OAPE-392: Adds toolset to manage External Secrets Operator

[bharath-b-rh]

Add External Secrets Operator toolset for Red Hat OpenShift

Description

This PR adds a new external-secrets toolset to the Kubernetes MCP Server, providing comprehensive support for managing the External Secrets Operator for Red Hat OpenShift.

The External Secrets Operator synchronizes secrets from external secret management systems (AWS Secrets Manager, HashiCorp Vault, Google Cloud Secret Manager, Azure Key Vault, etc.) into Kubernetes Secrets.

Features

Operator Lifecycle Management

• external_secrets_operator_install - Install the operator via OLM (Operator Lifecycle Manager)
• external_secrets_operator_status - Check operator installation status (Subscription, CSV, deployments)
• external_secrets_operator_uninstall - Uninstall the operator
• external_secrets_config_get - Get ExternalSecretsConfig resource
• external_secrets_config_apply - Apply/update ExternalSecretsConfig

SecretStore Management

• external_secrets_store_list - List SecretStores/ClusterSecretStores
• external_secrets_store_get - Get store details
• external_secrets_store_create - Create/update stores
• external_secrets_store_delete - Delete stores
• external_secrets_store_validate - Validate store health and capabilities

ExternalSecret Management

• external_secrets_list - List ExternalSecrets/ClusterExternalSecrets
• external_secrets_get - Get secret details
• external_secrets_create - Create/update external secrets
• external_secrets_delete - Delete external secrets
• external_secrets_sync_status - Check synchronization status
• external_secrets_refresh - Trigger immediate refresh from provider

Debugging & Monitoring

• external_secrets_debug - Comprehensive debugging (operator status, store validation, sync status, events, logs)
• external_secrets_events - View related Kubernetes events
• external_secrets_logs - Get operator pod logs
• external_secrets_health - Quick health check summary

Built-in Documentation

• external_secrets_guide - Provider-specific examples and best practices for AWS, GCP, Azure, Vault, Kubernetes providers, troubleshooting, and security

Usage

Enable the toolset with:
kubernetes-mcp-server --toolsets core,config,helm,external-secrets Or in MCP client configuration:

{
  "mcpServers": {
    "kubernetes": {
      "command": "npx",
      "args": ["-y", "kubernetes-mcp-server@latest", "--toolsets", "core,config,helm,external-secrets"]
    }
  }
}

[openshift-ci-robot]

@bharath-b-rh: This pull request references OAPE-392 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Add External Secrets Operator toolset for Red Hat OpenShift

Description

This PR adds a new external-secrets toolset to the Kubernetes MCP Server, providing comprehensive support for managing the External Secrets Operator for Red Hat OpenShift.

The External Secrets Operator synchronizes secrets from external secret management systems (AWS Secrets Manager, HashiCorp Vault, Google Cloud Secret Manager, Azure Key Vault, etc.) into Kubernetes Secrets.

Features

Operator Lifecycle Management

• external_secrets_operator_install - Install the operator via OLM (Operator Lifecycle Manager)
• external_secrets_operator_status - Check operator installation status (Subscription, CSV, deployments)
• external_secrets_operator_uninstall - Uninstall the operator
• external_secrets_config_get - Get ExternalSecretsConfig resource
• external_secrets_config_apply - Apply/update ExternalSecretsConfig

SecretStore Management

• external_secrets_store_list - List SecretStores/ClusterSecretStores
• external_secrets_store_get - Get store details
• external_secrets_store_create - Create/update stores
• external_secrets_store_delete - Delete stores
• external_secrets_store_validate - Validate store health and capabilities

ExternalSecret Management

• external_secrets_list - List ExternalSecrets/ClusterExternalSecrets
• external_secrets_get - Get secret details
• external_secrets_create - Create/update external secrets
• external_secrets_delete - Delete external secrets
• external_secrets_sync_status - Check synchronization status
• external_secrets_refresh - Trigger immediate refresh from provider

Debugging & Monitoring

• external_secrets_debug - Comprehensive debugging (operator status, store validation, sync status, events, logs)
• external_secrets_events - View related Kubernetes events
• external_secrets_logs - Get operator pod logs
• external_secrets_health - Quick health check summary

Built-in Documentation

• external_secrets_guide - Provider-specific examples and best practices for AWS, GCP, Azure, Vault, Kubernetes providers, troubleshooting, and security

Usage

Enable the toolset with:
kubernetes-mcp-server --toolsets core,config,helm,external-secrets Or in MCP client configuration:

{
 "mcpServers": {
   "kubernetes": {
     "command": "npx",
     "args": ["-y", "kubernetes-mcp-server@latest", "--toolsets", "core,config,helm,external-secrets"]
   }
 }
}

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: bharath-b-rh
Once this PR has been reviewed and has the lgtm label, please assign matzew for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-merge-robot]

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.