Skip to content

Instantly share code, notes, and snippets.

View bentito's full-sized avatar

Brett Tofel bentito

8 followers · 6 following
  • Red Hat
  • Shelburne, VT
View GitHub Profile
@bentito
bentito / mcp-dev-2026.md
Last active January 21, 2026 18:55
MCP Dev 2026 NYC Presentation Proposal

Presentation Proposal: MCP Dev Summit North America 2026

Title: Diagnosis with Agent Evals: Building an MCP Server for Network Troubleshooting

Session Type: 25-minute Session

Track: Security & Operations / MCP Best Practices

Abstract

Troubleshooting Kubernetes network ingress and DNS issues is notoriously complex, requiring deep domain knowledge and context hopping between multiple layers (HAProxy, CoreDNS, generic K8s resources). While LLMs promise to democratize this knowledge, giving them raw kubectl access is risky and often ineffective. In this session, we present our journey building and rigorously validating a production-grade NetEdge MCP server. We detail how we evolved from a "Phase 0" prototype using gen-mcp to a robust Go implementation, but more importantly, we ask the hard question: Do these specialized MCP tools actually help agents solve these networking problems better?

@bentito
bentito / Demo_Preflight_for_OCP.md
Last active May 6, 2025 14:42

Demo: Preflight RBAC Check in Action (OpenShift Example)

To solidify these concepts, let’s walk through a real example on OpenShift. We will attempt to install the OpenShift Pipelines Operator as a cluster extension, but we’ll initially misconfigure its RBAC to trigger the preflight checks. Then we’ll fix the permissions.

Step 1: Create a Service Account with limited RBAC. In this example, we create a service account pipelines-installer in the pipelines project, and give it a deliberately minimal ClusterRole that is missing some permissions we know the operator will need:

apiVersion: v1
kind: ServiceAccount
metadata:
@bentito
bentito / tilt-podman-how-to.md
Last active May 7, 2024 14:54
Hack podman to work with tilt

Following is for an M1 MacBook Pro (not sure how much that matters but)

Other specs (again, not sure how much they matter):

podman --version
podman version 5.0.1
tilt version
v0.33.12, built 2024-03-28

start Kind with a local registry. Just use the regular Kind with registry script

@bentito
bentito / copyright_change_log.txt
Created March 14, 2024 12:53
Carvel repo copyright update log
@bentito
bentito / print_operator_dockerfile.sh
Created December 6, 2023 20:20
print operator bundle Dockerfiles
#!/bin/bash
# Check if an image reference is provided
if [ -z "$1" ]; then
echo "Usage: $0 <image-reference>"
exit 1
fi
IMAGE_REF=$1
@bentito
bentito / scratch_1.go
Last active November 16, 2023 16:17
fips reporting go code
func GetDataFromFBC(report index.Data) (index.Data, error) {
root := "./output/" + actions.GetVersionTagFromImage(report.Flags.IndexImage) + "/configs"
fileSystem := os.DirFS(root)
fbc, err := declcfg.LoadFS(fileSystem)
if err != nil {
return report, fmt.Errorf("unable to load the file based config : %s", err)
}
model, err := declcfg.ConvertToModel(*fbc)
if err != nil {
@bentito
bentito / quay-from-rh-rh-4.14.md
Created November 13, 2023 17:37
Quay Operator package update graphs

create this graph with: opm alpha render-graph registry.redhat.io/redhat/redhat-operator-index:v4.14 --package-name quay-operator

@bentito
bentito / index.json
Created October 20, 2023 11:49
pruned FBC index
This file has been truncated, but you can view the full file.
{
"schema": "olm.package",
"name": "amq-streams",
"defaultChannel": "stable",
"icon": {
"base64data": "iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAIj5JREFUeNrsnX1wVOW9x5/dBBIgLxvAKFFkGape0Zo4tFNfppLcueKlRQlzi0A7HRKsdG5va5Iy3r96b7Ktf9w71Ztgp+OI1Sx3Wt/wDol2ZLRqFjuibaEktmClRQJULOElGxKSAHm553dyTrpJNpvz9pzzPOd8vzPbDUKzZ3fP5/v8fr/neX5PiEHS6qPrWUR5KtP+WK49L1EeUe3n1L+3qnblkdR+7lQex7WfE/rf33xi/O8hyRTCRyAF6GUa1PRcqoFdLthlJjSj6NBMo1MxhnZ8ezAAyDzs5RroZQ6M4J6qcMOW9qJvfqd94MC+jv7f/jpx3VO7YAowACgF+HIN+JUCjur24P9aFVv0RPOE/3bpsML/rNmJ4XNde/s/2Ju4qq4hgbsABhDEEX6t34CfCf50uvLXTjYy0J8Y+vR4a/LlZkQIMABfQl+pjfCV7O8FOhZ0+NPpcudfOofPn2np2RXfu+i/drTg7oEByAz9Wg36SFDetx34p0QHJz5JhnLntPS99Vpr0Te+DTOAAUgR3tcEDXoe8Kczg0t/PtwyOjiwvWDNg0gTYADCQE+gV2ngR4P6OfCEf7IG2n/TmRVZsP2TlTfEsQYBBuAV+OXK02YN/kDLTfhTNXIhyUYGB+LJ53fsxGwCDMAt8An4+iCP9iLAP1lUPLx06GBMSQ/i+FZgADzC/FotzI/gExEL/lQN93QnL33Usf3EhoompAcwALvgRzXoqwC++PBPNoLR/ovx5EvPblfSg058YzAAs+DXI7+XE/7JdYLLx4/G+97+ZQxGAAMwGurX49OQH/7JR
@bentito
bentito / java_kubernetes_operators_report.md
Last active September 26, 2023 14:28
Creating Java-Based Kubernetes Operators: A Comparative Report with Code Examples
@bentito
bentito / sa_key_rotation_notes.md
Created March 21, 2023 16:23
SA Key Rotation Notes 
cd ~/workspace/sa-key-rotation
cd jwks
go run jwks.go ../../aws-pod-identity-webhook/sa-signer-pkcs8.pub ../../cloud-credential-operator/new/serviceaccount-signer.public
cat keys.json
S3_BUCKET_NAME=btofel-sts-test &&  aws s3 cp keys.json s3://${S3_BUCKET_NAME} --profile redhat-openshift-dev --acl public-read
PRIVKEY=`base64 -i ../cloud-credential-operator/new/serviceaccount-signer.private`
PUBKEY=`base64 -i ../cloud-credential-operator/new/serviceaccount-signer.public`
oc patch secret next-bound-service-account-signing-key -n openshift-kube-apiserver-operator --type=json -p '[{"op":"replace","path":"/data/service-account.key","value":"'"$PRIVKEY"'"},{"op":"replace","path":"/data/service-account.pub","value":"'"$PUBKEY"'"}]'