Skip to content

Add inline authorization example for MCPServer#948

Merged
danbarr merged 3 commits into
mainfrom
docs-k8s-inline-authz
Jun 18, 2026
Merged

Add inline authorization example for MCPServer#948
danbarr merged 3 commits into
mainfrom
docs-k8s-inline-authz

Conversation

@danbarr

@danbarr danbarr commented Jun 16, 2026

Copy link
Copy Markdown
Collaborator

Description

Adds an inline Cedar authorization example for MCPServer in auth-k8s.mdx. The guide previously showed only ConfigMap-based policies for MCPServer; this adds the authzConfig.type: inline option (already documented for MCPRemoteProxy) in a tabbed layout, with guidance on when to choose each approach. The authzConfig.inline structure was verified against the MCPServer CRD schema.

Note: this branch is based on current main, so its ConfigMap example still includes the permissionProfile field that #945 removes. It merges cleanly with #945, but should land after it (or be rebased onto it) so the ConfigMap example stays consistent.

Type of change

  • Documentation update

Related issues/PRs

Addresses a gap in #655. Should sequence after #945.

Submitter checklist

Content and formatting

  • I have reviewed the content for technical accuracy
  • I have reviewed the content for spelling, grammar, and style

Reviewer checklist

Content

  • I have reviewed the content for technical accuracy
  • I have reviewed the content for spelling, grammar, and style

@danbarr @claude
Add inline authz example for MCPServer
3ca5dcb 
Present ConfigMap and inline Cedar policy options side by side via tabs
in the authorization section, matching how MCPRemoteProxy documents
authzConfig.type: inline. Note the tradeoff: inline suits small,
server-specific policy sets; ConfigMap suits larger or shared ones.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings June 16, 2026 16:04
@vercel

vercel Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs-website Ready Ready Preview, Comment Jun 16, 2026 6:20pm

Request Review

Copilot AI reviewed Jun 16, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the Kubernetes Operator authorization guide to document MCPServer.spec.authzConfig.type: inline alongside the existing ConfigMap-based approach, using a tabbed layout to help readers choose between the two.

Changes:

  • Adds a brief comparison of ConfigMap vs inline Cedar policy sources for MCPServer.
  • Wraps the existing ConfigMap-based flow in a Tabs / TabItem layout and adds an inline-policy alternative.
  • Introduces an inline MCPServer YAML example using authzConfig.inline.policies, plus guidance about entitiesJson.

Comment thread docs/toolhive/guides-k8s/auth-k8s.mdx
Comment thread docs/toolhive/guides-k8s/auth-k8s.mdx Outdated
@danbarr danbarr mentioned this pull request Jun 16, 2026
Open
@danbarr @claude
Apply Copilot review feedback
5415d36 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@danbarr danbarr merged commit 61a7a56 into main Jun 18, 2026
4 checks passed
@danbarr danbarr deleted the docs-k8s-inline-authz branch June 18, 2026 12:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jhrozek jhrozek jhrozek approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@danbarr @jhrozek