Skip to Content
User Guide🧩 Available MCP ServersQueryPie KAC

QueryPie KAC

Securely access Kubernetes clusters through QueryPie platform’s KAC (Kubernetes Access Control).

Key Features

  • Kubernetes cluster access through QueryPie KAC (Kubernetes Access Control)
  • Permission-based Kubernetes resource management
  • Secure kubectl command execution

Basic Information

Authentication Method

Administrators must set up MCP server configuration in advance. Users authenticate using OAuth.

Input Parameters

  • Server URL (Required): QueryPie domain
  • Authorization URL for OAuth (Required): OAuth authorization URL
  • Token URL for OAuth (Required): OAuth token URL
  • Client ID (Required): OAuth client ID
  • Client Secret (Required): OAuth client secret

You can find these in QueryPie admin page > General Settings > Security > OAuth Settings.

OAuth Integration Guide

This is the procedure to integrate QueryPie with AIP using OAuth. Please follow the steps below.

  1. Access QueryPie and Admin Login
    Access your organization’s QueryPie domain (e.g., https://<your-querypie-domain>) and log in with an administrator account.

  2. Navigate to OAuth Settings
    Go to Admin Page → General Settings → Security → OAuth Settings menu. QueryPie OAuth setting

  3. Copy Client ID and Secret
    Enter Client ID and Copy your Client ID and Client Secret. You will need them in step 5 below.

  4. Enter AIP’s OAuth callback URL
    Enter https://api.app.querypie.com/integration/oauth/callback in the Redirect URI field.

  5. Access AIP and Enter OAuth settings in AIP
    Enter the following values in the QueryPie MCP settings in the MCP Integration Management menu of the AIP administrator page:

    • Server URL: e.g., https://<your-querypie-domain>
    • Client ID (The value you copied in step 3 above)
    • Client Secret (The value you copied in step 3 above) QueryPie OAuth setting

Supported MCP Tools

KAC (Kubernetes Access Control) Tools

Manage Kubernetes cluster access through QueryPie’s Kubernetes access control functionality.

QueryPie KAC MCP only works with Kubernetes clusters managed by QueryPie.

list_accessible_k8s_roles

Retrieve a list of all accessible Kubernetes roles. You must select a role to use in subsequent commands.

list_accessible_k8s_clusters

Retrieve a list of all accessible Kubernetes clusters.

Input Parameters:

  • roleUuid (Required): Role UUID

list_k8s_namespaces

Retrieve a list of namespaces in the Kubernetes cluster.

Input Parameters:

  • roleUuid (Required): Role UUID
  • clusterUuid (Required): Cluster UUID

run_kubectl_command

Execute kubectl commands on the Kubernetes cluster.

Input Parameters:

  • roleUuid (Required): Role UUID
  • clusterUuid (Required): Cluster UUID
  • namespace (Optional): Namespace (default: default)
  • command (Required): kubectl command to execute

Usage Examples

For example,

  • When you input the prompt “Show me the list of Kubernetes clusters accessible through QueryPie”,
  • The LLM will sequentially call list_accessible_k8s_roles and list_accessible_k8s_clusters tools through QueryPie KAC MCP, then respond based on the results.

Precautions

  • Maintain security through proper permission settings.
  • Follow your organization’s security policies when accessing Kubernetes clusters.
  • Regularly review access logs.
  • Consider the impact on cluster resources when executing kubectl commands.
Last updated on
QueryPie SAC - AdminTerminal