QueryPie KAC

Securely access Kubernetes clusters through QueryPie platform’s KAC (Kubernetes Access Control).

Key Features

Kubernetes cluster access through QueryPie KAC (Kubernetes Access Control)
Permission-based Kubernetes resource management
Kubernetes API-based resource read, create, update, and delete operations

Basic Information

Authentication Method

Administrators must set up MCP server configuration in advance. Users authenticate using OAuth.

Input Parameters

Server URL (Required): QueryPie domain
Authorization URL for OAuth (Required): OAuth authorization URL
Token URL for OAuth (Required): OAuth token URL
Client ID (Required): OAuth client ID
Client Secret (Required): OAuth client secret

As of QueryPie v11.2.1, you can check this in the Admin Page > General Settings > Security > OAuth Settings path.

OAuth Integration Guide

This is the procedure to integrate QueryPie with AIP using OAuth. Please follow the steps below.

Access QueryPie and Admin Login
Access your organization’s QueryPie domain (e.g., https://<your-querypie-domain>) and log in with an administrator account.
Navigate to OAuth Settings
Go to Admin Page → General Settings → Security → OAuth Settings menu.
Copy Client ID and Secret
Enter Client ID and Copy your Client ID and Client Secret. You will need them in step 5 below.
Enter AIP’s OAuth callback URL
Enter https://api.app.querypie.com/integration/oauth/callback in the Redirect URI field.
Access AIP and Enter OAuth settings in AIP
Enter the following values in the QueryPie MCP settings in the MCP Integration Management menu of the AIP administrator page:
- Server URL: e.g., https://<your-querypie-domain>
- Client ID (The value you copied in step 3 above)
- Client Secret (The value you copied in step 3 above)
- Edge Tunnel (Select personal Tunnel)

Supported MCP Tools

KAC (Kubernetes Access Control) Tools

Manage Kubernetes cluster access through QueryPie’s Kubernetes access control functionality.

QueryPie KAC MCP only works with Kubernetes clusters managed by QueryPie.

list_roles

Retrieve a list of roles available in QueryPie KAC.

list_cloud_providers

Retrieve a list of cloud providers accessible with the selected role.

Input Parameters:

roleUuid (Required): Role UUID

list_clusters

Retrieve a list of Kubernetes clusters accessible with the selected role and cloud provider.

Input Parameters:

roleUuid (Required): Role UUID
cloudProviderUuid (Required): Cloud provider UUID

list_resources

Retrieve a list of Kubernetes resources.

Input Parameters:

metadata (Required): Cluster and role information
gvr (Required): Kubernetes group/version/resource information
namespace (Optional): Namespace

get_resource

Retrieve a specific Kubernetes resource.

Input Parameters:

metadata (Required): Cluster and role information
gvr (Required): Kubernetes group/version/resource information
name (Required): Resource name
namespace (Optional): Namespace

create_resource

Create a Kubernetes resource.

Input Parameters:

metadata (Required): Cluster and role information
gvr (Required): Kubernetes group/version/resource information
kind (Required): Resource kind
name (Required): Resource name
manifest (Required): Resource manifest to create
namespace (Optional): Namespace

update_resource

Update a Kubernetes resource.

Input Parameters:

metadata (Required): Cluster and role information
gvr (Required): Kubernetes group/version/resource information
kind (Required): Resource kind
name (Required): Resource name
manifest (Required): Resource manifest to update
namespace (Optional): Namespace

delete_resource

Delete a Kubernetes resource.

Input Parameters:

metadata (Required): Cluster and role information
gvr (Required): Kubernetes group/version/resource information
name (Required): Resource name
namespace (Optional): Namespace

list_node_metrics

Retrieve Kubernetes node metrics.

Input Parameters:

metadata (Required): Cluster and role information

list_events

Retrieve Kubernetes events.

Input Parameters:

metadata (Required): Cluster and role information
namespace (Optional): Namespace

Usage Examples

For example,

When you input the prompt “Show me the list of Kubernetes clusters accessible through QueryPie”,
The LLM will sequentially call list_roles, list_cloud_providers, and list_clusters tools through QueryPie KAC MCP, then respond based on the results.

Precautions

Maintain security through proper permission settings.
Follow your organization’s security policies when accessing Kubernetes clusters.
Regularly review access logs.
Consider the impact on cluster resources when creating, updating, or deleting resources.