path prefix to prepend to SSE endpoint URLs.\nThis is used to handle path-based ingress routing scenarios where the ingress\nstrips a path prefix before forwarding to the backend.", "type": [ "string", "null" ] }, "env": { "description": "Env are environment variables to set in the MCP server container", "items": { "additionalProperties": false, "description": "EnvVar represents an environment variable in a container", "properties": { "name": { "description": "Name of the environment variable", "type": "string" }, "value": { "description": "Value of the environment variable", "type": "string" } }, "required": [ "name", "value" ], "type": "object" }, "type": [ "array", "null" ], "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "externalAuthConfigRef": { "additionalProperties": false, "description": "ExternalAuthConfigRef references a MCPExternalAuthConfig resource for external authentication.\nThe referenced MCPExternalAuthConfig must exist in the same namespace as this MCPServer.", "properties": { "name": { "description": "Name is the name of the MCPExternalAuthConfig resource", "type": "string" } }, "required": [ "name" ], "type": [ "object", "null" ] }, "groupRef": { "additionalProperties": false, "description": "GroupRef references the MCPGroup this server belongs to.\nThe referenced MCPGroup must be in the same namespace.", "properties": { "name": { "description": "Name is the name of the MCPGroup resource in the same namespace", "minLength": 1, "type": "string" } }, "required": [ "name" ], "type": [ "object", "null" ] }, "image": { "description": "Image is the container image for the MCP server", "type": "string" }, "mcpPort": { "description": "MCPPort is the port that MCP server listens to", "format": "int32", "maximum": 65535, "minimum": 1, "type": [ "integer", "null" ] }, "oidcConfigRef": { "additionalProperties": false, "description": "OIDCConfigRef references a shared MCPOIDCConfig resource for OIDC authentication.\nThe referenced MCPOIDCConfig must exist in the same namespace as this MCPServer.\nPer-server overrides (audience, scopes) are specified here; shared provider config\nlives in the MCPOIDCConfig resource.", "properties": { "audience": { "description": "Audience is the expected audience for token validation.\nThis MUST be unique per server to prevent token replay attacks.", "minLength": 1, "type": "string" }, "name": { "description": "Name is the name of the MCPOIDCConfig resource", "minLength": 1, "type": "string" }, "resourceUrl": { "description": "ResourceURL is the public URL for OAuth protected resource metadata (RFC 9728).\nWhen the server is exposed via Ingress or gateway, set this to the external\nURL that MCP clients connect to. If not specified, defaults to the internal\nKubernetes service URL.", "type": [ "string", "null" ] }, "scopes": { "description": "Scopes is the list of OAuth scopes to advertise in the well-known endpoint (RFC 9728).\nIf empty, defaults to [\"openid\"].", "items": { "type": "string" }, "type": [ "array", "null" ], "x-kubernetes-list-type": "atomic" } }, "required": [ "audience", "name" ], "type": [ "object", "null" ] }, "permissionProfile": { "additionalProperties": false, "description": "PermissionProfile defines the permission profile to use", "properties": { "key": { "description": "Key is the key in the ConfigMap that contains the permission profile\nOnly used when Type is \"configmap\"", "type": [ "string", "null" ] }, "name": { "description": "Name is the name of the permission profile\nIf Type is \"builtin\", Name must be one of: \"none\", \"network\"\nIf Type is \"configmap\", Name is the name of the ConfigMap", "type": "string" }, "type": { "default": "builtin", "description": "Type is the type of permission profile reference", "enum": [ "builtin", "configmap" ], "type": "string" } }, "required": [ "name", "type" ], "type": [ "object", "null" ] }, "podTemplateSpec": { "description": "PodTemplateSpec defines the pod template to use for the MCP server\nThis allows for customizing the pod configuration beyond what is provided by the other fields.\nNote that to modify the specific container the MCP server runs in, you must specify\nthe `mcp` container name in the PodTemplateSpec.\nThis field accepts a PodTemplateSpec object as JSON/YAML.", "type": [ "object", "null" ], "x-kubernetes-preserve-unknown-fields": true }, "proxyMode": { "default": "streamable-http", "description": "ProxyMode is the proxy mode for stdio transport (sse or streamable-http)\nThis setting is ONLY applicable when Transport is \"stdio\".\nFor direct transports (sse, streamable-http), this field is ignored.\nThe default value is applied by Kubernetes but will be ignored for non-stdio transports.", "enum": [ "sse", "streamable-http" ], "type": [ "string", "null" ] }, "proxyPort": { "default": 8080, "description": "ProxyPort is the port to expose the proxy runner on", "format": "int32", "maximum": 65535, "minimum": 1, "type": [ "integer", "null" ] }, "rateLimiting": { "additionalProperties": false, "description": "RateLimiting defines rate limiting configuration for the MCP server.\nRequires Redis session storage to be configured for distributed rate limiting.", "properties": { "perUser": { "additionalProperties": false, "description": "PerUser is a token bucket applied independently to each authenticated user\nat the server level. Requires authentication to be enabled.\nEach unique userID creates Redis keys that expire after 2x refillPeriod.\nMemory formula: unique_users_per_TTL_window * (1 + num_tools_with_per_user_limits) keys.", "properties": { "maxTokens": { "description": "MaxTokens is the maximum number of tokens (bucket capacity).\nThis is also the burst size: the maximum number of requests that can be served\ninstantaneously before the bucket is depleted.", "format": "int32", "minimum": 1, "type": "integer" }, "refillPeriod": { "description": "RefillPeriod is the duration to fully refill the bucket from zero to maxTokens.\nThe effective refill rate is maxTokens / refillPeriod tokens per second.\nFormat: Go duration string (e.g., \"1m0s\", \"30s\", \"1h0m0s\").", "type": "string" } }, "required": [ "maxTokens", "refillPeriod" ], "type": [ "object", "null" ] }, "shared": { "additionalProperties": false, "description": "Shared is a token bucket shared across all users for the entire server.", "properties": { "maxTokens": { "description": "MaxTokens is the maximum number of tokens (bucket capacity).\nThis is also the burst size: the maximum number of requests that can be served\ninstantaneously before the bucket is depleted.", "format": "int32", "minimum": 1, "type": "integer" }, "refillPeriod": { "description": "RefillPeriod is the duration to fully refill the bucket from zero to maxTokens.\nThe effective refill rate is maxTokens / refillPeriod tokens per second.\nFormat: Go duration string (e.g., \"1m0s\", \"30s\", \"1h0m0s\").", "type": "string" } }, "required": [ "maxTokens", "refillPeriod" ], "type": [ "object", "null" ] }, "tools": { "description": "Tools defines per-tool rate limit overrides.\nEach entry applies additional rate limits to calls targeting a specific tool name.\nA request must pass both the server-level limit and the per-tool limit.", "items": { "additionalProperties": false, "description": "ToolRateLimitConfig defines rate limits for a specific tool.\nAt least one of shared or perUser must be configured.", "properties": { "name": { "description": "Name is the MCP tool name this limit applies to.", "minLength": 1, "type": "string" }, "perUser": { "additionalProperties": false, "description": "PerUser token bucket configuration for this tool.", "properties": { "maxTokens": { "description": "MaxTokens is the maximum number of tokens (bucket capacity).\nThis is also the burst size: the maximum number of requests that can be served\ninstantaneously before the bucket is depleted.", "format": "int32", "minimum": 1, "type": "integer" }, "refillPeriod": { "description": "RefillPeriod is the duration to fully refill the bucket from zero to maxTokens.\nThe effective refill rate is maxTokens / refillPeriod tokens per second.\nFormat: Go duration string (e.g., \"1m0s\", \"30s\", \"1h0m0s\").", "type": "string" } }, "required": [ "maxTokens", "refillPeriod" ], "type": [ "object", "null" ] }, "shared": { "additionalProperties": false, "description": "Shared token bucket for this specific tool.", "properties": { "maxTokens": { "description": "MaxTokens is the maximum number of tokens (bucket capacity).\nThis is also the burst size: the maximum number of requests that can be served\ninstantaneously before the bucket is depleted.", "format": "int32", "minimum": 1, "type": "integer" }, "refillPeriod": { "description": "RefillPeriod is the duration to fully refill the bucket from zero to maxTokens.\nThe effective refill rate is maxTokens / refillPeriod tokens per second.\nFormat: Go duration string (e.g., \"1m0s\", \"30s\", \"1h0m0s\").", "type": "string" } }, "required": [ "maxTokens", "refillPeriod" ], "type": [ "object", "null" ] } }, "required": [ "name" ], "type": "object", "x-kubernetes-validations": [ { "message": "at least one of shared or perUser must be configured", "rule": "has(self.shared) || has(self.perUser)" } ] }, "type": [ "array", "null" ], "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" } }, "type": [ "object", "null" ], "x-kubernetes-validations": [ { "message": "at least one of shared, perUser, or tools must be configured", "rule": "has(self.shared) || has(self.perUser) || (has(self.tools) \u0026\u0026 size(self.tools) \u003e 0)" } ] }, "replicas": { "description": "Replicas is the desired number of proxy runner (thv run) pod replicas.\nMCPServer creates two separate Deployments: one for the proxy runner and one\nfor the MCP server backend. This field controls the proxy runner Deployment.\nWhen nil, the operator does not set Deployment.Spec.Replicas, leaving replica\nmanagement to an HPA or other external controller.", "format": "int32", "minimum": 0, "type": [ "integer", "null" ] }, "resourceOverrides": { "additionalProperties": false, "description": "ResourceOverrides allows overriding annotations and labels for resources created by the operator", "properties": { "proxyDeployment": { "additionalProperties": false, "description": "ProxyDeployment defines overrides for the Proxy Deployment resource (toolhive proxy)", "properties": { "annotations": { "additionalProperties": { "type": "string" }, "description": "Annotations to add or override on the resource", "type": [ "object", "null" ] }, "env": { "description": "Env are environment variables to set in the proxy container (thv run process)\nThese affect the toolhive proxy itself, not the MCP server it manages\nUse TOOLHIVE_DEBUG=true to enable debug logging in the proxy", "items": { "additionalProperties": false, "description": "EnvVar represents an environment variable in a container", "properties": { "name": { "description": "Name of the environment variable", "type": "string" }, "value": { "description": "Value of the environment variable", "type": "string" } }, "required": [ "name", "value" ], "type": "object" }, "type": [ "array", "null" ], "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "imagePullSecrets": { "description": "ImagePullSecrets allows specifying image pull secrets for the proxy runner\nThese are applied to both the Deployment and the ServiceAccount", "items": { "additionalProperties": false, "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "properties": { "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": [ "string", "null" ] } }, "type": "object", "x-kubernetes-map-type": "atomic" }, "type": [ "array", "null" ], "x-kubernetes-list-type": "atomic" }, "labels": { "additionalProperties": { "type": "string" }, "description": "Labels to add or override on the resource", "type": [ "object", "null" ] }, "podTemplateMetadataOverrides": { "additionalProperties": false, "description": "ResourceMetadataOverrides defines metadata overrides for a resource", "properties": { "annotations": { "additionalProperties": { "type": "string" }, "description": "Annotations to add or override on the resource", "type": [ "object", "null" ] }, "labels": { "additionalProperties": { "type": "string" }, "description": "Labels to add or override on the resource", "type": [ "object", "null" ] } }, "type": [ "object", "null" ] } }, "type": [ "object", "null" ] }, "proxyService": { "additionalProperties": false, "description": "ProxyService defines overrides for the Proxy Service resource (points to the proxy deployment)", "properties": { "annotations": { "additionalProperties": { "type": "string" }, "description": "Annotations to add or override on the resource", "type": [ "object", "null" ] }, "labels": { "additionalProperties": { "type": "string" }, "description": "Labels to add or override on the resource", "type": [ "object", "null" ] } }, "type": [ "object", "null" ] } }, "type": [ "object", "null" ] }, "resources": { "additionalProperties": false, "description": "Resources defines the resource requirements for the MCP server container", "properties": { "limits": { "additionalProperties": false, "description": "Limits describes the maximum amount of compute resources allowed", "properties": { "cpu": { "description": "CPU is the CPU limit in cores (e.g., \"500m\" for 0.5 cores)", "type": [ "string", "null" ] }, "memory": { "description": "Memory is the memory limit in bytes (e.g., \"64Mi\" for 64 megabytes)", "type": [ "string", "null" ] } }, "type": [ "object", "null" ] }, "requests": { "additionalProperties": false, "description": "Requests describes the minimum amount of compute resources required", "properties": { "cpu": { "description": "CPU is the CPU limit in cores (e.g., \"500m\" for 0.5 cores)", "type": [ "string", "null" ] }, "memory": { "description": "Memory is the memory limit in bytes (e.g., \"64Mi\" for 64 megabytes)", "type": [ "string", "null" ] } }, "type": [ "object", "null" ] } }, "type": [ "object", "null" ] }, "secrets": { "description": "Secrets are references to secrets to mount in the MCP server container", "items": { "additionalProperties": false, "description": "SecretRef is a reference to a secret", "properties": { "key": { "description": "Key is the key in the secret itself", "type": "string" }, "name": { "description": "Name is the name of the secret", "type": "string" }, "targetEnvName": { "description": "TargetEnvName is the environment variable to be used when setting up the secret in the MCP server\nIf left unspecified, it defaults to the key", "type": [ "string", "null" ] } }, "required": [ "key", "name" ], "type": "object" }, "type": [ "array", "null" ], "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "serviceAccount": { "description": "ServiceAccount is the name of an already existing service account to use by the MCP server.\nIf not specified, a ServiceAccount will be created automatically and used by the MCP server.", "type": [ "string", "null" ] }, "sessionAffinity": { "default": "ClientIP", "description": "SessionAffinity controls whether the Service routes repeated client connections to the same pod.\nMCP protocols (SSE, streamable-http) are stateful, so ClientIP is the default.\nSet to \"None\" for stateless servers or when using an external load balancer with its own affinity.", "enum": [ "ClientIP", "None" ], "type": [ "string", "null" ] }, "sessionStorage": { "additionalProperties": false, "description": "SessionStorage configures session storage for stateful horizontal scaling.\nWhen nil, no session storage is configured.", "properties": { "address": { "description": "Address is the Redis server address (required when provider is redis)", "minLength": 1, "type": [ "string", "null" ] }, "db": { "default": 0, "description": "DB is the Redis database number", "format": "int32", "minimum": 0, "type": [ "integer", "null" ] }, "keyPrefix": { "description": "KeyPrefix is an optional prefix for all Redis keys used by ToolHive", "type": [ "string", "null" ] }, "passwordRef": { "additionalProperties": false, "description": "PasswordRef is a reference to a Secret key containing the Redis password", "properties": { "key": { "description": "Key is the key within the secret", "type": "string" }, "name": { "description": "Name is the name of the secret", "type": "string" } }, "required": [ "key", "name" ], "type": [ "object", "null" ] }, "provider": { "description": "Provider is the session storage backend type", "enum": [ "memory", "redis" ], "type": "string" } }, "required": [ "provider" ], "type": [ "object", "null" ], "x-kubernetes-validations": [ { "message": "address is required", "rule": "self.provider == 'redis' ? has(self.address) : true" } ] }, "telemetryConfigRef": { "additionalProperties": false, "description": "TelemetryConfigRef references an MCPTelemetryConfig resource for shared telemetry configuration.\nThe referenced MCPTelemetryConfig must exist in the same namespace as this MCPServer.\nCross-namespace references are not supported for security and isolation reasons.", "properties": { "name": { "description": "Name is the name of the MCPTelemetryConfig resource", "minLength": 1, "type": "string" }, "serviceName": { "description": "ServiceName overrides the telemetry service name for this specific server.\nThis MUST be unique per server for proper observability (e.g., distinguishing\ntraces and metrics from different servers sharing the same collector).\nIf empty, defaults to the server name with \"thv-\" prefix at runtime.", "type": [ "string", "null" ] } }, "required": [ "name" ], "type": [ "object", "null" ] }, "toolConfigRef": { "additionalProperties": false, "description": "ToolConfigRef references a MCPToolConfig resource for tool filtering and renaming.\nThe referenced MCPToolConfig must exist in the same namespace as this MCPServer.\nCross-namespace references are not supported for security and isolation reasons.", "properties": { "name": { "description": "Name is the name of the MCPToolConfig resource in the same namespace", "type": "string" } }, "required": [ "name" ], "type": [ "object", "null" ] }, "transport": { "default": "stdio", "description": "Transport is the transport method for the MCP server (stdio, streamable-http or sse)", "enum": [ "stdio", "streamable-http", "sse" ], "type": [ "string", "null" ] }, "trustProxyHeaders": { "default": false, "description": "TrustProxyHeaders indicates whether to trust X-Forwarded-* headers from reverse proxies\nWhen enabled, the proxy will use X-Forwarded-Proto, X-Forwarded-Host, X-Forwarded-Port,\nand X-Forwarded-Prefix headers to construct endpoint URLs", "type": [ "boolean", "null" ] }, "volumes": { "description": "Volumes are volumes to mount in the MCP server container", "items": { "additionalProperties": false, "description": "Volume represents a volume to mount in a container", "properties": { "hostPath": { "description": "HostPath is the path on the host to mount", "type": "string" }, "mountPath": { "description": "MountPath is the path in the container to mount to", "type": "string" }, "name": { "description": "Name is the name of the volume", "type": "string" }, "readOnly": { "default": false, "description": "ReadOnly specifies whether the volume should be mounted read-only", "type": [ "boolean", "null" ] } }, "required": [ "hostPath", "mountPath", "name" ], "type": "object" }, "type": [ "array", "null" ], "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" } }, "required": [ "image" ], "type": [ "object", "null" ], "x-kubernetes-validations": [ { "message": "rateLimiting requires sessionStorage with provider 'redis'", "rule": "!has(self.rateLimiting) || (has(self.sessionStorage) \u0026\u0026 self.sessionStorage.provider == 'redis')" }, { "message": "rateLimiting.perUser requires authentication (oidcConfigRef or externalAuthConfigRef)", "rule": "!(has(self.rateLimiting) \u0026\u0026 has(self.rateLimiting.perUser)) || has(self.oidcConfigRef) || has(self.externalAuthConfigRef)" }, { "message": "per-tool perUser rate limiting requires authentication (oidcConfigRef or externalAuthConfigRef)", "rule": "!has(self.rateLimiting) || !has(self.rateLimiting.tools) || self.rateLimiting.tools.all(t, !has(t.perUser)) || has(self.oidcConfigRef) || has(self.externalAuthConfigRef)" } ] }, "status": { "additionalProperties": false, "description": "MCPServerStatus defines the observed state of MCPServer", "properties": { "authServerConfigHash": { "description": "AuthServerConfigHash is the hash of the referenced authServerRef spec,\nused to detect configuration changes and trigger reconciliation.", "type": [ "string", "null" ] }, "conditions": { "description": "Conditions represent the latest available observations of the MCPServer's state", "items": { "additionalProperties": false, "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { "lastTransitionTime": { "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", "maxLength": 32768, "type": "string" }, "observedGeneration": { "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "minimum": 0, "type": [ "integer", "null" ] }, "reason": { "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", "type": "string" }, "status": { "description": "status of the condition, one of True, False, Unknown.", "enum": [ "True", "False", "Unknown" ], "type": "string" }, "type": { "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" } }, "required": [ "lastTransitionTime", "message", "reason", "status", "type" ], "type": "object" }, "type": [ "array", "null" ], "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, "externalAuthConfigHash": { "description": "ExternalAuthConfigHash is the hash of the referenced MCPExternalAuthConfig spec", "type": [ "string", "null" ] }, "message": { "description": "Message provides additional information about the current phase", "type": [ "string", "null" ] }, "observedGeneration": { "description": "ObservedGeneration reflects the generation most recently observed by the controller", "format": "int64", "type": [ "integer", "null" ] }, "oidcConfigHash": { "description": "OIDCConfigHash is the hash of the referenced MCPOIDCConfig spec for change detection", "type": [ "string", "null" ] }, "phase": { "description": "Phase is the current phase of the MCPServer", "enum": [ "Pending", "Ready", "Failed", "Terminating", "Stopped" ], "type": [ "string", "null" ] }, "readyReplicas": { "description": "ReadyReplicas is the number of ready proxy replicas", "format": "int32", "type": [ "integer", "null" ] }, "telemetryConfigHash": { "description": "TelemetryConfigHash is the hash of the referenced MCPTelemetryConfig spec for change detection", "type": [ "string", "null" ] }, "toolConfigHash": { "description": "ToolConfigHash stores the hash of the referenced ToolConfig for change detection", "type": [ "string", "null" ] }, "url": { "description": "URL is the URL where the MCP server can be accessed", "type": [ "string", "null" ] } }, "type": [ "object", "null" ] } }, "type": "object" }