Skip to content

Implement MCPTelemetryConfig Controller #4264

Closed
Task 📋
Closed
Implement MCPTelemetryConfig Controller#4264
Task 📋
Labels
enhancementNew feature or requestkubernetesItems related to Kubernetesoperatortelemetry
@ChrisJBurns

Description

@ChrisJBurns
ChrisJBurns
opened on Mar 19, 2026

Description

Implement the controller for MCPTelemetryConfig following the same pattern as the MCPOIDCConfig controller. The controller handles validation, config hash computation, finalizer management, reference tracking with structured WorkloadReference, and deletion protection.

Controller Responsibilities

  1. Finalizer management: mcptelemetryconfig.toolhive.stacklok.dev/finalizer
  2. Validation: Validate spec (endpoint requires tracing or metrics, sensitive header overlap with plaintext headers, empty names/keys)
  3. Config hash: SHA-256 hash of spec for change detection
  4. Reference tracking: Scan MCPServer for spec.telemetryConfigRef.name == this.name. Store as status.referencingWorkloads[] with shared WorkloadReference{Kind, Name} (namespace is implicit)
  5. Deletion protection: Block finalizer removal while referencingWorkloads is non-empty
  6. Status conditions: Set Valid condition based on spec validation
  7. Watches: MCPServer via EnqueueRequestsFromMapFunc to update reference tracking

Status Structure

type MCPTelemetryConfigStatus struct {
    Conditions           []metav1.Condition  `json:"conditions,omitempty"`
    ObservedGeneration   int64               `json:"observedGeneration,omitempty"`
    ConfigHash           string              `json:"configHash,omitempty"`
    ReferencingWorkloads []WorkloadReference  `json:"referencingWorkloads,omitempty"`
}

// WorkloadReference is shared across CRDs (defined in mcpoidcconfig_types.go)
type WorkloadReference struct {
    Kind string `json:"kind"` // MCPServer, VirtualMCPServer, MCPRemoteProxy
    Name string `json:"name"`
}

Phase 2 Enhancements (follow-up PRs)

  • Ready condition (requires Secret resolution for sensitiveHeaders)
  • Secret watches for sensitiveHeaders change detection
  • Cascade annotations on referencing workloads
  • MCPRemoteEndpoint reference tracking (when CRD lands)

Acceptance Criteria

  • Controller registered and reconciles MCPTelemetryConfig resources
  • Finalizer lifecycle matches MCPOIDCConfig pattern
  • status.referencingWorkloads tracks MCPServer references with shared WorkloadReference (Kind + Name)
  • status.configHash computed from spec
  • Deletion blocked while references exist
  • Watches registered for MCPServer
  • RBAC markers added
  • Unit tests cover happy path, error paths, validation, reference tracking, deletion protection
  • Integration tests cover reference lifecycle and deletion protection
  • All tests pass

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestkubernetesItems related to Kubernetesoperatortelemetry

    Type

    Task 📋

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions