← Back to index Esc
Kind
MCPWebhookConfig
Group
toolhive.stacklok.dev
Version
v1alpha1
apiVersion: toolhive.stacklok.dev/v1alpha1 kind: MCPWebhookConfig metadata: name: example
Tip: use .spec.mutating for path-only search
View raw schema
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata object
spec object
MCPWebhookConfigSpec defines the desired state of MCPWebhookConfig
mutating []object
Mutating webhooks are called to transform MCP requests before processing.
failurePolicy string
FailurePolicy defines how to handle errors when communicating with the webhook. Supported values: "fail", "ignore". Defaults to "fail".
enum: fail, ignore
hmacSecretRef object
HMACSecretRef references a Kubernetes Secret containing the HMAC signing key used to sign the webhook payload. If set, the X-Toolhive-Signature header will be injected.
key string required
Key is the key within the secret
name string required
Name is the name of the secret
name string required
Name is a unique identifier for this webhook
minLength: 1
maxLength: 63
timeout string
Timeout configures the maximum time to wait for the webhook to respond. Defaults to 10s if not specified. Maximum is 30s.
format: duration
tlsConfig object
TLSConfig contains optional TLS configuration for the webhook connection.
caSecretRef object
CASecretRef references a Secret containing the CA certificate bundle used to verify the webhook server's certificate. Contains a bundle of PEM-encoded X.509 certificates.
key string required
Key is the key within the secret
name string required
Name is the name of the secret
clientCertSecretRef object
ClientCertSecretRef references a Secret containing the client certificate for mTLS authentication. The referenced key must contain a PEM-encoded client certificate. Use ClientKeySecretRef to provide the corresponding private key.
key string required
Key is the key within the secret
name string required
Name is the name of the secret
clientKeySecretRef object
ClientKeySecretRef references a Secret containing the private key for the client certificate. Required when ClientCertSecretRef is set to enable mTLS.
key string required
Key is the key within the secret
name string required
Name is the name of the secret
insecureSkipVerify boolean
InsecureSkipVerify disables server certificate verification. WARNING: This should only be used for development/testing and not in production environments.
url string required
URL is the endpoint to call for this webhook. Must be an HTTP/HTTPS URL.
format: uri
validating []object
Validating webhooks are called to approve or deny MCP requests.
failurePolicy string
FailurePolicy defines how to handle errors when communicating with the webhook. Supported values: "fail", "ignore". Defaults to "fail".
enum: fail, ignore
hmacSecretRef object
HMACSecretRef references a Kubernetes Secret containing the HMAC signing key used to sign the webhook payload. If set, the X-Toolhive-Signature header will be injected.
key string required
Key is the key within the secret
name string required
Name is the name of the secret
name string required
Name is a unique identifier for this webhook
minLength: 1
maxLength: 63
timeout string
Timeout configures the maximum time to wait for the webhook to respond. Defaults to 10s if not specified. Maximum is 30s.
format: duration
tlsConfig object
TLSConfig contains optional TLS configuration for the webhook connection.
caSecretRef object
CASecretRef references a Secret containing the CA certificate bundle used to verify the webhook server's certificate. Contains a bundle of PEM-encoded X.509 certificates.
key string required
Key is the key within the secret
name string required
Name is the name of the secret
clientCertSecretRef object
ClientCertSecretRef references a Secret containing the client certificate for mTLS authentication. The referenced key must contain a PEM-encoded client certificate. Use ClientKeySecretRef to provide the corresponding private key.
key string required
Key is the key within the secret
name string required
Name is the name of the secret
clientKeySecretRef object
ClientKeySecretRef references a Secret containing the private key for the client certificate. Required when ClientCertSecretRef is set to enable mTLS.
key string required
Key is the key within the secret
name string required
Name is the name of the secret
insecureSkipVerify boolean
InsecureSkipVerify disables server certificate verification. WARNING: This should only be used for development/testing and not in production environments.
url string required
URL is the endpoint to call for this webhook. Must be an HTTP/HTTPS URL.
format: uri
status object
MCPWebhookConfigStatus defines the observed state of MCPWebhookConfig
conditions []object
Conditions represent the latest available observations
lastTransitionTime string required
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
message string required
message is a human readable message indicating details about the transition. This may be an empty string.
maxLength: 32768
observedGeneration integer
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
format: int64
minimum: 0
reason string required
reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
minLength: 1
maxLength: 1024
status string required
status of the condition, one of True, False, Unknown.
enum: True, False, Unknown
type string required
type of condition in CamelCase or in foo.example.com/CamelCase.
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
maxLength: 316
configHash string
ConfigHash is a hash of the spec, used for detecting changes
observedGeneration integer
ObservedGeneration is the last observed generation corresponding to the current status
format: int64
referencingWorkloads []object
ReferencingWorkloads is a list of workload resources that reference this MCPWebhookConfig. Each entry identifies the workload by kind and name.
kind string required
Kind is the type of workload resource
enum: MCPServer, VirtualMCPServer, MCPRemoteProxy
name string required
Name is the name of the workload resource
minLength: 1

No matches. Try .spec.mutating for an exact path

Copied!