Mayne0213
b27a1346b1
Major additions: - New Groq agent: YAML Manager - Generates Kubernetes YAML files (Deployment, Service, Ingress) - Organizes YAMLs in folder structure by application - Applies YAMLs directly to cluster using Python K8s client - Shows Git file changes in UI with diff display - YAML Management MCP Tools: - yaml_create_deployment: Create Deployment YAML - yaml_create_service: Create Service YAML - yaml_create_ingress: Create Ingress YAML with TLS - yaml_apply_to_cluster: Apply YAMLs to K8s cluster - git_show_file_changes: Display Git changes in UI - RBAC Permissions: - mas-writer ClusterRole: Write permissions for Groq agents - Create/update/delete permissions for core K8s resources - Namespace and ArgoCD Application management - mas ServiceAccount has both read (viewer) and write (writer) roles - UI Updates: - Added YAML Manager to agent list - Updated agent icons and names (Qwen → Groq) - Display file changes with syntax highlighting - Workflow Integration: - YAML Manager node in LangGraph workflow - Orchestrator routes YAML/K8s keywords to YAML Manager - Tool binding for YAML-specific operations Dependencies: - Added PyYAML==6.0.2 for YAML generation
128 lines
2.5 KiB
YAML
128 lines
2.5 KiB
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: mas
|
|
namespace: mas
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: mas-viewer
|
|
rules:
|
|
# Read-only access to most resources
|
|
- apiGroups: [""]
|
|
resources:
|
|
- pods
|
|
- pods/log
|
|
- services
|
|
- endpoints
|
|
- namespaces
|
|
- nodes
|
|
- persistentvolumeclaims
|
|
- configmaps
|
|
verbs: ["get", "list", "watch"]
|
|
|
|
- apiGroups: ["apps"]
|
|
resources:
|
|
- deployments
|
|
- statefulsets
|
|
- daemonsets
|
|
- replicasets
|
|
verbs: ["get", "list", "watch"]
|
|
|
|
- apiGroups: ["batch"]
|
|
resources:
|
|
- jobs
|
|
- cronjobs
|
|
verbs: ["get", "list", "watch"]
|
|
|
|
- apiGroups: ["networking.k8s.io"]
|
|
resources:
|
|
- ingresses
|
|
verbs: ["get", "list", "watch"]
|
|
|
|
- apiGroups: ["argoproj.io"]
|
|
resources:
|
|
- applications
|
|
verbs: ["get", "list", "watch"]
|
|
|
|
# Describe resources
|
|
- apiGroups: [""]
|
|
resources:
|
|
- pods/status
|
|
- services/status
|
|
verbs: ["get"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: mas-viewer-binding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: mas-viewer
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: mas
|
|
namespace: mas
|
|
---
|
|
# YAML Manager용 write 권한 (Groq 에이전트)
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: mas-writer
|
|
rules:
|
|
# Write access for YAML Manager
|
|
- apiGroups: [""]
|
|
resources:
|
|
- pods
|
|
- services
|
|
- configmaps
|
|
- secrets
|
|
verbs: ["create", "update", "patch", "delete"]
|
|
|
|
- apiGroups: ["apps"]
|
|
resources:
|
|
- deployments
|
|
- statefulsets
|
|
- daemonsets
|
|
- replicasets
|
|
verbs: ["create", "update", "patch", "delete"]
|
|
|
|
- apiGroups: ["networking.k8s.io"]
|
|
resources:
|
|
- ingresses
|
|
verbs: ["create", "update", "patch", "delete"]
|
|
|
|
- apiGroups: ["batch"]
|
|
resources:
|
|
- jobs
|
|
- cronjobs
|
|
verbs: ["create", "update", "patch", "delete"]
|
|
|
|
# Namespace management
|
|
- apiGroups: [""]
|
|
resources:
|
|
- namespaces
|
|
verbs: ["create", "update", "patch"]
|
|
|
|
# ArgoCD Application management
|
|
- apiGroups: ["argoproj.io"]
|
|
resources:
|
|
- applications
|
|
verbs: ["create", "update", "patch", "delete"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: mas-writer-binding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: mas-writer
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: mas
|
|
namespace: mas
|
|
|