diff --git a/ansible-roles/helm_charts/files/helmcharts/connectorhub/templates/config.yaml b/ansible-roles/helm_charts/files/helmcharts/connectorhub/templates/config.yaml index 7adbad8..1203ec8 100644 --- a/ansible-roles/helm_charts/files/helmcharts/connectorhub/templates/config.yaml +++ b/ansible-roles/helm_charts/files/helmcharts/connectorhub/templates/config.yaml @@ -1,12 +1,13 @@ -{{ if .Values.sdk.configMapName }} +{{- if .Values.sdk.secretName }} apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: - name: {{ .Values.sdk.configMapName }} + name: {{ .Values.sdk.secretName }} labels: {{- include "connectorhub.labels" . | nindent 4 }} -data: - connectorhub.yaml: | +type: Opaque +stringData: + connectorhub.yaml: |- msp-id: {{ .Values.dlt.mspID }} user-id: {{ .Values.dlt.userID }} org-domain: {{ .Values.dlt.organization }}.{{ .Values.dlt.domain }} diff --git a/ansible-roles/helm_charts/files/helmcharts/connectorhub/templates/deployment.yaml b/ansible-roles/helm_charts/files/helmcharts/connectorhub/templates/deployment.yaml index 82e3125..1cf3da3 100644 --- a/ansible-roles/helm_charts/files/helmcharts/connectorhub/templates/deployment.yaml +++ b/ansible-roles/helm_charts/files/helmcharts/connectorhub/templates/deployment.yaml @@ -15,6 +15,7 @@ spec: {{- include "connectorhub.labels" . | nindent 8 }} annotations: checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} + rollout-nonce: {{ .Values.global.forceRedeployNonce | default "" | quote }} spec: securityContext: runAsUser: 6553 @@ -38,10 +39,14 @@ spec: secret: secretName: connectorhub-crypto-config {{- end }} - {{ if .Values.sdk.configMapName }} + {{- if .Values.sdk.secretName }} + - name: config + secret: + secretName: {{ .Values.sdk.secretName | quote }} + {{- else if .Values.sdk.configMapName }} - name: config configMap: - name: {{ .Values.sdk.configMapName }} + name: {{ .Values.sdk.configMapName | quote }} {{- end }} {{- if not .Values.local }} topologySpreadConstraints: @@ -81,7 +86,7 @@ spec: mountPath: /tmp/msp - name: state-store mountPath: /tmp/state-store - {{ if .Values.sdk.configMapName }} + {{- if or .Values.sdk.secretName .Values.sdk.configMapName }} - name: config subPath: connectorhub.yaml mountPath: /tmp/fabric/connectorhub.yaml diff --git a/ansible-roles/helm_charts/files/helmcharts/connectorhub/templates/rbac.yaml b/ansible-roles/helm_charts/files/helmcharts/connectorhub/templates/rbac.yaml new file mode 100644 index 0000000..dcc7ae6 --- /dev/null +++ b/ansible-roles/helm_charts/files/helmcharts/connectorhub/templates/rbac.yaml @@ -0,0 +1,43 @@ +{{- if .Values.rbac.create }} + +# Grant connectorhub SA the ability to manage pods & subresources +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "connectorhub.fullname" . }}-launcher + namespace: {{ .Release.Namespace }} + labels: + {{- include "connectorhub.labels" . | nindent 4 }} +rules: + # Pods: create, delete, get/list/watch (for status) +- apiGroups: [""] + resources: ["pods"] + verbs: ["create","delete","get","list","watch"] + # Pod subresources: exec, logs, attach +- apiGroups: [""] + resources: ["pods/exec","pods/log","pods/attach"] + verbs: ["create","get"] + # Secrets: upsert your in-memory files +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get","list","watch","create","update","patch","delete"] + +--- +# Bind that Role to your ServiceAccount +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "connectorhub.fullname" . }}-launcher-binding + namespace: {{ .Release.Namespace }} + labels: + {{- include "connectorhub.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "connectorhub.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ include "connectorhub.fullname" . }}-launcher + apiGroup: rbac.authorization.k8s.io + +{{- end }} diff --git a/ansible-roles/helm_charts/files/helmcharts/connectorhub/values.yaml b/ansible-roles/helm_charts/files/helmcharts/connectorhub/values.yaml index 55b2a44..3207def 100644 --- a/ansible-roles/helm_charts/files/helmcharts/connectorhub/values.yaml +++ b/ansible-roles/helm_charts/files/helmcharts/connectorhub/values.yaml @@ -19,7 +19,7 @@ dlt: chaincodeID: com_luthersystems_chaincode_substrate01 sdk: - configMapName: connectorhub-config + secretName: connectorhub-config image: repository: luthersystems/connectorhub @@ -75,6 +75,8 @@ serviceAccount: create: true annotations: {} name: "" +rbac: + create: true nodeSelector: {} diff --git a/ansible-roles/helm_charts/files/helmcharts/ingress/templates/ingress.yaml b/ansible-roles/helm_charts/files/helmcharts/ingress/templates/ingress.yaml index 50a8c7e..9698884 100644 --- a/ansible-roles/helm_charts/files/helmcharts/ingress/templates/ingress.yaml +++ b/ansible-roles/helm_charts/files/helmcharts/ingress/templates/ingress.yaml @@ -9,18 +9,22 @@ metadata: {{ include "ingress.labels" . | indent 4 }} annotations: alb.ingress.kubernetes.io/ssl-policy: "ELBSecurityPolicy-TLS-1-2-Ext-2018-06" - alb.ingress.kubernetes.io/scheme: {{ .Values.loadBalancer.scheme }} - alb.ingress.kubernetes.io/target-type: {{ .Values.loadBalancer.targetType }} - alb.ingress.kubernetes.io/backend-protocol: {{ .Values.loadBalancer.backendProtocol }} - alb.ingress.kubernetes.io/certificate-arn: {{ .Values.loadBalancer.certificateARN }} + alb.ingress.kubernetes.io/scheme: {{ .Values.loadBalancer.scheme | quote }} + alb.ingress.kubernetes.io/target-type: {{ .Values.loadBalancer.targetType | quote }} + alb.ingress.kubernetes.io/backend-protocol: {{ .Values.loadBalancer.backendProtocol | quote }} + alb.ingress.kubernetes.io/certificate-arn: {{ .Values.loadBalancer.certificateARN | quote }} alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/ssl-redirect: '443' alb.ingress.kubernetes.io/tags: Project={{ .Values.global.partOf }},Environment={{ .Values.global.projectEnv }},Organization={{ .Values.global.orgName }},Component=app,Resource=alb - alb.ingress.kubernetes.io/load-balancer-attributes: {{ $albAttrs }} - {{- with .Values.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} + alb.ingress.kubernetes.io/load-balancer-attributes: {{ $albAttrs | quote }} +{{ if .Values.annotations }} +{{ range $k, $v := .Values.annotations }} + {{ $k }}: {{- if kindIs "string" $v }} {{ $v | quote }} {{- else }} {{ toJson $v | quote }} {{- end }} +{{ end }} +{{ end }} +{{- if and .Values.externalDNS (ne .Values.matchHost "") }} external-dns.alpha.kubernetes.io/hostname: {{ .Values.matchHost | quote }} +{{- end }} spec: ingressClassName: {{ .Values.loadBalancer.class }} rules: diff --git a/ansible-roles/helm_charts/files/helmcharts/mcp-inspector/Chart.yaml b/ansible-roles/helm_charts/files/helmcharts/mcp-inspector/Chart.yaml new file mode 100644 index 0000000..b70d5c2 --- /dev/null +++ b/ansible-roles/helm_charts/files/helmcharts/mcp-inspector/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +name: mcp-inspector +description: "Supergateway (stdio -> HTTP/SSE) that can spawn any MCP server (default: AWS Pricing MCP via uvx)" +version: 0.1.0 +appVersion: "latest" diff --git a/ansible-roles/helm_charts/files/helmcharts/mcp-inspector/templates/_helpers.tpl b/ansible-roles/helm_charts/files/helmcharts/mcp-inspector/templates/_helpers.tpl new file mode 100644 index 0000000..2cde0d7 --- /dev/null +++ b/ansible-roles/helm_charts/files/helmcharts/mcp-inspector/templates/_helpers.tpl @@ -0,0 +1,49 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "mcpinspector.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "mcpinspector.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := include "mcpinspector.name" . -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "mcpinspector.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "mcpinspector.labels" -}} +app.kubernetes.io/name: {{ include "mcpinspector.name" . }} +helm.sh/chart: {{ include "mcpinspector.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/component: mcp-gateway +{{- if .Values.global.partOf }} +app.kubernetes.io/part-of: {{ .Values.global.partOf }} +{{- end }} +{{- end -}} + +{{- define "mcpinspector.labels.match" -}} +app.kubernetes.io/name: {{ include "mcpinspector.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "mcpinspector.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "mcpinspector.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end -}} diff --git a/ansible-roles/helm_charts/files/helmcharts/mcp-inspector/templates/deployment.yaml b/ansible-roles/helm_charts/files/helmcharts/mcp-inspector/templates/deployment.yaml new file mode 100644 index 0000000..f3c488f --- /dev/null +++ b/ansible-roles/helm_charts/files/helmcharts/mcp-inspector/templates/deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "mcpinspector.fullname" . }} + labels: + {{- include "mcpinspector.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount | default 1 }} + selector: + matchLabels: + {{- include "mcpinspector.labels.match" . | nindent 6 }} + template: + metadata: + labels: + {{- include "mcpinspector.labels" . | nindent 8 }} + annotations: + rollout-nonce: {{ .Values.global.forceRedeployNonce | default "" | quote }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "mcpinspector.serviceAccountName" . }} + containers: + - name: supergateway + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | default "IfNotPresent" }} + args: + - "--stdio" + - "{{ .Values.stdioCommand }}" + - "--port" + - "{{ .Values.supergateway.port }}" + - "--ssePath" + - "{{ .Values.supergateway.ssePath }}" + - "--messagePath" + - "{{ .Values.supergateway.messagePath }}" + - "--healthEndpoint" + - "{{ .Values.supergateway.healthPath }}" + {{- if .Values.supergateway.baseUrl }} + - "--baseUrl" + - "{{ .Values.supergateway.baseUrl }}" + {{- end }} + {{- if .Values.supergateway.cors }} + - "--cors" + {{- end }} + {{- if .Values.supergateway.logLevel }} + - "--logLevel" + - "{{ .Values.supergateway.logLevel }}" + {{- end }} + {{- if .Values.supergateway.oauth2Bearer }} + - "--oauth2Bearer" + - "{{ .Values.supergateway.oauth2Bearer }}" + {{- end }} + {{- range $h := .Values.supergateway.headers }} + - "--header" + - "{{ $h }}" + {{- end }} + env: + {{- range $k, $v := .Values.env }} + - name: {{ $k }} + value: {{ $v | quote }} + {{- end }} + ports: + - name: http + containerPort: {{ ( .Values.supergateway.port | default 8000 ) | int }} + protocol: TCP + readinessProbe: + httpGet: + path: {{ .Values.supergateway.healthPath }} + port: {{ ( .Values.supergateway.port | default 8000 ) | int }} + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: {{ .Values.supergateway.healthPath }} + port: {{ ( .Values.supergateway.port | default 8000 ) | int }} + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} diff --git a/ansible-roles/helm_charts/files/helmcharts/mcp-inspector/templates/service.yaml b/ansible-roles/helm_charts/files/helmcharts/mcp-inspector/templates/service.yaml new file mode 100644 index 0000000..08e2179 --- /dev/null +++ b/ansible-roles/helm_charts/files/helmcharts/mcp-inspector/templates/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mcpinspector.fullname" . }} + labels: {{- include "mcpinspector.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type | default "ClusterIP" }} + ports: + - name: http + port: {{ .Values.service.port | default 80 }} + targetPort: http + protocol: TCP + selector: {{- include "mcpinspector.labels.match" . | nindent 4 }} diff --git a/ansible-roles/helm_charts/files/helmcharts/mcp-inspector/templates/serviceaccount.yaml b/ansible-roles/helm_charts/files/helmcharts/mcp-inspector/templates/serviceaccount.yaml new file mode 100644 index 0000000..4c8653d --- /dev/null +++ b/ansible-roles/helm_charts/files/helmcharts/mcp-inspector/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "mcpinspector.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "mcpinspector.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/ansible-roles/helm_charts/files/helmcharts/mcp-inspector/values.yaml b/ansible-roles/helm_charts/files/helmcharts/mcp-inspector/values.yaml new file mode 100644 index 0000000..14986b7 --- /dev/null +++ b/ansible-roles/helm_charts/files/helmcharts/mcp-inspector/values.yaml @@ -0,0 +1,48 @@ +global: + partOf: app + +replicaCount: 1 + +image: + # Use the Docker Hub image that includes uvx + repository: supercorp/supergateway + tag: uvx + pullPolicy: IfNotPresent + +# Command that Supergateway runs in stdio mode +# This stays as ONE string arg after --stdio +stdioCommand: "uvx awslabs.aws-pricing-mcp-server@latest" + +supergateway: + port: 8000 + ssePath: /sse + messagePath: /message + healthPath: /healthz + baseUrl: "" # e.g., "http://0.0.0.0:8000" (optional) + cors: true # enable CORS; good for local/dev + logLevel: info + oauth2Bearer: "" # if you call out to remote SSE/HTTP servers + headers: [] # e.g., ["X-API-Key: abc123", "X-Another: value"] + +# Environment for the spawned MCP server (and/or gateway) +# Typically you’ll set region + rely on IRSA via serviceAccount annotations. +env: + AWS_REGION: "us-west-2" + FASTMCP_LOG_LEVEL: "INFO" + +service: + type: ClusterIP + port: 80 + +resources: {} +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +nodeSelector: {} +tolerations: [] +affinity: {} + +serviceAccount: + create: true + annotations: {} + name: "" diff --git a/ansible-roles/helm_charts/files/helmcharts/shiroclient/templates/deployment.yaml b/ansible-roles/helm_charts/files/helmcharts/shiroclient/templates/deployment.yaml index 576494a..04ae0fb 100644 --- a/ansible-roles/helm_charts/files/helmcharts/shiroclient/templates/deployment.yaml +++ b/ansible-roles/helm_charts/files/helmcharts/shiroclient/templates/deployment.yaml @@ -23,6 +23,7 @@ spec: annotations: phylum/version: {{ .Values.phylum.version }} checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} + rollout-nonce: {{ .Values.global.forceRedeployNonce | default "" | quote }} spec: securityContext: runAsUser: 6553 diff --git a/ansible-roles/helm_charts/files/helmcharts/supergateway/Chart.yaml b/ansible-roles/helm_charts/files/helmcharts/supergateway/Chart.yaml new file mode 100644 index 0000000..e2a6e2f --- /dev/null +++ b/ansible-roles/helm_charts/files/helmcharts/supergateway/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +name: supergateway +description: "Supergateway (stdio -> HTTP/SSE) that can spawn any MCP server (default: AWS Pricing MCP via uvx)" +version: 0.1.0 +appVersion: "latest" diff --git a/ansible-roles/helm_charts/files/helmcharts/supergateway/templates/_helpers.tpl b/ansible-roles/helm_charts/files/helmcharts/supergateway/templates/_helpers.tpl new file mode 100644 index 0000000..bb9c594 --- /dev/null +++ b/ansible-roles/helm_charts/files/helmcharts/supergateway/templates/_helpers.tpl @@ -0,0 +1,49 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "supergateway.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "supergateway.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := include "supergateway.name" . -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "supergateway.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "supergateway.labels" -}} +app.kubernetes.io/name: {{ include "supergateway.name" . }} +helm.sh/chart: {{ include "supergateway.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/component: mcp-gateway +{{- if .Values.global.partOf }} +app.kubernetes.io/part-of: {{ .Values.global.partOf }} +{{- end }} +{{- end -}} + +{{- define "supergateway.labels.match" -}} +app.kubernetes.io/name: {{ include "supergateway.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "supergateway.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "supergateway.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end -}} diff --git a/ansible-roles/helm_charts/files/helmcharts/supergateway/templates/deployment.yaml b/ansible-roles/helm_charts/files/helmcharts/supergateway/templates/deployment.yaml new file mode 100644 index 0000000..5ffb1b2 --- /dev/null +++ b/ansible-roles/helm_charts/files/helmcharts/supergateway/templates/deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "supergateway.fullname" . }} + labels: + {{- include "supergateway.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount | default 1 }} + selector: + matchLabels: + {{- include "supergateway.labels.match" . | nindent 6 }} + template: + metadata: + labels: + {{- include "supergateway.labels" . | nindent 8 }} + annotations: + rollout-nonce: {{ .Values.global.forceRedeployNonce | default "" | quote }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "supergateway.serviceAccountName" . }} + containers: + - name: supergateway + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | default "IfNotPresent" }} + args: + - "--stdio" + - "{{ .Values.stdioCommand }}" + - "--port" + - "{{ .Values.supergateway.port }}" + - "--ssePath" + - "{{ .Values.supergateway.ssePath }}" + - "--messagePath" + - "{{ .Values.supergateway.messagePath }}" + - "--healthEndpoint" + - "{{ .Values.supergateway.healthPath }}" + {{- if .Values.supergateway.baseUrl }} + - "--baseUrl" + - "{{ .Values.supergateway.baseUrl }}" + {{- end }} + {{- if .Values.supergateway.cors }} + - "--cors" + {{- end }} + {{- if .Values.supergateway.logLevel }} + - "--logLevel" + - "{{ .Values.supergateway.logLevel }}" + {{- end }} + {{- if .Values.supergateway.oauth2Bearer }} + - "--oauth2Bearer" + - "{{ .Values.supergateway.oauth2Bearer }}" + {{- end }} + {{- range $h := .Values.supergateway.headers }} + - "--header" + - "{{ $h }}" + {{- end }} + env: + {{- range $k, $v := .Values.env }} + - name: {{ $k }} + value: {{ $v | quote }} + {{- end }} + ports: + - name: http + containerPort: {{ ( .Values.supergateway.port | default 8000 ) | int }} + protocol: TCP + readinessProbe: + httpGet: + path: {{ .Values.supergateway.healthPath }} + port: {{ ( .Values.supergateway.port | default 8000 ) | int }} + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: {{ .Values.supergateway.healthPath }} + port: {{ ( .Values.supergateway.port | default 8000 ) | int }} + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} diff --git a/ansible-roles/helm_charts/files/helmcharts/supergateway/templates/service.yaml b/ansible-roles/helm_charts/files/helmcharts/supergateway/templates/service.yaml new file mode 100644 index 0000000..f2fb399 --- /dev/null +++ b/ansible-roles/helm_charts/files/helmcharts/supergateway/templates/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "supergateway.fullname" . }} + labels: {{- include "supergateway.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type | default "ClusterIP" }} + ports: + - name: http + port: {{ .Values.service.port | default 80 }} + targetPort: http + protocol: TCP + selector: {{- include "supergateway.labels.match" . | nindent 4 }} diff --git a/ansible-roles/helm_charts/files/helmcharts/supergateway/templates/serviceaccount.yaml b/ansible-roles/helm_charts/files/helmcharts/supergateway/templates/serviceaccount.yaml new file mode 100644 index 0000000..bc3b542 --- /dev/null +++ b/ansible-roles/helm_charts/files/helmcharts/supergateway/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "supergateway.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "supergateway.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/ansible-roles/helm_charts/files/helmcharts/supergateway/values.yaml b/ansible-roles/helm_charts/files/helmcharts/supergateway/values.yaml new file mode 100644 index 0000000..14986b7 --- /dev/null +++ b/ansible-roles/helm_charts/files/helmcharts/supergateway/values.yaml @@ -0,0 +1,48 @@ +global: + partOf: app + +replicaCount: 1 + +image: + # Use the Docker Hub image that includes uvx + repository: supercorp/supergateway + tag: uvx + pullPolicy: IfNotPresent + +# Command that Supergateway runs in stdio mode +# This stays as ONE string arg after --stdio +stdioCommand: "uvx awslabs.aws-pricing-mcp-server@latest" + +supergateway: + port: 8000 + ssePath: /sse + messagePath: /message + healthPath: /healthz + baseUrl: "" # e.g., "http://0.0.0.0:8000" (optional) + cors: true # enable CORS; good for local/dev + logLevel: info + oauth2Bearer: "" # if you call out to remote SSE/HTTP servers + headers: [] # e.g., ["X-API-Key: abc123", "X-Another: value"] + +# Environment for the spawned MCP server (and/or gateway) +# Typically you’ll set region + rely on IRSA via serviceAccount annotations. +env: + AWS_REGION: "us-west-2" + FASTMCP_LOG_LEVEL: "INFO" + +service: + type: ClusterIP + port: 80 + +resources: {} +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +nodeSelector: {} +tolerations: [] +affinity: {} + +serviceAccount: + create: true + annotations: {} + name: ""