The Service analyzer dereferenced EndpointAddress.TargetRef while building
the not-ready pod list, but TargetRef is optional and can be nil for
addresses not backed by a Pod (bare-IP or manually created Endpoints).
A single such address panicked the whole analyze run with a nil pointer
dereference. Only append the pod label when TargetRef is set; the address
is still counted so the failure message is unchanged. Adds a regression
test covering a not-ready address with no TargetRef.
Signed-off-by: Anas Khan <83116240+anxkhn@users.noreply.github.com>
Co-authored-by: Alex Jones <1235925+AlexsJones@users.noreply.github.com>
The Gateway and GatewayClass analyzers indexed Status.Conditions[0]
without a length check. A Gateway or GatewayClass with empty
Status.Conditions (newly created, or no controller installed) panics
the whole analyze run with 'index out of range [0] with length 0'.
Guard both accesses with a length check, mirroring the existing PDB
analyzer (pkg/analyzer/pdb.go). Add a unit test for each analyzer that
exercises the empty-conditions path.
Signed-off-by: Anas Khan <83116240+anxkhn@users.noreply.github.com>
Co-authored-by: Alex Jones <1235925+AlexsJones@users.noreply.github.com>
A pod with non-empty .spec.schedulingGates stays in the Pending phase
with a PodScheduled condition of Status=False, Reason=SchedulingGated.
The pod analyzer only matched the Unschedulable reason, so a gated pod
fell through every branch and was reported as having no problems.
Add a sibling check on the PodScheduled condition for the
SchedulingGated reason. Gated pods commonly carry an empty condition
message, so emit a default message naming the pod when none is present
and surface the condition message otherwise, mirroring how the
Unschedulable branch reports.
This is the residual half of #1474; the suspended Job/CronJob half is
already handled in job.go and cronjob.go.
Signed-off-by: Anas Khan <83116240+anxkhn@users.noreply.github.com>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Three Foxes (in a Trenchcoat) <threefoxesyes3inatrenchcoat@gmail.com>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Three Foxes (in a Trenchcoat) <threefoxesyes3inatrenchcoat@gmail.com>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Three Foxes (in a Trenchcoat) <threefoxesyes3inatrenchcoat@gmail.com>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Three Foxes (in a Trenchcoat) <threefoxesyes3inatrenchcoat@gmail.com>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Three Foxes (in a Trenchcoat) <threefoxesyes3inatrenchcoat@gmail.com>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Three Foxes (in a Trenchcoat) <threefoxesyes3inatrenchcoat@gmail.com>
* fix(deps): update module github.com/olekukonko/tablewriter to v1
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* fix(cache): migrate to tablewriter v1 API
tablewriter v1 replaces SetHeader with Header and makes Append/Render
return errors. Update cmd/cache/list.go accordingly to fix the build.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Alex Jones <axjns@example.com>
---------
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Alex Jones <axjns@example.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Alex Jones <axjns@example.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Implement the Anthropic backend client for Claude models, including:
- AnthropicClient with Configure/GetCompletion/GetName methods
- Proxy, custom headers, and base URL support
- Default model (claude-3-5-sonnet-latest) fallback in auth add command
- Unit tests with httptest mock server
Signed-off-by: Alex <alexsimonjones@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
FOSSA is not a CNCF requirement for sandbox projects. The badge/check
was failing on unrelated third-party licenses with no actionable items
for the k8sgpt maintainers.
Changes:
- Removed FOSSA shield badge from README header
- Removed FOSSA large badge from the License section
- Removed section heading (was only used for the FOSSA badge)
- Removed License entry from the TOC
The project is still licensed under Apache 2.0 (badge and LICENSE file unchanged).
Signed-off-by: Three Foxes (in a Trenchcoat) <threefoxesyes3inatrenchcoat@gmail.com>
- Add .github/ISSUE_TEMPLATE/ (bug_report, feature_request, config)
- Add MAINTAINERS.md with maintainer list and roles
- Add GOVERNANCE.md with decision-making, lifecycle, vendor neutrality
- Add ADOPTERS.md with adopter collection template
- Add ROADMAP.md with current focus areas and planned initiatives
- Add INTEGRATIONS.md with CNCF, AI provider, and tool integrations
- Add RELEASE.md documenting automated release process
Part of CNCF incubation preparation tracking issue #1641
Signed-off-by: Alex Jones <axjns@example.com>
Co-authored-by: Alex Jones <axjns@example.com>
- Add detection for dynamically loaded ConfigMaps (Grafana sidecar)
- Support grafana_dashboard and grafana_datasource labels
- Support prometheus_rule and fluentd_config labels
- Add k8sgpt.ai/dynamically-loaded label for custom patterns
- Add k8sgpt.ai/skip-usage-check annotation to opt-out
- Add comprehensive test cases for sidecar patterns
Fixes false positives where ConfigMaps loaded dynamically by sidecar
containers (via Kubernetes API watches with label selectors) were
incorrectly flagged as unused.
Tested on production cluster with kube-prometheus-stack:
- Before: 29 ConfigMaps incorrectly flagged as unused
- After: No false positives (29 eliminated - 100% reduction)
Signed-off-by: sqautboy <migonyoung01@gmail.com>
Co-authored-by: Alex Jones <1235925+AlexsJones@users.noreply.github.com>
* fix: recognize GKE built-in ingress classes 'gce' and 'gce-internal'
Skip IngressClass existence validation for GKE's built-in ingress classes
that work without an explicit IngressClass resource in the cluster.
This fixes false positive errors when using 'gce' or 'gce-internal'
ingress class on GKE.
Closes#849
Signed-off-by: majiayu000 <1835304752@qq.com>
* chore: trigger CI re-run
Signed-off-by: majiayu000 <1835304752@qq.com>
---------
Signed-off-by: majiayu000 <1835304752@qq.com>
* feat(serve): add short flag and env var for metrics port
Add short flag -m for --metrics-port to improve discoverability.
Add K8SGPT_METRICS_PORT environment variable support, consistent
with other K8SGPT_* environment variables.
This helps users who encounter port conflicts on the default
metrics port (8081) when running k8sgpt serve with --mcp or
other configurations.
Signed-off-by: Three Foxes (in a Trenchcoat) <threefoxes53235@gmail.com>
Signed-off-by: Three Foxes (in a Trenchcoat) <threefoxesyes3inatrenchcoat@gmail.com>
* fix: validate namespace before running custom analyzers
Custom analyzers previously ignored the --namespace flag entirely,
executing even when an invalid or misspelled namespace was provided.
This was inconsistent with built-in filter behavior, which respects
namespace scoping.
Add namespace existence validation in RunCustomAnalysis() before
executing custom analyzers. If a namespace is specified but does
not exist, an error is reported and custom analyzers are skipped.
Fixes#1601
Signed-off-by: Three Foxes (in a Trenchcoat) <threefoxes53235@gmail.com>
Signed-off-by: Three Foxes (in a Trenchcoat) <threefoxesyes3inatrenchcoat@gmail.com>
---------
Signed-off-by: Three Foxes (in a Trenchcoat) <threefoxes53235@gmail.com>
Signed-off-by: Three Foxes (in a Trenchcoat) <threefoxesyes3inatrenchcoat@gmail.com>
Co-authored-by: Alex Jones <1235925+AlexsJones@users.noreply.github.com>
Add short flag -m for --metrics-port to improve discoverability.
Add K8SGPT_METRICS_PORT environment variable support, consistent
with other K8SGPT_* environment variables.
This helps users who encounter port conflicts on the default
metrics port (8081) when running k8sgpt serve with --mcp or
other configurations.
Signed-off-by: Three Foxes (in a Trenchcoat) <threefoxes53235@gmail.com>
Signed-off-by: Three Foxes (in a Trenchcoat) <threefoxesyes3inatrenchcoat@gmail.com>
This fixes issue #1556 where the customrest backend fails when error messages
contain quotes or other special characters.
The root cause was that fmt.Sprintf was used to construct JSON, which doesn't
escape special characters like quotes, newlines, or tabs. When Kubernetes error
messages contain image names with quotes (e.g., "nginx:1.a.b.c"), the resulting
JSON was malformed and failed to parse.
The fix uses json.Marshal to properly construct the JSON payload, which
automatically handles all special character escaping according to JSON spec.
Fixes#1556
Signed-off-by: Three Foxes (in a Trenchcoat) <threefoxes53235@gmail.com>
Co-authored-by: Three Foxes (in a Trenchcoat) <threefoxes53235@gmail.com>
* refactor: improve MCP server handlers with better error handling and pagination
This PR refactors the MCP server handler functions to improve code quality,
maintainability, and user experience.
## Key Improvements
### 1. Eliminated Code Duplication
- Introduced a **resource registry pattern** that maps resource types to their
list and get functions
- Reduced ~500 lines of repetitive switch-case statements to ~100 lines of
declarative registry configuration
- Makes adding new resource types trivial (just add to the registry)
### 2. Proper Error Handling
- Fixed all ignored JSON marshaling errors (previously using `_`)
- Added `marshalJSON()` helper function with explicit error handling
- Improved error messages with context about what failed
### 3. Input Validation
- Added required field validation (resourceType, name, namespace where needed)
- Returns clear error messages when required fields are missing
- Validates resource types before attempting operations
### 4. Pagination Support
- Added `limit` parameter to `list-resources` handler
- Defaults to 100 items, max 1000 (configurable via constants)
- Prevents returning massive amounts of data that could overwhelm clients
- Consistent with `list-events` handler which already had limits
### 5. Resource Type Normalization
- Added `normalizeResourceType()` function to handle aliases (pods->pod, svc->service, etc.)
- Centralized resource type validation
- Better error messages listing supported resource types
### 6. Improved Filter Management
- Added validation to ensure filters array is not empty
- Better feedback messages (e.g., "filters already active", "no filters removed")
- Tracks which filters were actually added/removed
## Technical Details
**Constants Added:**
- `DefaultListLimit = 100` - Default max resources to return
- `MaxListLimit = 1000` - Hard limit for list operations
**New Functions:**
- `normalizeResourceType()` - Converts aliases to canonical types
- `marshalJSON()` - Marshals with proper error handling
**Registry Pattern:**
- `resourceRegistry` - Maps resource types to list/get functions
- `resourceTypeAliases` - Maps aliases to canonical types
## Backward Compatibility
All changes are backward compatible:
- No API changes to tool signatures
- Existing clients will work without modification
- New `limit` parameter is optional (defaults to 100)
## Testing
Tested with:
- All resource types (pods, deployments, services, nodes, etc.)
- Various aliases (svc, cm, pvc, sts, ds, rs)
- Edge cases (missing required fields, invalid resource types)
- Large result sets (pagination working correctly)
Fixes code duplication and improves maintainability of the MCP server.
Signed-off-by: Three Foxes (in a Trenchcoat) <threefoxes53235@gmail.com>
* fix: remove duplicate mcp_handlers_old.go file causing build failures
The old handlers file was accidentally left in place after refactoring,
causing 'redeclared' errors for all handler methods. This commit removes
the old file to resolve the build failures.
Signed-off-by: Three Foxes (in a Trenchcoat) <threefoxes53235@gmail.com>
---------
Signed-off-by: Three Foxes (in a Trenchcoat) <threefoxes53235@gmail.com>
Co-authored-by: Three Foxes (in a Trenchcoat) <threefoxes53235@gmail.com>
Co-authored-by: Alex Jones <1235925+AlexsJones@users.noreply.github.com>
Fixes#1610
The CI workflows were using inconsistent Go versions (1.22, 1.23) that
didn't match go.mod (go 1.24.1, toolchain go1.24.11). This creates
confusion for contributors and risks version-specific issues.
Changes:
- test.yaml: GO_VERSION ~1.22 -> ~1.24
- build_container.yaml: GO_VERSION ~1.23 -> ~1.24
- release.yaml: go-version 1.22 -> ~1.24
This aligns with PR #1609 which updates CONTRIBUTING.md to reflect
go.mod's Go 1.24 requirement.
Signed-off-by: Three Foxes (in a Trenchcoat) <threefoxes53235@gmail.com>
Co-authored-by: Three Foxes (in a Trenchcoat) <threefoxes53235@gmail.com>