admin/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Configure MCP servers to use Harbor OCI registry

Browse Source 
- Updated Chart.yaml dependencies to use OCI registry
- Added HelmRepository resource for Harbor
- Created Harbor registry secret (SOPS-encrypted)
- Updated HelmRelease to use HelmRepository instead of Git source
- Packaged and pushed all 16 MCP charts to Harbor OCI registry
- Updated .sops.yaml to handle platform secrets

All MCP charts are now available at:
oci://images.caffeinetux.com/mcp-charts
This commit is contained in:
CaffeineTux
2025-11-16 03:04:40 -05:00
parent f06c33ddf2
commit c539116eb4
6 changed files with 65 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.sops.yaml
View File

@@ -1,4 +1,9 @@
creation_rules:
# Platform secrets
- path_regex: platform/.*/.*secret.*\.yaml$
encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key|auth|\.dockerconfigjson)$
age: age1c7ke5ajhtzua7lrvzsg2p7krnnqv5jhvafh4lsl2s022j46jggnss4rxry
# Bootstrap secrets
- path_regex: bootstrap/.*\.yaml$
encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key)$

30
platform/mcp-servers/Chart.yaml
View File

@@ -19,61 +19,61 @@ sources:
dependencies:
- name: mcp-gateway
version: "1.0.0"
repository: "file://../mcp-gateway"
repository: "oci://images.caffeinetux.com/mcp-charts"
condition: mcp-gateway.enabled
- name: n8n-mcp
version: "1.0.0"
repository: "file://../n8n-mcp"
repository: "oci://images.caffeinetux.com/mcp-charts"
condition: n8n-mcp.enabled
- name: playwright-mcp
version: "1.0.0"
repository: "file://../playwright-mcp"
repository: "oci://images.caffeinetux.com/mcp-charts"
condition: playwright-mcp.enabled
- name: kubernetes-mcp
version: "1.0.0"
repository: "file://../kubernetes-mcp"
repository: "oci://images.caffeinetux.com/mcp-charts"
condition: kubernetes-mcp.enabled
- name: github-mcp
version: "1.0.0"
repository: "file://../github-mcp"
repository: "oci://images.caffeinetux.com/mcp-charts"
condition: github-mcp.enabled
- name: postgresql-mcp
version: "1.0.0"
repository: "file://../postgresql-mcp"
repository: "oci://images.caffeinetux.com/mcp-charts"
condition: postgresql-mcp.enabled
- name: sqlite-mcp
version: "1.0.0"
repository: "file://../sqlite-mcp"
repository: "oci://images.caffeinetux.com/mcp-charts"
condition: sqlite-mcp.enabled
- name: prometheus-mcp
version: "1.0.0"
repository: "file://../prometheus-mcp"
repository: "oci://images.caffeinetux.com/mcp-charts"
condition: prometheus-mcp.enabled
- name: slack-mcp
version: "1.0.0"
repository: "file://../slack-mcp"
repository: "oci://images.caffeinetux.com/mcp-charts"
condition: slack-mcp.enabled
- name: s3-mcp
version: "1.0.0"
repository: "file://../s3-mcp"
repository: "oci://images.caffeinetux.com/mcp-charts"
condition: s3-mcp.enabled
- name: filesystem-mcp
version: "1.0.0"
repository: "file://../filesystem-mcp"
repository: "oci://images.caffeinetux.com/mcp-charts"
condition: filesystem-mcp.enabled
- name: puppeteer-mcp
version: "1.0.0"
repository: "file://../puppeteer-mcp"
repository: "oci://images.caffeinetux.com/mcp-charts"
condition: puppeteer-mcp.enabled
- name: fetch-mcp
version: "1.0.0"
repository: "file://../fetch-mcp"
repository: "oci://images.caffeinetux.com/mcp-charts"
condition: fetch-mcp.enabled
- name: memory-mcp
version: "1.0.0"
repository: "file://../memory-mcp"
repository: "oci://images.caffeinetux.com/mcp-charts"
condition: memory-mcp.enabled
- name: gitea-mcp
version: "1.0.0"
repository: "file://../gitea-mcp"
repository: "oci://images.caffeinetux.com/mcp-charts"
condition: gitea-mcp.enabled

28
platform/mcp-servers/harbor-secret.enc.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v1
kind: Secret
metadata:
name: harbor-registry-secret
namespace: flux-system
type: kubernetes.io/dockerconfigjson
stringData:
.dockerconfigjson: ENC[AES256_GCM,data:BkaiHpVTfTZRrP8+OMYyW99VJukKX4YaBqZ2W5+kPPHPGHUOR1B29JZGANuRRcWXyZKpwdnKchmMuPt4tvNXc8as+aXzjPqrFSHgoN/OW741rCUJJFlPSG+yIRzW0SRt9lcV+MguopAIRKukDNTM85HLBGnnBErGAgDDC2ebkQb66cmeDqBfXzq/kXu2tdsI+vVAoOBAr7gqFKMREYuaZEzM/h9c/Mn9NTASiAM=,iv:pkjoSBKKI1xd5rXIAmUXHrB2y1GULVo6lCL71ZbA5/Y=,tag:hqciSQi6NzYrysKZp7LZ4Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1c7ke5ajhtzua7lrvzsg2p7krnnqv5jhvafh4lsl2s022j46jggnss4rxry
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTmV2M216RDRUMXVwRnlC
d1F1ZEl2ZS9pNSs5Y2F0bjJqNHFoQXpieWpJCmtiNTJVenloNEJYRUFPN2JIMEN2
blRvMDBiZ3pCaDRZTzhDWm1kZjZPNncKLS0tIE5OMGl0S0I4VXF0YXBqeWxGUGFv
bDlMZHNKcE9CNFBucG1oYXJyWWxLTVEKDV05XZgG0+fKzKYDiFuU0TD5Ml/fno41
UQcxgkiBTabv0ajtsGBUQ1/A5D+vL0SwPo7PHzH+drE63PVxekTl3w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-16T08:04:02Z"
mac: ENC[AES256_GCM,data:JdAT1Hm2DpNQcPWNYC/BI/0yuzWAFyCDZ4SwLR0eZOelYV28R83oYKC4tnCNTwEKm8/tgACLkq0ndfAei0N3cNFGr5o0gCReeN1KQFu1/URENYxLVVofg033AVZEeK8R/TAZkXndhd6HUYhHQatX1l5ro6hLrcItPAYl1s0AFBI=,iv:AfHDa+p1O3/cpcXTG/+CXq0yzlFJ9QBUBAh1UCj+pwo=,tag:a9gaISxT7iJ/1RcHoFwPgg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key|auth|\.dockerconfigjson)$
version: 3.9.2

7
platform/mcp-servers/helmrelease.yaml
View File

@@ -8,10 +8,11 @@ spec:
timeout: 5m
chart:
spec:
chart: ./platform/mcp-servers
chart: mcp-umbrella
version: "1.0.0"
sourceRef:
kind: GitRepository
name: flux-system
kind: HelmRepository
name: mcp-charts
namespace: flux-system
interval: 5m

11
platform/mcp-servers/helmrepository.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: mcp-charts
namespace: flux-system
spec:
type: oci
url: oci://images.caffeinetux.com/mcp-charts
interval: 5m
secretRef:
name: harbor-registry-secret

4
platform/mcp-servers/kustomization.yaml
View File

@@ -1,11 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: mcp
resources:
- namespace.yaml
- secrets.enc.yaml
- harbor-secret.enc.yaml
- helmrepository.yaml
- helmrelease.yaml
# SOPS decryption for encrypted secrets