Releases: Azure/aks-mcp
Release list
v0.0.19
What's Changed
- fix(k8s): block kubectl auth reconcile in readonly mode by @gossion in #377
- chore: bump mcp-kubernetes to v0.0.14 and azure-api-mcp to v0.0.7 by @gossion in #380
- fix(http): validate Host and Origin for streamable-http and sse transports by @gossion in #382
Full Changelog: v0.0.18...v0.0.19
v0.0.18
What's Changed
- chore(deps): bump helm.sh/helm/v3 from 3.20.1 to 3.20.2 by @dependabot[bot] in #356
- fix: block @file argument injection to prevent arbitrary file reads by @gossion in #352
- fix: move az login and account-set to admin-only access level by @gossion in #353
- fix: move az fleet get-credentials to admin-only access level by @gossion in #354
- Add SafeSkill security badge (92/100 — Verified Safe) by @OyaAIProd in #357
- Chart: support setting podLabels by @audunsolemdal in #363
- fix: block credential-bearing commands in call_az handler by @gossion in #368
- fix(oauth): support external URL override for TLS-terminating proxy d… by @michaelalinks in #364
- fix(oauth): use ExternalURL in WWW-Authenticate header for TLS proxy deployments by @michaelalinks in #369
- feat: add On-Behalf-Of flow for browser-based MCP client support by @Michael-Wilson94 in #370
New Contributors
- @OyaAIProd made their first contribution in #357
- @audunsolemdal made their first contribution in #363
- @michaelalinks made their first contribution in #364
- @Michael-Wilson94 made their first contribution in #370
Full Changelog: v0.0.17...v0.0.18
v0.0.17
What's Changed
- Chore/update helm chart and add publish pipeline by @achaikaJH in #337
- fix: fix Helm chart publish workflow and add lint step by @gossion in #339
- chore(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 in /test/e2e by @dependabot[bot] in #342
- fix: block az rest with non-Azure URLs to prevent token exfiltration by @gossion in #345
- fix: prevent command injection in collect_aks_node_logs via since and filter parameters by @gossion in #344
- chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 by @dependabot[bot] in #338
- chore(deps): bump the all-gomod group across 1 directory with 11 updates by @dependabot[bot] in #346
Full Changelog: v0.0.16...v0.0.17
v0.0.16
What's Changed
- Fix: fix gosec pipeline error and upgade go version by @gossion in #314
- feat: add oauth2 authentication for SPN and MID by @achaikaJH in #312
- chore(deps): bump the all-gomod group across 1 directory with 4 updates by @dependabot[bot] in #315
- chore(deps): bump the all-gomod group across 1 directory with 2 updates by @dependabot[bot] in #294
- inspektorgadget: Allow connecting in custom namespace by @mqasimsarfraz in #318
- Fix: lint error by @gossion in #320
- Add support for custom OAuth scopes via
--oauth-scopesflag by @achaikaJH in #316 - Test: e2e testing framework for the AKS-MCP server by @gossion in #321
- ci: pin gosec action to v2.24.0 instead of @master by @gossion in #326
- inspektorgadget: Simplify tool schema and description by @mqasimsarfraz in #330
- Add comprehensive Enterprise Application configuration documentation by @achaikaJH in #332
- Chore: skip az login when TokenAuthOnly is enabled by @gossion in #313
- fix: accept AKS managed webhook token path for workload identity by @gossion in #325
- Feat: Add telemetry tracking to call_az tool handler by @gossion in #327
- chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.45.0 in /test/e2e by @dependabot[bot] in #322
- Sanitize CLI command in telemetry to prevent secret leakage by @gossion in #335
New Contributors
- @achaikaJH made their first contribution in #312
Full Changelog: v0.0.15...v0.0.16
v0.0.15
What's Changed
- Test: add pipeline to push image to mcr by @gossion in #267
- Fix: show cli output when error happens in login by @gossion in #261
- fix: fix push_mcr pipeline by @gossion in #269
- IG: Bugfixes, better description and added features by @burak-ok in #273
- Feat: pass ctx to tool call by @gossion in #276
- chore(deps): bump alpine from 3.22 to 3.23 in the all-gomod group by @dependabot[bot] in #268
- chore(deps): bump the all-gomod group across 1 directory with 2 updates by @dependabot[bot] in #275
- feat: Add MCP tool annotations for LLM guidance by @bryankthompson in #279
- add az cli extension costmanagement & application-insights by @gossion in #282
- Bump github.com/Azure/mcp-kubernetes to v0.0.12 by @Copilot in #289
- Feat: support run kubectl on AKS by runcommand by @gossion in #286
- chore: log for azapi handler by @gossion in #292
- Docs: update tool names by @gossion in #293
- Chore: rename tools to avoid confusion by @gossion in #298
- docs: add GitHub Copilot CLI to supported clients by @GeekTrainer in #296
- Feat: merge detector tools by @gossion in #299
- Fix: optimize runcommand polling interval by @gossion in #301
- Fix: fix push mcr pipeline by @gossion in #302
- Feat: support --token-auth-only in helm chart by @gossion in #305
- Fix: don't show acr name in logs by @gossion in #306
- Bump azure-api-mcp to v0.0.5 by @Copilot in #304
- Feat: support security check for k8s run command by @gossion in #308
- Feat: support getting logs from nodes by @gossion in #297
New Contributors
- @bryankthompson made their first contribution in #279
- @GeekTrainer made their first contribution in #296
Full Changelog: v0.0.12...v0.0.15
v0.0.12
What's Changed
- chore(deps): bump github.com/inspektor-gadget/inspektor-gadget from 0.45.0 to 0.46.0 in the all-gomod group by @dependabot[bot] in #233
- Improve README formatting and installation details by @pavneeta in #235
- chore(deps): bump docker/metadata-action from 5.8.0 to 5.9.0 in the all-gomod group by @dependabot[bot] in #234
- Chore: disable oauth by default in helm charts by @gossion in #236
- chore(deps): bump github.com/containerd/containerd from 1.7.28 to 1.7.29 by @dependabot[bot] in #237
- chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.19.1 to 1.20.0 in the all-gomod group by @dependabot[bot] in #238
- chore(deps): bump golangci/golangci-lint-action from 8 to 9 in the all-gomod group by @dependabot[bot] in #239
- inspektor-gadget: Allow Deploy/Undeploy with default permissions by @mqasimsarfraz in #241
- chore(deps): bump the all-gomod group with 2 updates by @dependabot[bot] in #240
- chore(deps): bump the all-gomod group with 4 updates by @dependabot[bot] in #242
- Revise MCP server documentation by @julia-yin in #246
- inspektor-gadget: Include confirmation before deploy/undeploy by @mqasimsarfraz in #245
- Fix: log level in helm chart by @gossion in #247
- Feat: switch to azure api mcp for simple cli commands by @gossion in #243
- chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 by @dependabot[bot] in #248
- charts: Add permissions for Inspektor Gadget by @mqasimsarfraz in #249
- Feat: deploy aks-mcp with oidc by @gossion in #244
- chore(deps): bump actions/checkout from 5 to 6 in the all-gomod group by @dependabot[bot] in #250
- Feat: support unified kubectl tool by @gossion in #252
- chore: remove variables for workload identity by @mainred in #256
- IG: Add profile_blockio and top_blockio by @burak-ok in #255
- chore(deps): bump github.com/mark3labs/mcp-go from 0.43.0 to 0.43.1 in the all-gomod group across 1 directory by @dependabot[bot] in #254
- chore(deps): bump the all-gomod group across 1 directory with 2 updates by @dependabot[bot] in #257
- Docs: update readme for unified tools by @gossion in #258
- Feat: support az retry with 'az login' by @gossion in #260
- Feat: support configurable components by @gossion in #263
- Chore: add cilium, hubble in docker image by @gossion in #264
New Contributors
Full Changelog: v0.0.11...v0.0.12
Breaking Change: Component Configuration Migration (--additional-tools → --enabled-components)
Summary
We have refactored the component configuration system in this release, which introduces breaking changes to the command-line interface and default behavior. The --additional-tools flag has been replaced with a unified --enabled-components flag, and the default enabled components list has been expanded.
Breaking Changes
1. Flag Replacement
Before:
aks-mcp --additional-tools helm,cilium,hubbleAfter:
aks-mcp --enabled-components helm,cilium,hubbleThe --additional-tools flag is removed and will cause an error if used.
2. Default Enabled Components
Before (implicit behavior):
- Always enabled by default:
az_cli,monitor,fleet,network,compute,detectors,advisor,inspektorgadget,kubectl - Required
--additional-toolsflag:helm,cilium,hubble
After:
- All components enabled by default when
--enabled-componentsis empty or not specified:az_cli,monitor,fleet,network,compute,detectors,advisor,inspektorgadget,kubectl,helm,cilium,hubble
3. CLI Tool Validation
The startup validator now checks for all CLI tools corresponding to enabled components.
Before:
- Validated:
az,kubectl(always) - Validated conditionally:
helm,cilium,hubble(only if specified in--additional-tools)
After:
- When
--enabled-componentsis empty (default), validates all CLI tools:az,kubectl,helm,cilium,hubble - When
--enabled-componentsis specified, validates only the listed components
Impact: If you don't have helm, cilium, or hubble installed, aks-mcp will fail to start with validation errors.
v0.0.11
What's Changed
- chore(deps): bump github.com/mark3labs/mcp-go from 0.41.1 to 0.42.0 in the all-gomod group by @dependabot[bot] in #226
- inspektor-gadget: Add tcpdump gadget by @mqasimsarfraz in #227
- use default subscription_id if it is not set by @gossion in #232
- chore(deps): bump the all-gomod group with 2 updates by @dependabot[bot] in #231
- chore(deps): bump actions/upload-artifact from 4 to 5 in the all-gomod group by @dependabot[bot] in #228
Full Changelog: v0.0.10...v0.0.11
v0.0.10
What's Changed
- fix: enforce json output for az monitor metrics and aks tools by @feiskyer in #216
- Chore: add guidance for deploying aks-mcp in ask approuting by @gossion in #215
- fix: correct resource url by @gossion in #217
- chore(deps): bump docker/login-action from 3.5.0 to 3.6.0 in the all-gomod group by @dependabot[bot] in #220
- chore(deps): bump github.com/mark3labs/mcp-go from 0.40.0 to 0.41.0 in the all-gomod group by @dependabot[bot] in #219
- chore(deps): bump the all-gomod group across 1 directory with 3 updates by @dependabot[bot] in #223
- Fix: /heath for http, sse by @gossion in #225
Full Changelog: v0.0.9...v0.0.10
v0.0.9
What's Changed
- fix: update user-assigned managed identity authentication to use --client-id by @feiskyer in #206
- chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.11.0 to 1.12.0 in the all-gomod group by @dependabot[bot] in #209
- Feat: add chart to deploy aks-mcp on kubernetes by @gossion in #207
- feat: add kubelogin to Dockerfile by @mqasimsarfraz in #210
- Feat: enable log level by @gossion in #212
- chore(deps): bump github.com/mark3labs/mcp-go from 0.39.1 to 0.40.0 in the all-gomod group by @dependabot[bot] in #213
- refactor: extract operation value extraction logic by @feiskyer in #214
Full Changelog: v0.0.8...v0.0.9
v0.0.8
What's Changed
- remove: VMSS run-command tool for AKS policy compliance by @feiskyer in #189
- chore(deps): bump the all-gomod group with 3 updates by @dependabot[bot] in #191
- chore: bump k8s tools and fix the tool list in README by @feiskyer in #192
- Fix README WSL guidance to prevent ENOENT errors (#190) by @feiskyer in #193
- chore: Add note for container_user by @mqasimsarfraz in #194
- chore(deps): bump the all-gomod group across 1 directory with 7 updates by @dependabot[bot] in #196
- fix: ensure error messages are included in tool output by @feiskyer in #198
- chore(deps): bump actions/setup-go from 5 to 6 in the all-gomod group by @dependabot[bot] in #201
- Include hubble in additional tools by @SRodi in #200
- Feat: support oauth by @gossion in #202
New Contributors
Full Changelog: v0.0.7...v0.0.8