ExoExo
§04 — Resources & CRDs

Tool

A managed connection — database, SSH, HTTP, Kubernetes — that agents and operators reach through an on-demand bastion pod with the connection string injected.

5 min read·Set by Exo Editorial·v0.3.0 Beta

A Tool declares an external system an agent (or a human via the CLI) can talk to. The operator doesn't keep a pod running for it; it spins up a bastion pod on demand, injects the connection string, and tears it down after an idle timeout. The credential never leaves the cluster.

What a Tool is

  • A typed connection profile (host, port, database, credentials, TLS).
  • An on-demand bastion pod the CLI (exo tool connect/exec) and agents use to run queries or commands.
  • An optional engine-native permission policy (spec.permissions).

A Postgres Tool

tool-postgres.yaml· yaml
1apiVersion: v1
2kind: Secret
3metadata: { name: analytics-pg-creds }
4type: Opaque
5stringData: { password: REPLACE_ME }
6---
7apiVersion: agentkube.io/v1alpha1
8kind: Tool
9metadata:
10  name: analytics-postgres
11spec:
12  type: postgres
13  description: "Analytics Postgres read-replica"
14  tags: [databases, postgres, readonly]
15  probe: true                       # validate connectivity on reconcile
16  config:
17    hostname: pg-analytics.prod.internal
18    port: 5432
19    username: agentkube_ro
20    databaseName: analytics
21    sslMode: require
22    credentialsRef: { name: analytics-pg-creds, key: password }

Integration types

spec.type is one of:

spec.type· text
1ssh        postgres   mysql      sqlserver   mongodb    redis
2clickhouse kubernetes http       snowflake   bigquery   elasticsearch
3kafka      oracle     cockroachdb redshift   rabbitmq   custom

The repo's agentkube/samples/tool-*.yaml has a worked example for each type, including tool-custom.yaml for arbitrary images.

Config & credentials

spec.config carries the connection details and a credentialsRef to a Secret — the reconciler reads the secret and, when spec.probe: true, runs a type-specific connectivity check before marking the Tool Ready. custom tools point at their own container image.

Bastion lifecycle

Connecting brings a bastion pod up; it auto-pauses after spec.idleTimeout (default 15m) once no session is active. The CLI keeps it warm with a heartbeat while you're attached:

terminal· bash
1exo tool connect prod/analytics-postgres        # shell with PGHOST/PGPORT/… injected
2exo tool exec prod/analytics-postgres -- psql -c 'select 1'
3exo tool status prod/analytics-postgres         # pod phase + idle clock
4exo tool pause prod/analytics-postgres          # tear the pod down now

Permissions

spec.permissions attaches an engine-native authorization policy (mode enforce or declare). For SQL engines and MongoDB the operator runs a short-lived Job built from the per-type tool image to provision it; for Kubernetes Tools it applies a Role/ClusterRole and binds it to the bastion ServiceAccount — which is why the operator's RBAC includes bind and escalate (see Deploying the manager).

Previous · Resources & CRDsAgentNext · Resources & CRDs MCP & LLMGateway