From 53dbeeecf1baa08ae38f57f70fef97d9f48ad427 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <209825114+claude[bot]@users.noreply.github.com> Date: Wed, 27 Aug 2025 10:27:59 +0000 Subject: [PATCH 1/6] Rename MCPServer CRD port attributes for clarity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Rename `port` to `proxyPort` - represents proxy runner port - Rename `targetPort` to `mcpPort` - represents MCP server port This change addresses user confusion about port semantics as discussed in issue #1452. The new names clearly indicate which port corresponds to which component: - proxyPort: Port exposed by the proxy runner in Kubernetes - mcpPort: Port that the MCP server listens on internally Updated all relevant files: - CRD types definition and generated YAML - Operator controller logic - All example and test YAML files - Keycloak deployment example 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Chris Burns --- .../api/v1alpha1/mcpserver_types.go | 8 ++--- .../controllers/mcpserver_controller.go | 30 +++++++++---------- .../toolhive.stacklok.dev_mcpservers.yaml | 8 ++--- deploy/keycloak/mcpserver-with-auth.yaml | 4 +-- .../operator/mcp-servers/mcpserver_fetch.yaml | 4 +-- .../mcpserver_fetch_tools_filter.yaml | 4 +-- .../mcp-servers/mcpserver_github.yaml | 2 +- .../operator/mcp-servers/mcpserver_mkp.yaml | 2 +- .../mcpserver_with_configmap_oidc.yaml | 2 +- .../mcpserver_with_inline_oidc.yaml | 2 +- .../mcpserver_with_kubernetes_oidc.yaml | 2 +- .../mcpserver_with_pod_template.yaml | 2 +- .../mcpserver_with_resource_overrides.yaml | 2 +- .../mcp-servers/mcpserver_yardstick_sse.yaml | 4 +-- .../mcpserver_yardstick_stdio.yaml | 2 +- .../mcpserver_yardstick_streamablehttp.yaml | 4 +-- .../test-scenarios/sse/mcpserver.yaml | 4 +-- .../test-scenarios/stdio/mcpserver.yaml | 2 +- .../streamable-http/mcpserver.yaml | 4 +-- .../test-scenarios/sse/mcpserver.yaml | 4 +-- .../test-scenarios/stdio/mcpserver.yaml | 2 +- .../streamable-http/mcpserver.yaml | 4 +-- 22 files changed, 51 insertions(+), 51 deletions(-) diff --git a/cmd/thv-operator/api/v1alpha1/mcpserver_types.go b/cmd/thv-operator/api/v1alpha1/mcpserver_types.go index d41f23e74..7003a5474 100644 --- a/cmd/thv-operator/api/v1alpha1/mcpserver_types.go +++ b/cmd/thv-operator/api/v1alpha1/mcpserver_types.go @@ -16,17 +16,17 @@ type MCPServerSpec struct { // +kubebuilder:default=stdio Transport string `json:"transport,omitempty"` - // Port is the port to expose the MCP server on + // ProxyPort is the port to expose the proxy runner on // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=65535 // +kubebuilder:default=8080 - Port int32 `json:"port,omitempty"` + ProxyPort int32 `json:"proxyPort,omitempty"` - // TargetPort is the port that MCP server listens to + // McpPort is the port that MCP server listens to // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=65535 // +optional - TargetPort int32 `json:"targetPort,omitempty"` + McpPort int32 `json:"mcpPort,omitempty"` // Args are additional arguments to pass to the MCP server // +optional diff --git a/cmd/thv-operator/controllers/mcpserver_controller.go b/cmd/thv-operator/controllers/mcpserver_controller.go index 98347074b..7850d676e 100644 --- a/cmd/thv-operator/controllers/mcpserver_controller.go +++ b/cmd/thv-operator/controllers/mcpserver_controller.go @@ -214,7 +214,7 @@ func (r *MCPServerReconciler) Reconcile(ctx context.Context, req ctrl.Request) ( // Update the MCPServer status with the service URL if mcpServer.Status.URL == "" { - mcpServer.Status.URL = createServiceURL(mcpServer.Name, mcpServer.Namespace, mcpServer.Spec.Port) + mcpServer.Status.URL = createServiceURL(mcpServer.Name, mcpServer.Namespace, mcpServer.Spec.ProxyPort) err = r.Status().Update(ctx, mcpServer) if err != nil { ctxLogger.Error(err, "Failed to update MCPServer status") @@ -407,13 +407,13 @@ func (r *MCPServerReconciler) deploymentForMCPServer(m *mcpv1alpha1.MCPServer) * // Prepare container args args := []string{"run", "--foreground=true"} - args = append(args, fmt.Sprintf("--proxy-port=%d", m.Spec.Port)) + args = append(args, fmt.Sprintf("--proxy-port=%d", m.Spec.ProxyPort)) args = append(args, fmt.Sprintf("--name=%s", m.Name)) args = append(args, fmt.Sprintf("--transport=%s", m.Spec.Transport)) args = append(args, fmt.Sprintf("--host=%s", getProxyHost())) - if m.Spec.TargetPort != 0 { - args = append(args, fmt.Sprintf("--target-port=%d", m.Spec.TargetPort)) + if m.Spec.McpPort != 0 { + args = append(args, fmt.Sprintf("--target-port=%d", m.Spec.McpPort)) } // Generate pod template patch for secrets and merge with user-provided patch @@ -454,7 +454,7 @@ func (r *MCPServerReconciler) deploymentForMCPServer(m *mcpv1alpha1.MCPServer) * // Add OAuth discovery resource URL for RFC 9728 compliance resourceURL := m.Spec.OIDCConfig.ResourceURL if resourceURL == "" { - resourceURL = createServiceURL(m.Name, m.Namespace, m.Spec.Port) + resourceURL = createServiceURL(m.Name, m.Namespace, m.Spec.ProxyPort) } args = append(args, fmt.Sprintf("--resource-url=%s", resourceURL)) } @@ -626,7 +626,7 @@ func (r *MCPServerReconciler) deploymentForMCPServer(m *mcpv1alpha1.MCPServer) * VolumeMounts: volumeMounts, Resources: resources, Ports: []corev1.ContainerPort{{ - ContainerPort: m.Spec.Port, + ContainerPort: m.Spec.ProxyPort, Name: "http", Protocol: corev1.ProtocolTCP, }}, @@ -753,8 +753,8 @@ func (r *MCPServerReconciler) serviceForMCPServer(m *mcpv1alpha1.MCPServer) *cor Spec: corev1.ServiceSpec{ Selector: ls, // Keep original labels for selector Ports: []corev1.ServicePort{{ - Port: m.Spec.Port, - TargetPort: intstr.FromInt(int(m.Spec.Port)), + Port: m.Spec.ProxyPort, + TargetPort: intstr.FromInt(int(m.Spec.ProxyPort)), Protocol: corev1.ProtocolTCP, Name: "http", }}, @@ -884,7 +884,7 @@ func deploymentNeedsUpdate(deployment *appsv1.Deployment, mcpServer *mcpv1alpha1 } // Check if the port has changed - portArg := fmt.Sprintf("--proxy-port=%d", mcpServer.Spec.Port) + portArg := fmt.Sprintf("--proxy-port=%d", mcpServer.Spec.ProxyPort) found = false for _, arg := range container.Args { if arg == portArg { @@ -937,7 +937,7 @@ func deploymentNeedsUpdate(deployment *appsv1.Deployment, mcpServer *mcpv1alpha1 } // Check if the container port has changed - if len(container.Ports) > 0 && container.Ports[0].ContainerPort != mcpServer.Spec.Port { + if len(container.Ports) > 0 && container.Ports[0].ContainerPort != mcpServer.Spec.ProxyPort { return true } @@ -1009,12 +1009,12 @@ func deploymentNeedsUpdate(deployment *appsv1.Deployment, mcpServer *mcpv1alpha1 return true } - // Check if the targetPort has changed - if mcpServer.Spec.TargetPort != 0 { - targetPortArg := fmt.Sprintf("--target-port=%d", mcpServer.Spec.TargetPort) + // Check if the mcpPort has changed + if mcpServer.Spec.McpPort != 0 { + mcpPortArg := fmt.Sprintf("--target-port=%d", mcpServer.Spec.McpPort) found := false for _, arg := range container.Args { - if arg == targetPortArg { + if arg == mcpPortArg { found = true break } @@ -1067,7 +1067,7 @@ func deploymentNeedsUpdate(deployment *appsv1.Deployment, mcpServer *mcpv1alpha1 // serviceNeedsUpdate checks if the service needs to be updated func serviceNeedsUpdate(service *corev1.Service, mcpServer *mcpv1alpha1.MCPServer) bool { // Check if the service port has changed - if len(service.Spec.Ports) > 0 && service.Spec.Ports[0].Port != mcpServer.Spec.Port { + if len(service.Spec.Ports) > 0 && service.Spec.Ports[0].Port != mcpServer.Spec.ProxyPort { return true } diff --git a/deploy/charts/operator-crds/templates/toolhive.stacklok.dev_mcpservers.yaml b/deploy/charts/operator-crds/templates/toolhive.stacklok.dev_mcpservers.yaml index da092516c..83fee26b0 100644 --- a/deploy/charts/operator-crds/templates/toolhive.stacklok.dev_mcpservers.yaml +++ b/deploy/charts/operator-crds/templates/toolhive.stacklok.dev_mcpservers.yaml @@ -8303,9 +8303,9 @@ spec: - containers type: object type: object - port: + proxyPort: default: 8080 - description: Port is the port to expose the MCP server on + description: ProxyPort is the port to expose the proxy runner on format: int32 maximum: 65535 minimum: 1 @@ -8422,8 +8422,8 @@ spec: ServiceAccount is the name of an already existing service account to use by the MCP server. If not specified, a ServiceAccount will be created automatically and used by the MCP server. type: string - targetPort: - description: TargetPort is the port that MCP server listens to + mcpPort: + description: McpPort is the port that MCP server listens to format: int32 maximum: 65535 minimum: 1 diff --git a/deploy/keycloak/mcpserver-with-auth.yaml b/deploy/keycloak/mcpserver-with-auth.yaml index 7037f7222..f0c9709fa 100644 --- a/deploy/keycloak/mcpserver-with-auth.yaml +++ b/deploy/keycloak/mcpserver-with-auth.yaml @@ -13,8 +13,8 @@ spec: - name: INSECURE_DISABLE_URL_VALIDATION value: "true" transport: streamable-http - port: 9090 - targetPort: 9090 + proxyPort: 9090 + mcpPort: 9090 env: # OIDC authentication with Keycloak diff --git a/examples/operator/mcp-servers/mcpserver_fetch.yaml b/examples/operator/mcp-servers/mcpserver_fetch.yaml index 01eb1b91d..9dc75e5da 100644 --- a/examples/operator/mcp-servers/mcpserver_fetch.yaml +++ b/examples/operator/mcp-servers/mcpserver_fetch.yaml @@ -6,8 +6,8 @@ metadata: spec: image: ghcr.io/stackloklabs/gofetch/server transport: streamable-http - port: 8080 - targetPort: 8080 + proxyPort: 8080 + mcpPort: 8080 permissionProfile: type: builtin name: network diff --git a/examples/operator/mcp-servers/mcpserver_fetch_tools_filter.yaml b/examples/operator/mcp-servers/mcpserver_fetch_tools_filter.yaml index 8e07fc5ab..7967976f8 100644 --- a/examples/operator/mcp-servers/mcpserver_fetch_tools_filter.yaml +++ b/examples/operator/mcp-servers/mcpserver_fetch_tools_filter.yaml @@ -8,8 +8,8 @@ spec: transport: streamable-http tools: - fetch - port: 8080 - targetPort: 8080 + proxyPort: 8080 + mcpPort: 8080 permissionProfile: type: builtin name: network diff --git a/examples/operator/mcp-servers/mcpserver_github.yaml b/examples/operator/mcp-servers/mcpserver_github.yaml index 73ef6422e..6f8e99f7f 100644 --- a/examples/operator/mcp-servers/mcpserver_github.yaml +++ b/examples/operator/mcp-servers/mcpserver_github.yaml @@ -6,7 +6,7 @@ metadata: spec: image: ghcr.io/github/github-mcp-server transport: stdio - port: 8080 + proxyPort: 8080 permissionProfile: type: builtin name: network diff --git a/examples/operator/mcp-servers/mcpserver_mkp.yaml b/examples/operator/mcp-servers/mcpserver_mkp.yaml index 8b54a3edb..940e5e942 100644 --- a/examples/operator/mcp-servers/mcpserver_mkp.yaml +++ b/examples/operator/mcp-servers/mcpserver_mkp.yaml @@ -6,7 +6,7 @@ metadata: spec: image: ghcr.io/stackloklabs/mkp/server transport: sse - port: 8080 + proxyPort: 8080 permissionProfile: type: builtin name: network diff --git a/examples/operator/mcp-servers/mcpserver_with_configmap_oidc.yaml b/examples/operator/mcp-servers/mcpserver_with_configmap_oidc.yaml index aea48033d..d4a7bcf4b 100644 --- a/examples/operator/mcp-servers/mcpserver_with_configmap_oidc.yaml +++ b/examples/operator/mcp-servers/mcpserver_with_configmap_oidc.yaml @@ -17,7 +17,7 @@ metadata: spec: image: docker.io/mcp/fetch transport: stdio - port: 8080 + proxyPort: 8080 permissionProfile: type: builtin name: network diff --git a/examples/operator/mcp-servers/mcpserver_with_inline_oidc.yaml b/examples/operator/mcp-servers/mcpserver_with_inline_oidc.yaml index ea86d4608..b732ce04d 100644 --- a/examples/operator/mcp-servers/mcpserver_with_inline_oidc.yaml +++ b/examples/operator/mcp-servers/mcpserver_with_inline_oidc.yaml @@ -6,7 +6,7 @@ metadata: spec: image: docker.io/mcp/fetch transport: stdio - port: 8080 + proxyPort: 8080 permissionProfile: type: builtin name: network diff --git a/examples/operator/mcp-servers/mcpserver_with_kubernetes_oidc.yaml b/examples/operator/mcp-servers/mcpserver_with_kubernetes_oidc.yaml index cef8b5716..aa418c12b 100644 --- a/examples/operator/mcp-servers/mcpserver_with_kubernetes_oidc.yaml +++ b/examples/operator/mcp-servers/mcpserver_with_kubernetes_oidc.yaml @@ -6,7 +6,7 @@ metadata: spec: image: docker.io/mcp/fetch transport: stdio - port: 8080 + proxyPort: 8080 permissionProfile: type: builtin name: network diff --git a/examples/operator/mcp-servers/mcpserver_with_pod_template.yaml b/examples/operator/mcp-servers/mcpserver_with_pod_template.yaml index 077f38de5..21836d6c8 100644 --- a/examples/operator/mcp-servers/mcpserver_with_pod_template.yaml +++ b/examples/operator/mcp-servers/mcpserver_with_pod_template.yaml @@ -5,7 +5,7 @@ metadata: spec: image: ghcr.io/stackloklabs/mcp-fetch:latest transport: sse - port: 8080 + proxyPort: 8080 # Example of using the PodTemplateSpec to customize the pod podTemplateSpec: spec: diff --git a/examples/operator/mcp-servers/mcpserver_with_resource_overrides.yaml b/examples/operator/mcp-servers/mcpserver_with_resource_overrides.yaml index f3dacf216..9adaf6271 100644 --- a/examples/operator/mcp-servers/mcpserver_with_resource_overrides.yaml +++ b/examples/operator/mcp-servers/mcpserver_with_resource_overrides.yaml @@ -6,7 +6,7 @@ metadata: spec: image: docker.io/mcp/github transport: stdio - port: 8080 + proxyPort: 8080 permissionProfile: type: builtin name: network diff --git a/examples/operator/mcp-servers/mcpserver_yardstick_sse.yaml b/examples/operator/mcp-servers/mcpserver_yardstick_sse.yaml index 43df449a0..b6882e7a3 100644 --- a/examples/operator/mcp-servers/mcpserver_yardstick_sse.yaml +++ b/examples/operator/mcp-servers/mcpserver_yardstick_sse.yaml @@ -9,8 +9,8 @@ spec: env: - name: TRANSPORT value: sse - port: 8080 - targetPort: 8080 + proxyPort: 8080 + mcpPort: 8080 permissionProfile: type: builtin name: network diff --git a/examples/operator/mcp-servers/mcpserver_yardstick_stdio.yaml b/examples/operator/mcp-servers/mcpserver_yardstick_stdio.yaml index 6a40382c7..a95cbb155 100644 --- a/examples/operator/mcp-servers/mcpserver_yardstick_stdio.yaml +++ b/examples/operator/mcp-servers/mcpserver_yardstick_stdio.yaml @@ -6,7 +6,7 @@ metadata: spec: image: ghcr.io/stackloklabs/yardstick/yardstick-server:0.0.2 transport: stdio - port: 8080 + proxyPort: 8080 permissionProfile: type: builtin name: network diff --git a/examples/operator/mcp-servers/mcpserver_yardstick_streamablehttp.yaml b/examples/operator/mcp-servers/mcpserver_yardstick_streamablehttp.yaml index 146c7ccaf..31bbdf51d 100644 --- a/examples/operator/mcp-servers/mcpserver_yardstick_streamablehttp.yaml +++ b/examples/operator/mcp-servers/mcpserver_yardstick_streamablehttp.yaml @@ -9,8 +9,8 @@ spec: env: - name: TRANSPORT value: streamable-http - port: 8080 - targetPort: 8080 + proxyPort: 8080 + mcpPort: 8080 permissionProfile: type: builtin name: network diff --git a/test/e2e/chainsaw/operator/multi-tenancy/test-scenarios/sse/mcpserver.yaml b/test/e2e/chainsaw/operator/multi-tenancy/test-scenarios/sse/mcpserver.yaml index e4f10a291..9a816f1e5 100644 --- a/test/e2e/chainsaw/operator/multi-tenancy/test-scenarios/sse/mcpserver.yaml +++ b/test/e2e/chainsaw/operator/multi-tenancy/test-scenarios/sse/mcpserver.yaml @@ -9,8 +9,8 @@ spec: env: - name: TRANSPORT value: sse - port: 8080 - targetPort: 8080 + proxyPort: 8080 + mcpPort: 8080 permissionProfile: type: builtin name: network diff --git a/test/e2e/chainsaw/operator/multi-tenancy/test-scenarios/stdio/mcpserver.yaml b/test/e2e/chainsaw/operator/multi-tenancy/test-scenarios/stdio/mcpserver.yaml index 773003ef5..9a2e8e3f2 100644 --- a/test/e2e/chainsaw/operator/multi-tenancy/test-scenarios/stdio/mcpserver.yaml +++ b/test/e2e/chainsaw/operator/multi-tenancy/test-scenarios/stdio/mcpserver.yaml @@ -6,7 +6,7 @@ metadata: spec: image: ghcr.io/stackloklabs/yardstick/yardstick-server:0.0.2 transport: stdio - port: 8080 + proxyPort: 8080 permissionProfile: type: builtin name: network diff --git a/test/e2e/chainsaw/operator/multi-tenancy/test-scenarios/streamable-http/mcpserver.yaml b/test/e2e/chainsaw/operator/multi-tenancy/test-scenarios/streamable-http/mcpserver.yaml index 2cd9c8e7f..52c307f32 100644 --- a/test/e2e/chainsaw/operator/multi-tenancy/test-scenarios/streamable-http/mcpserver.yaml +++ b/test/e2e/chainsaw/operator/multi-tenancy/test-scenarios/streamable-http/mcpserver.yaml @@ -9,8 +9,8 @@ spec: env: - name: TRANSPORT value: streamable-http - port: 8080 - targetPort: 8080 + proxyPort: 8080 + mcpPort: 8080 permissionProfile: type: builtin name: network diff --git a/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/sse/mcpserver.yaml b/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/sse/mcpserver.yaml index 2cab9d32d..22d8ea540 100644 --- a/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/sse/mcpserver.yaml +++ b/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/sse/mcpserver.yaml @@ -10,8 +10,8 @@ spec: env: - name: TRANSPORT value: sse - port: 8080 - targetPort: 8080 + proxyPort: 8080 + mcpPort: 8080 permissionProfile: type: builtin name: network diff --git a/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/stdio/mcpserver.yaml b/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/stdio/mcpserver.yaml index 6a40382c7..a95cbb155 100644 --- a/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/stdio/mcpserver.yaml +++ b/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/stdio/mcpserver.yaml @@ -6,7 +6,7 @@ metadata: spec: image: ghcr.io/stackloklabs/yardstick/yardstick-server:0.0.2 transport: stdio - port: 8080 + proxyPort: 8080 permissionProfile: type: builtin name: network diff --git a/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/streamable-http/mcpserver.yaml b/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/streamable-http/mcpserver.yaml index b91a19417..592082e3f 100644 --- a/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/streamable-http/mcpserver.yaml +++ b/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/streamable-http/mcpserver.yaml @@ -9,8 +9,8 @@ spec: env: - name: TRANSPORT value: streamable-http - port: 8080 - targetPort: 8080 + proxyPort: 8080 + mcpPort: 8080 permissionProfile: type: builtin name: network From 9486825fa07d1b57594cf1520e7082f22dbfffec Mon Sep 17 00:00:00 2001 From: ChrisJBurns <29541485+ChrisJBurns@users.noreply.github.com> Date: Thu, 18 Sep 2025 21:22:12 +0100 Subject: [PATCH 2/6] cleanup Signed-off-by: ChrisJBurns <29541485+ChrisJBurns@users.noreply.github.com> --- cmd/thv-operator/README.md | 4 +- .../controllers/mcpserver_platform_test.go | 6 +- .../mcpserver_pod_template_test.go | 14 ++-- .../controllers/mcpserver_rbac_test.go | 2 +- .../mcpserver_resource_overrides_test.go | 50 +++++++------- .../controllers/mcpserver_runconfig.go | 6 +- .../controllers/mcpserver_runconfig_test.go | 67 ++++++++++--------- 7 files changed, 75 insertions(+), 74 deletions(-) diff --git a/cmd/thv-operator/README.md b/cmd/thv-operator/README.md index a49c5a3fe..d714e7e20 100644 --- a/cmd/thv-operator/README.md +++ b/cmd/thv-operator/README.md @@ -203,8 +203,8 @@ kubectl describe mcpserver |---------------------|--------------------------------------------------|----------|---------| | `image` | Container image for the MCP server | Yes | - | | `transport` | Transport method (stdio, streamable-http or sse) | No | stdio | -| `port` | Port to expose the MCP server on | No | 8080 | -| `targetPort` | Port that MCP server listens to | No | - | +| `proxyPort` | Port to expose the MCP server on | No | 8080 | +| `mcpPort` | Port that MCP server listens to | No | - | | `args` | Additional arguments to pass to the MCP server | No | - | | `env` | Environment variables to set in the container | No | - | | `volumes` | Volumes to mount in the container | No | - | diff --git a/cmd/thv-operator/controllers/mcpserver_platform_test.go b/cmd/thv-operator/controllers/mcpserver_platform_test.go index ade3bbefd..b73be83c6 100644 --- a/cmd/thv-operator/controllers/mcpserver_platform_test.go +++ b/cmd/thv-operator/controllers/mcpserver_platform_test.go @@ -105,7 +105,7 @@ func TestMCPServerReconciler_DeploymentForMCPServer_Kubernetes(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "test-image:latest", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, }, } @@ -180,7 +180,7 @@ func TestMCPServerReconciler_DeploymentForMCPServer_OpenShift(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "test-image:latest", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, }, } @@ -261,7 +261,7 @@ func TestMCPServerReconciler_DeploymentForMCPServer_PlatformDetectionError(t *te Spec: mcpv1alpha1.MCPServerSpec{ Image: "test-image:latest", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, }, } diff --git a/cmd/thv-operator/controllers/mcpserver_pod_template_test.go b/cmd/thv-operator/controllers/mcpserver_pod_template_test.go index 6c2e3d8f5..7e5f187a0 100644 --- a/cmd/thv-operator/controllers/mcpserver_pod_template_test.go +++ b/cmd/thv-operator/controllers/mcpserver_pod_template_test.go @@ -28,7 +28,7 @@ func TestDeploymentForMCPServerWithPodTemplateSpec(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "test-image:latest", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, PodTemplateSpec: &corev1.PodTemplateSpec{ Spec: corev1.PodSpec{ Tolerations: []corev1.Toleration{ @@ -162,7 +162,7 @@ func TestDeploymentForMCPServerSecretsProviderEnv(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "test-image:latest", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, }, } @@ -194,7 +194,7 @@ func TestDeploymentForMCPServerWithSecrets(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "test-image:latest", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, Secrets: []mcpv1alpha1.SecretRef{ { Name: "github-token", @@ -300,7 +300,7 @@ func TestDeploymentForMCPServerWithEnvVars(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "test-image:latest", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, Env: []mcpv1alpha1.EnvVar{ { Name: "API_KEY", @@ -366,7 +366,7 @@ func TestDeploymentForMCPServerWithProxyMode(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "test-image:latest", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, ProxyMode: "streamable-http", }, } @@ -406,7 +406,7 @@ func TestProxyRunnerSecurityContext(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "test-image:latest", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, }, } @@ -455,7 +455,7 @@ func TestProxyRunnerStructuredLogsEnvVar(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "test-image:latest", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, }, } diff --git a/cmd/thv-operator/controllers/mcpserver_rbac_test.go b/cmd/thv-operator/controllers/mcpserver_rbac_test.go index d5ea53e78..b574ecd3e 100644 --- a/cmd/thv-operator/controllers/mcpserver_rbac_test.go +++ b/cmd/thv-operator/controllers/mcpserver_rbac_test.go @@ -329,7 +329,7 @@ func createTestMCPServer(name, namespace string) *mcpv1alpha1.MCPServer { Spec: mcpv1alpha1.MCPServerSpec{ Image: "test-image:latest", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, }, } } diff --git a/cmd/thv-operator/controllers/mcpserver_resource_overrides_test.go b/cmd/thv-operator/controllers/mcpserver_resource_overrides_test.go index 68cf8e88b..16303d11e 100644 --- a/cmd/thv-operator/controllers/mcpserver_resource_overrides_test.go +++ b/cmd/thv-operator/controllers/mcpserver_resource_overrides_test.go @@ -50,8 +50,8 @@ func TestResourceOverrides(t *testing.T) { Namespace: "default", }, Spec: mcpv1alpha1.MCPServerSpec{ - Image: "test-image", - Port: 8080, + Image: "test-image", + ProxyPort: 8080, }, }, expectedDeploymentLabels: map[string]string{ @@ -79,8 +79,8 @@ func TestResourceOverrides(t *testing.T) { Namespace: "default", }, Spec: mcpv1alpha1.MCPServerSpec{ - Image: "test-image", - Port: 8080, + Image: "test-image", + ProxyPort: 8080, ResourceOverrides: &mcpv1alpha1.ResourceOverrides{ ProxyDeployment: &mcpv1alpha1.ProxyDeploymentOverrides{ ResourceMetadataOverrides: mcpv1alpha1.ResourceMetadataOverrides{ @@ -144,8 +144,8 @@ func TestResourceOverrides(t *testing.T) { Namespace: "default", }, Spec: mcpv1alpha1.MCPServerSpec{ - Image: "test-image", - Port: 8080, + Image: "test-image", + ProxyPort: 8080, ResourceOverrides: &mcpv1alpha1.ResourceOverrides{ ProxyDeployment: &mcpv1alpha1.ProxyDeploymentOverrides{ ResourceMetadataOverrides: mcpv1alpha1.ResourceMetadataOverrides{ @@ -197,8 +197,8 @@ func TestResourceOverrides(t *testing.T) { Namespace: "default", }, Spec: mcpv1alpha1.MCPServerSpec{ - Image: "test-image", - Port: 8080, + Image: "test-image", + ProxyPort: 8080, ResourceOverrides: &mcpv1alpha1.ResourceOverrides{ ProxyDeployment: &mcpv1alpha1.ProxyDeploymentOverrides{ ResourceMetadataOverrides: mcpv1alpha1.ResourceMetadataOverrides{ @@ -262,8 +262,8 @@ func TestResourceOverrides(t *testing.T) { Namespace: "default", }, Spec: mcpv1alpha1.MCPServerSpec{ - Image: "test-image", - Port: 8080, + Image: "test-image", + ProxyPort: 8080, ResourceOverrides: &mcpv1alpha1.ResourceOverrides{ ProxyDeployment: &mcpv1alpha1.ProxyDeploymentOverrides{ PodTemplateMetadataOverrides: &mcpv1alpha1.ResourceMetadataOverrides{ @@ -446,8 +446,8 @@ func TestDeploymentNeedsUpdateServiceAccount(t *testing.T) { Namespace: "default", }, Spec: mcpv1alpha1.MCPServerSpec{ - Image: "test-image", - Port: 8080, + Image: "test-image", + ProxyPort: 8080, }, } @@ -489,8 +489,8 @@ func TestDeploymentNeedsUpdateProxyEnv(t *testing.T) { Namespace: "default", }, Spec: mcpv1alpha1.MCPServerSpec{ - Image: "test-image", - Port: 8080, + Image: "test-image", + ProxyPort: 8080, ResourceOverrides: &mcpv1alpha1.ResourceOverrides{ ProxyDeployment: &mcpv1alpha1.ProxyDeploymentOverrides{ Env: []mcpv1alpha1.EnvVar{ @@ -515,8 +515,8 @@ func TestDeploymentNeedsUpdateProxyEnv(t *testing.T) { Namespace: "default", }, Spec: mcpv1alpha1.MCPServerSpec{ - Image: "test-image", - Port: 8080, + Image: "test-image", + ProxyPort: 8080, ResourceOverrides: &mcpv1alpha1.ResourceOverrides{ ProxyDeployment: &mcpv1alpha1.ProxyDeploymentOverrides{ Env: []mcpv1alpha1.EnvVar{ @@ -541,8 +541,8 @@ func TestDeploymentNeedsUpdateProxyEnv(t *testing.T) { Namespace: "default", }, Spec: mcpv1alpha1.MCPServerSpec{ - Image: "test-image", - Port: 8080, + Image: "test-image", + ProxyPort: 8080, ResourceOverrides: &mcpv1alpha1.ResourceOverrides{ ProxyDeployment: &mcpv1alpha1.ProxyDeploymentOverrides{ Env: []mcpv1alpha1.EnvVar{ @@ -568,8 +568,8 @@ func TestDeploymentNeedsUpdateProxyEnv(t *testing.T) { Namespace: "default", }, Spec: mcpv1alpha1.MCPServerSpec{ - Image: "test-image", - Port: 8080, + Image: "test-image", + ProxyPort: 8080, ResourceOverrides: &mcpv1alpha1.ResourceOverrides{ ProxyDeployment: &mcpv1alpha1.ProxyDeploymentOverrides{ Env: []mcpv1alpha1.EnvVar{ @@ -593,8 +593,8 @@ func TestDeploymentNeedsUpdateProxyEnv(t *testing.T) { Namespace: "default", }, Spec: mcpv1alpha1.MCPServerSpec{ - Image: "test-image", - Port: 8080, + Image: "test-image", + ProxyPort: 8080, }, }, existingEnvVars: []corev1.EnvVar{}, @@ -608,8 +608,8 @@ func TestDeploymentNeedsUpdateProxyEnv(t *testing.T) { Namespace: "default", }, Spec: mcpv1alpha1.MCPServerSpec{ - Image: "test-image", - Port: 8080, + Image: "test-image", + ProxyPort: 8080, }, }, existingEnvVars: []corev1.EnvVar{ @@ -707,7 +707,7 @@ func TestDeploymentNeedsUpdateToolsFilter(t *testing.T) { }, Spec: mcpv1alpha1.MCPServerSpec{ Image: "test-image", - Port: 8080, + ProxyPort: 8080, ToolsFilter: tt.initialToolsFilter, }, } diff --git a/cmd/thv-operator/controllers/mcpserver_runconfig.go b/cmd/thv-operator/controllers/mcpserver_runconfig.go index 3f6a04a8e..a440ed10a 100644 --- a/cmd/thv-operator/controllers/mcpserver_runconfig.go +++ b/cmd/thv-operator/controllers/mcpserver_runconfig.go @@ -209,8 +209,8 @@ func (r *MCPServerReconciler) createRunConfigFromMCPServer(m *mcpv1alpha1.MCPSer } port := 8080 - if m.Spec.Port != 0 { - port = int(m.Spec.Port) + if m.Spec.ProxyPort != 0 { + port = int(m.Spec.ProxyPort) } // Helper functions to convert MCPServer spec to builder format @@ -261,7 +261,7 @@ func (r *MCPServerReconciler) createRunConfigFromMCPServer(m *mcpv1alpha1.MCPSer runner.WithName(m.Name), runner.WithImage(m.Spec.Image), runner.WithCmdArgs(m.Spec.Args), - runner.WithTransportAndPorts(m.Spec.Transport, port, int(m.Spec.TargetPort)), + runner.WithTransportAndPorts(m.Spec.Transport, port, int(m.Spec.McpPort)), runner.WithProxyMode(transporttypes.ProxyMode(proxyMode)), runner.WithHost(proxyHost), runner.WithToolsFilter(toolsFilter), diff --git a/cmd/thv-operator/controllers/mcpserver_runconfig_test.go b/cmd/thv-operator/controllers/mcpserver_runconfig_test.go index 93704419c..95979d3b5 100644 --- a/cmd/thv-operator/controllers/mcpserver_runconfig_test.go +++ b/cmd/thv-operator/controllers/mcpserver_runconfig_test.go @@ -44,7 +44,7 @@ func createTestMCPServerWithConfig(name, namespace, image string, envVars []mcpv Spec: mcpv1alpha1.MCPServerSpec{ Image: image, Transport: stdioTransport, - Port: 8080, + ProxyPort: 8080, Env: envVars, }, } @@ -68,7 +68,7 @@ func TestCreateRunConfigFromMCPServer(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: testImage, Transport: stdioTransport, - Port: 8080, + ProxyPort: 8080, }, }, //nolint:thelper // We want to see the error at the specific line @@ -89,7 +89,7 @@ func TestCreateRunConfigFromMCPServer(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "env-image:latest", Transport: "sse", - Port: 9090, + ProxyPort: 9090, Env: []mcpv1alpha1.EnvVar{ {Name: "VAR1", Value: "value1"}, {Name: "VAR2", Value: "value2"}, @@ -116,7 +116,7 @@ func TestCreateRunConfigFromMCPServer(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "vol-image:latest", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, Volumes: []mcpv1alpha1.Volume{ {Name: "vol1", HostPath: "/host/path1", MountPath: "/mount/path1", ReadOnly: false}, {Name: "vol2", HostPath: "/host/path2", MountPath: "/mount/path2", ReadOnly: true}, @@ -141,7 +141,7 @@ func TestCreateRunConfigFromMCPServer(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "secret-image:latest", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, Secrets: []mcpv1alpha1.SecretRef{ {Name: "secret1", Key: "key1", TargetEnvName: "TARGET1"}, {Name: "secret2", Key: "key2"}, // No target, should use key as target @@ -169,7 +169,7 @@ func TestCreateRunConfigFromMCPServer(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: testImage, Transport: stdioTransport, - Port: 8080, + ProxyPort: 8080, ProxyMode: streamableHTTPProxyMode, }, }, @@ -192,7 +192,7 @@ func TestCreateRunConfigFromMCPServer(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: testImage, Transport: stdioTransport, - Port: 8080, + ProxyPort: 8080, // ProxyMode not specified }, }, @@ -215,8 +215,8 @@ func TestCreateRunConfigFromMCPServer(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "comprehensive:latest", Transport: "streamable-http", - Port: 9090, - TargetPort: 8080, + ProxyPort: 9090, + McpPort: 8080, ProxyMode: "streamable-http", Args: []string{"--comprehensive", "--test"}, ToolsFilter: []string{"tool1", "tool2"}, @@ -270,7 +270,7 @@ func TestCreateRunConfigFromMCPServer(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "edge:latest", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, Args: []string{}, // Empty slice ToolsFilter: nil, // Nil slice Env: nil, // Nil slice @@ -299,7 +299,7 @@ func TestCreateRunConfigFromMCPServer(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: testImage, Transport: stdioTransport, - Port: 8080, + ProxyPort: 8080, Telemetry: &mcpv1alpha1.TelemetryConfig{ OpenTelemetry: &mcpv1alpha1.OpenTelemetryConfig{ Enabled: true, @@ -351,7 +351,7 @@ func TestCreateRunConfigFromMCPServer(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: testImage, Transport: stdioTransport, - Port: 8080, + ProxyPort: 8080, Telemetry: &mcpv1alpha1.TelemetryConfig{ OpenTelemetry: &mcpv1alpha1.OpenTelemetryConfig{ Enabled: true, @@ -385,7 +385,7 @@ func TestCreateRunConfigFromMCPServer(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: testImage, Transport: stdioTransport, - Port: 8080, + ProxyPort: 8080, Telemetry: &mcpv1alpha1.TelemetryConfig{ Prometheus: &mcpv1alpha1.PrometheusConfig{ Enabled: true, @@ -417,7 +417,7 @@ func TestCreateRunConfigFromMCPServer(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: testImage, Transport: stdioTransport, - Port: 8080, + ProxyPort: 8080, AuthzConfig: &mcpv1alpha1.AuthzConfigRef{ Type: mcpv1alpha1.AuthzConfigTypeInline, Inline: &mcpv1alpha1.InlineAuthzConfig{ @@ -457,7 +457,7 @@ func TestCreateRunConfigFromMCPServer(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: testImage, Transport: stdioTransport, - Port: 8080, + ProxyPort: 8080, AuthzConfig: &mcpv1alpha1.AuthzConfigRef{ Type: mcpv1alpha1.AuthzConfigTypeConfigMap, ConfigMap: &mcpv1alpha1.ConfigMapAuthzRef{ @@ -491,7 +491,7 @@ func TestCreateRunConfigFromMCPServer(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: testImage, Transport: stdioTransport, - Port: 8080, + ProxyPort: 8080, OIDCConfig: &mcpv1alpha1.OIDCConfigRef{ Type: mcpv1alpha1.OIDCConfigTypeInline, Inline: &mcpv1alpha1.InlineOIDCConfig{ @@ -536,7 +536,7 @@ func TestCreateRunConfigFromMCPServer(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: testImage, Transport: stdioTransport, - Port: 8080, + ProxyPort: 8080, OIDCConfig: &mcpv1alpha1.OIDCConfigRef{ Type: mcpv1alpha1.OIDCConfigTypeConfigMap, ConfigMap: &mcpv1alpha1.ConfigMapOIDCRef{ @@ -564,7 +564,7 @@ func TestCreateRunConfigFromMCPServer(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: testImage, Transport: stdioTransport, - Port: 8080, + ProxyPort: 8080, Audit: &mcpv1alpha1.AuditConfig{ Enabled: true, }, @@ -587,7 +587,7 @@ func TestCreateRunConfigFromMCPServer(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: testImage, Transport: stdioTransport, - Port: 8080, + ProxyPort: 8080, Audit: &mcpv1alpha1.AuditConfig{ Enabled: false, }, @@ -675,8 +675,8 @@ func TestDeterministicConfigMapGeneration(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "deterministic-test:v1.2.3", Transport: "sse", - Port: 9090, - TargetPort: 8080, + ProxyPort: 9090, + McpPort: 8080, Args: []string{"--arg1", "--arg2", "--complex-flag=value"}, ToolsFilter: []string{"tool3", "tool1", "tool2"}, // Different order to test sorting Env: []mcpv1alpha1.EnvVar{ @@ -907,7 +907,7 @@ func TestEnsureRunConfigConfigMap(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "ghcr.io/example/server:v1.0.0", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, Telemetry: &mcpv1alpha1.TelemetryConfig{ OpenTelemetry: &mcpv1alpha1.OpenTelemetryConfig{ Enabled: true, @@ -972,7 +972,7 @@ func TestEnsureRunConfigConfigMap(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "ghcr.io/example/server:v1.0.0", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, AuthzConfig: &mcpv1alpha1.AuthzConfigRef{ Type: mcpv1alpha1.AuthzConfigTypeInline, Inline: &mcpv1alpha1.InlineAuthzConfig{ @@ -1025,7 +1025,7 @@ func TestEnsureRunConfigConfigMap(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "ghcr.io/example/server:v1.0.0", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, OIDCConfig: &mcpv1alpha1.OIDCConfigRef{ Type: mcpv1alpha1.OIDCConfigTypeInline, Inline: &mcpv1alpha1.InlineOIDCConfig{ @@ -1080,7 +1080,7 @@ func TestEnsureRunConfigConfigMap(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "ghcr.io/example/server:v1.0.0", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, Audit: &mcpv1alpha1.AuditConfig{ Enabled: true, }, @@ -1171,7 +1171,7 @@ func TestEnsureRunConfigConfigMap(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "ghcr.io/example/server:v1.0.0", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, AuthzConfig: &mcpv1alpha1.AuthzConfigRef{ Type: mcpv1alpha1.AuthzConfigTypeConfigMap, ConfigMap: &mcpv1alpha1.ConfigMapAuthzRef{ @@ -1665,12 +1665,13 @@ func TestMCPServerModificationScenarios(t *testing.T) { }, modifyServer: func(server *mcpv1alpha1.MCPServer) { server.Spec.Transport = "sse" - server.Spec.Port = 9090 - server.Spec.TargetPort = 8080 + server.Spec.ProxyPort = 9090 + server.Spec.McpPort = 8080 }, expectedChanges: map[string]interface{}{ - "Transport": transporttypes.TransportTypeSSE, - "Port": 9090, + "Transport": transporttypes.TransportTypeSSE, + "Port": 9090, + "TargetPort": 8080, }, }, { @@ -1846,7 +1847,7 @@ func TestEnsureRunConfigConfigMap_WithVaultInjection(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "ghcr.io/example/server:v1.0.0", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, PodTemplateSpec: &corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ @@ -1869,7 +1870,7 @@ func TestEnsureRunConfigConfigMap_WithVaultInjection(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "ghcr.io/example/server:v1.0.0", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, ResourceOverrides: &mcpv1alpha1.ResourceOverrides{ ProxyDeployment: &mcpv1alpha1.ProxyDeploymentOverrides{ PodTemplateMetadataOverrides: &mcpv1alpha1.ResourceMetadataOverrides{ @@ -1894,7 +1895,7 @@ func TestEnsureRunConfigConfigMap_WithVaultInjection(t *testing.T) { Spec: mcpv1alpha1.MCPServerSpec{ Image: "ghcr.io/example/server:v1.0.0", Transport: "stdio", - Port: 8080, + ProxyPort: 8080, }, }, expectedEnvDir: "", From 56240f26057a29e5e3e33c70b8ed1e2d44f594dc Mon Sep 17 00:00:00 2001 From: ChrisJBurns <29541485+ChrisJBurns@users.noreply.github.com> Date: Thu, 18 Sep 2025 21:26:37 +0100 Subject: [PATCH 3/6] APIs docs Signed-off-by: ChrisJBurns <29541485+ChrisJBurns@users.noreply.github.com> --- docs/operator/crd-api.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/operator/crd-api.md b/docs/operator/crd-api.md index 2fd5ec5a8..d809f7a08 100644 --- a/docs/operator/crd-api.md +++ b/docs/operator/crd-api.md @@ -389,8 +389,8 @@ _Appears in:_ | `image` _string_ | Image is the container image for the MCP server | | Required: \{\}
| | `transport` _string_ | Transport is the transport method for the MCP server (stdio, streamable-http or sse) | stdio | Enum: [stdio streamable-http sse]
| | `proxyMode` _string_ | ProxyMode is the proxy mode for stdio transport (sse or streamable-http)
This setting is only used when Transport is "stdio" | sse | Enum: [sse streamable-http]
| -| `port` _integer_ | Port is the port to expose the MCP server on | 8080 | Maximum: 65535
Minimum: 1
| -| `targetPort` _integer_ | TargetPort is the port that MCP server listens to | | Maximum: 65535
Minimum: 1
| +| `proxyPort` _integer_ | ProxyPort is the port to expose the proxy runner on | 8080 | Maximum: 65535
Minimum: 1
| +| `mcpPort` _integer_ | McpPort is the port that MCP server listens to | | Maximum: 65535
Minimum: 1
| | `args` _string array_ | Args are additional arguments to pass to the MCP server | | | | `env` _[EnvVar](#envvar) array_ | Env are environment variables to set in the MCP server container | | | | `volumes` _[Volume](#volume) array_ | Volumes are volumes to mount in the MCP server container | | | From a89a09ee6970201d54aa8b98006703b29401c72e Mon Sep 17 00:00:00 2001 From: ChrisJBurns <29541485+ChrisJBurns@users.noreply.github.com> Date: Thu, 18 Sep 2025 21:28:28 +0100 Subject: [PATCH 4/6] bumps crd helm chart Signed-off-by: ChrisJBurns <29541485+ChrisJBurns@users.noreply.github.com> --- deploy/charts/operator-crds/Chart.yaml | 2 +- deploy/charts/operator-crds/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/charts/operator-crds/Chart.yaml b/deploy/charts/operator-crds/Chart.yaml index 3eb43a764..cd6594013 100644 --- a/deploy/charts/operator-crds/Chart.yaml +++ b/deploy/charts/operator-crds/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: toolhive-operator-crds description: A Helm chart for installing the ToolHive Operator CRDs into Kubernetes. type: application -version: 0.0.26 +version: 0.0.27 appVersion: "0.0.1" diff --git a/deploy/charts/operator-crds/README.md b/deploy/charts/operator-crds/README.md index 661896d42..eb1a5c8b9 100644 --- a/deploy/charts/operator-crds/README.md +++ b/deploy/charts/operator-crds/README.md @@ -1,7 +1,7 @@ # ToolHive Operator CRDs Helm Chart -![Version: 0.0.26](https://img.shields.io/badge/Version-0.0.26-informational?style=flat-square) +![Version: 0.0.27](https://img.shields.io/badge/Version-0.0.27-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) A Helm chart for installing the ToolHive Operator CRDs into Kubernetes. From 40810916f67a19d686ea692e618b840bb6961c42 Mon Sep 17 00:00:00 2001 From: ChrisJBurns <29541485+ChrisJBurns@users.noreply.github.com> Date: Thu, 18 Sep 2025 21:30:45 +0100 Subject: [PATCH 5/6] generates crds Signed-off-by: ChrisJBurns <29541485+ChrisJBurns@users.noreply.github.com> --- .../toolhive.stacklok.dev_mcpservers.yaml | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/deploy/charts/operator-crds/crds/toolhive.stacklok.dev_mcpservers.yaml b/deploy/charts/operator-crds/crds/toolhive.stacklok.dev_mcpservers.yaml index 252772b22..00c1736f0 100644 --- a/deploy/charts/operator-crds/crds/toolhive.stacklok.dev_mcpservers.yaml +++ b/deploy/charts/operator-crds/crds/toolhive.stacklok.dev_mcpservers.yaml @@ -134,6 +134,12 @@ spec: image: description: Image is the container image for the MCP server type: string + mcpPort: + description: McpPort is the port that MCP server listens to + format: int32 + maximum: 65535 + minimum: 1 + type: integer oidcConfig: description: OIDCConfig defines OIDC authentication configuration for the MCP server @@ -8697,13 +8703,6 @@ spec: - containers type: object type: object - proxyPort: - default: 8080 - description: ProxyPort is the port to expose the proxy runner on - format: int32 - maximum: 65535 - minimum: 1 - type: integer proxyMode: default: sse description: |- @@ -8713,6 +8712,13 @@ spec: - sse - streamable-http type: string + proxyPort: + default: 8080 + description: ProxyPort is the port to expose the proxy runner on + format: int32 + maximum: 65535 + minimum: 1 + type: integer resourceOverrides: description: ResourceOverrides allows overriding annotations and labels for resources created by the operator @@ -8840,12 +8846,6 @@ spec: ServiceAccount is the name of an already existing service account to use by the MCP server. If not specified, a ServiceAccount will be created automatically and used by the MCP server. type: string - mcpPort: - description: McpPort is the port that MCP server listens to - format: int32 - maximum: 65535 - minimum: 1 - type: integer telemetry: description: Telemetry defines observability configuration for the MCP server From 9e3ac0b317a9033c1136872fc398f4a6c009b62c Mon Sep 17 00:00:00 2001 From: ChrisJBurns <29541485+ChrisJBurns@users.noreply.github.com> Date: Thu, 18 Sep 2025 21:39:38 +0100 Subject: [PATCH 6/6] missed a couple Signed-off-by: ChrisJBurns <29541485+ChrisJBurns@users.noreply.github.com> --- .../test-scenarios/auth-configmap/mcpserver-auth.yaml | 2 +- .../test-scenarios/authz-configmap-ref/mcpserver-authz-ref.yaml | 2 +- .../test-scenarios/authz-configmap/mcpserver-authz.yaml | 2 +- .../single-tenancy/test-scenarios/configmap-mode/mcpserver.yaml | 2 +- .../test-scenarios/telemetry-configmap/mcpserver-telemetry.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/auth-configmap/mcpserver-auth.yaml b/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/auth-configmap/mcpserver-auth.yaml index 6d8d4c03d..60074a9f1 100644 --- a/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/auth-configmap/mcpserver-auth.yaml +++ b/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/auth-configmap/mcpserver-auth.yaml @@ -6,7 +6,7 @@ metadata: spec: image: ghcr.io/stackloklabs/yardstick/yardstick-server:0.0.2 transport: stdio - port: 8080 + proxyPort: 8080 # Inline OIDC authentication configuration to test ConfigMap generation oidcConfig: diff --git a/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/authz-configmap-ref/mcpserver-authz-ref.yaml b/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/authz-configmap-ref/mcpserver-authz-ref.yaml index f5f3184b2..694b7b377 100644 --- a/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/authz-configmap-ref/mcpserver-authz-ref.yaml +++ b/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/authz-configmap-ref/mcpserver-authz-ref.yaml @@ -6,7 +6,7 @@ metadata: spec: image: ghcr.io/stackloklabs/yardstick/yardstick-server:0.0.2 transport: stdio - port: 8080 + proxyPort: 8080 # Reference external ConfigMap-based authorization configuration authzConfig: diff --git a/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/authz-configmap/mcpserver-authz.yaml b/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/authz-configmap/mcpserver-authz.yaml index a3640158b..75c63e172 100644 --- a/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/authz-configmap/mcpserver-authz.yaml +++ b/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/authz-configmap/mcpserver-authz.yaml @@ -6,7 +6,7 @@ metadata: spec: image: ghcr.io/stackloklabs/yardstick/yardstick-server:0.0.2 transport: stdio - port: 8080 + proxyPort: 8080 # Inline authorization configuration to test ConfigMap generation authzConfig: diff --git a/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/configmap-mode/mcpserver.yaml b/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/configmap-mode/mcpserver.yaml index ca6dd3065..f9e3111f3 100644 --- a/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/configmap-mode/mcpserver.yaml +++ b/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/configmap-mode/mcpserver.yaml @@ -6,7 +6,7 @@ metadata: spec: image: ghcr.io/stackloklabs/yardstick/yardstick-server:0.0.2 transport: stdio - port: 8080 + proxyPort: 8080 permissionProfile: type: builtin name: network diff --git a/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/telemetry-configmap/mcpserver-telemetry.yaml b/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/telemetry-configmap/mcpserver-telemetry.yaml index 592ffecab..8e4fd1aca 100644 --- a/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/telemetry-configmap/mcpserver-telemetry.yaml +++ b/test/e2e/chainsaw/operator/single-tenancy/test-scenarios/telemetry-configmap/mcpserver-telemetry.yaml @@ -6,7 +6,7 @@ metadata: spec: image: ghcr.io/stackloklabs/yardstick/yardstick-server:0.0.2 transport: stdio - port: 8080 + proxyPort: 8080 # Comprehensive telemetry configuration telemetry: