weibaohui/k8m

Implements a Dynamic Resource Controller that abstracts Kubernetes API operations across multiple clusters using a query builder and filtering system. Resources are discovered dynamically via the kom library integration, supporting both standard Kubernetes resources and Custom Resource Definitions (CRDs). The system maintains real-time resource caching with watch mechanisms and provides batch operations for bulk resource manipulation across clusters with namespace-level access control enforcement.

Provides WebSocket-based interactive shell access to running pods using Kubernetes exec API with terminal multiplexing capabilities. The system establishes bidirectional communication channels for stdin/stdout/stderr, handles terminal resize events, and maintains session state across reconnections. Supports multiple concurrent shell sessions per pod with isolated I/O streams and automatic cleanup on disconnection.

Implements a plugin architecture that allows dynamic loading of Go plugins at runtime with standardized lifecycle hooks (init, start, stop, shutdown). Plugins are organized into categories (core infrastructure, operational, AI/MCP) and can register custom resource controllers, API endpoints, and event handlers. The system manages plugin dependencies, version compatibility, and provides plugin configuration through YAML files.

Integrates with K8sGPT and configurable AI models (OpenAI, Anthropic, local LLMs) to analyze cluster state and provide intelligent troubleshooting recommendations. The system sends cluster diagnostics to AI models, processes responses, and presents findings in the UI. Supports analysis of pod failures, resource issues, security misconfigurations, and best practice violations with AI-generated explanations and remediation steps.

Sends cluster events and inspection results to external webhooks with customizable payload formatting and retry logic. The system batches events, formats them according to webhook configuration, and implements exponential backoff retry on failure. Supports multiple webhook endpoints with different event filters and payload templates, enabling integration with Slack, PagerDuty, custom monitoring systems, and other external services.

Provides a web-based management interface built with AMIS framework featuring responsive layouts, custom Kubernetes-aware components, and AI-enhanced UI elements. The UI includes cluster/namespace selection, resource browsing with filtering, pod operations (logs, shell, metrics), and AI chat integration. Components are customized for Kubernetes workflows with kubeconfig editors, YAML validators, and real-time resource status displays.

Implements JWT token-based authentication system for stateless session management without server-side session storage. Tokens contain user identity, roles, and namespace assignments, signed with configurable algorithms (HS256, RS256). The system validates tokens on each request, extracts user context, and enforces permissions based on token claims. Supports token refresh, expiration, and revocation through blacklist mechanism.

Provides file operations within running pods including upload, download, and directory browsing through Kubernetes exec API. The system uses tar streaming for efficient file transfer, handles binary files, and maintains file permissions. Supports recursive directory operations and provides progress tracking for large file transfers.

Supports dynamic cluster registration through kubeconfig upload/paste with automatic cluster discovery and validation. The system parses kubeconfig files, validates cluster connectivity, extracts cluster metadata, and stores configurations securely. Supports multiple kubeconfig formats and automatically detects cluster version, API capabilities, and available resources.

Stores k8m configuration in database with support for hot-reload of configuration changes without restart. The system watches configuration tables for changes, reloads affected components, and maintains backward compatibility. Supports configuration versioning and rollback, with audit logging of configuration changes.

Streams and aggregates logs from multiple pods across clusters using Kubernetes log API with real-time filtering, search, and tail capabilities. The system supports log aggregation from multiple containers per pod, timestamp-based filtering, and label-based pod selection. Logs are streamed via WebSocket with configurable buffer sizes and can be filtered by log level, keywords, or regex patterns without requiring external log aggregation infrastructure.

Establishes port forwarding tunnels from local ports to pod service ports using Kubernetes port-forward API with automatic lifecycle management. The system handles tunnel creation, connection pooling, and graceful cleanup on client disconnect. Supports multiple concurrent port forwards per pod and provides tunnel status monitoring with automatic reconnection on failure.

Collects and aggregates pod resource metrics (CPU, memory, network I/O) from Kubernetes metrics-server API with real-time updates and historical trending. The system queries metrics API for current usage, calculates resource utilization percentages against requests/limits, and provides time-series data for visualization. Supports aggregation across multiple pods and namespaces with configurable sampling intervals.

Implements a scheduled inspection system that executes custom Lua scripts against cluster state to identify issues, with results aggregated and summarized using AI models. The system maintains an inspection scheduler that runs checks on configurable intervals, records check events with pass/fail status, and uses AI to generate natural language summaries of cluster health. Supports built-in inspection scripts for common issues (resource limits, pod disruption budgets, security policies) and allows custom script injection.

Implements a Model Context Protocol (MCP) server that exposes ~50 built-in Kubernetes management tools as callable functions with JSON schema validation and permission enforcement. The system registers tools with input/output schemas, validates function calls against schemas, and enforces user permissions before execution. Tools are organized by category (cluster management, pod operations, resource management) and support both synchronous and asynchronous execution with result streaming.

Manages connection state machines for multiple Kubernetes clusters with periodic heartbeat monitoring and automatic reconnection on failure. The system maintains connection state (connected/disconnected/degraded), sends heartbeat probes at configurable intervals, detects connection loss, and automatically attempts reconnection with exponential backoff. Supports graceful degradation when clusters become temporarily unavailable and provides connection status visibility in the UI.

Implements fine-grained namespace-level access control using a permission model that combines user roles, namespace assignments, and resource-level permissions. The system enforces permissions at the API layer through callbacks that validate user access before executing operations. Supports role definitions (admin, operator, viewer) with namespace-scoped assignments and integrates with JWT token system for stateless authentication.

Implements distributed leader election using Kubernetes lease objects to coordinate multiple k8m instances, ensuring only one instance performs cluster-wide operations (inspections, webhooks, leader-dependent tasks). The system uses Kubernetes API for lease-based coordination, handles graceful leadership transfer on instance failure, and provides leader status visibility. Supports active-passive and active-active deployment modes with automatic failover.