admin/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Configure MCP servers to use Harbor OCI registry

Browse Source 
- Updated Chart.yaml dependencies to use OCI registry
- Added HelmRepository resource for Harbor
- Created Harbor registry secret (SOPS-encrypted)
- Updated HelmRelease to use HelmRepository instead of Git source
- Packaged and pushed all 16 MCP charts to Harbor OCI registry
- Updated .sops.yaml to handle platform secrets

All MCP charts are now available at:
oci://images.caffeinetux.com/mcp-charts
This commit is contained in:
CaffeineTux
2025-11-16 03:04:40 -05:00
parent f06c33ddf2
commit c539116eb4
6 changed files with 65 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.sops.yaml
View File

@@ -1,4 +1,9 @@
creation_rules: creation_rules:
# Platform secrets
- path_regex: platform/.*/.*secret.*\.yaml$
encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key|auth|\.dockerconfigjson)$
age: age1c7ke5ajhtzua7lrvzsg2p7krnnqv5jhvafh4lsl2s022j46jggnss4rxry
# Bootstrap secrets # Bootstrap secrets
- path_regex: bootstrap/.*\.yaml$ - path_regex: bootstrap/.*\.yaml$
encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key)$ encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key)$

30
platform/mcp-servers/Chart.yaml
View File

@@ -19,61 +19,61 @@ sources:
dependencies: dependencies:
- name: mcp-gateway - name: mcp-gateway
version: "1.0.0" version: "1.0.0"
repository: "file://../mcp-gateway" repository: "oci://images.caffeinetux.com/mcp-charts"
condition: mcp-gateway.enabled condition: mcp-gateway.enabled
- name: n8n-mcp - name: n8n-mcp
version: "1.0.0" version: "1.0.0"
repository: "file://../n8n-mcp" repository: "oci://images.caffeinetux.com/mcp-charts"
condition: n8n-mcp.enabled condition: n8n-mcp.enabled
- name: playwright-mcp - name: playwright-mcp
version: "1.0.0" version: "1.0.0"
repository: "file://../playwright-mcp" repository: "oci://images.caffeinetux.com/mcp-charts"
condition: playwright-mcp.enabled condition: playwright-mcp.enabled
- name: kubernetes-mcp - name: kubernetes-mcp
version: "1.0.0" version: "1.0.0"
repository: "file://../kubernetes-mcp" repository: "oci://images.caffeinetux.com/mcp-charts"
condition: kubernetes-mcp.enabled condition: kubernetes-mcp.enabled
- name: github-mcp - name: github-mcp
version: "1.0.0" version: "1.0.0"
repository: "file://../github-mcp" repository: "oci://images.caffeinetux.com/mcp-charts"
condition: github-mcp.enabled condition: github-mcp.enabled
- name: postgresql-mcp - name: postgresql-mcp
version: "1.0.0" version: "1.0.0"
repository: "file://../postgresql-mcp" repository: "oci://images.caffeinetux.com/mcp-charts"
condition: postgresql-mcp.enabled condition: postgresql-mcp.enabled
- name: sqlite-mcp - name: sqlite-mcp
version: "1.0.0" version: "1.0.0"
repository: "file://../sqlite-mcp" repository: "oci://images.caffeinetux.com/mcp-charts"
condition: sqlite-mcp.enabled condition: sqlite-mcp.enabled
- name: prometheus-mcp - name: prometheus-mcp
version: "1.0.0" version: "1.0.0"
repository: "file://../prometheus-mcp" repository: "oci://images.caffeinetux.com/mcp-charts"
condition: prometheus-mcp.enabled condition: prometheus-mcp.enabled
- name: slack-mcp - name: slack-mcp
version: "1.0.0" version: "1.0.0"
repository: "file://../slack-mcp" repository: "oci://images.caffeinetux.com/mcp-charts"
condition: slack-mcp.enabled condition: slack-mcp.enabled
- name: s3-mcp - name: s3-mcp
version: "1.0.0" version: "1.0.0"
repository: "file://../s3-mcp" repository: "oci://images.caffeinetux.com/mcp-charts"
condition: s3-mcp.enabled condition: s3-mcp.enabled
- name: filesystem-mcp - name: filesystem-mcp
version: "1.0.0" version: "1.0.0"
repository: "file://../filesystem-mcp" repository: "oci://images.caffeinetux.com/mcp-charts"
condition: filesystem-mcp.enabled condition: filesystem-mcp.enabled
- name: puppeteer-mcp - name: puppeteer-mcp
version: "1.0.0" version: "1.0.0"
repository: "file://../puppeteer-mcp" repository: "oci://images.caffeinetux.com/mcp-charts"
condition: puppeteer-mcp.enabled condition: puppeteer-mcp.enabled
- name: fetch-mcp - name: fetch-mcp
version: "1.0.0" version: "1.0.0"
repository: "file://../fetch-mcp" repository: "oci://images.caffeinetux.com/mcp-charts"
condition: fetch-mcp.enabled condition: fetch-mcp.enabled
- name: memory-mcp - name: memory-mcp
version: "1.0.0" version: "1.0.0"
repository: "file://../memory-mcp" repository: "oci://images.caffeinetux.com/mcp-charts"
condition: memory-mcp.enabled condition: memory-mcp.enabled
- name: gitea-mcp - name: gitea-mcp
version: "1.0.0" version: "1.0.0"
repository: "file://../gitea-mcp" repository: "oci://images.caffeinetux.com/mcp-charts"
condition: gitea-mcp.enabled condition: gitea-mcp.enabled

28
platform/mcp-servers/harbor-secret.enc.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v1
kind: Secret
metadata:
name: harbor-registry-secret
namespace: flux-system
type: kubernetes.io/dockerconfigjson
stringData:
.dockerconfigjson: ENC[AES256_GCM,data:BkaiHpVTfTZRrP8+OMYyW99VJukKX4YaBqZ2W5+kPPHPGHUOR1B29JZGANuRRcWXyZKpwdnKchmMuPt4tvNXc8as+aXzjPqrFSHgoN/OW741rCUJJFlPSG+yIRzW0SRt9lcV+MguopAIRKukDNTM85HLBGnnBErGAgDDC2ebkQb66cmeDqBfXzq/kXu2tdsI+vVAoOBAr7gqFKMREYuaZEzM/h9c/Mn9NTASiAM=,iv:pkjoSBKKI1xd5rXIAmUXHrB2y1GULVo6lCL71ZbA5/Y=,tag:hqciSQi6NzYrysKZp7LZ4Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1c7ke5ajhtzua7lrvzsg2p7krnnqv5jhvafh4lsl2s022j46jggnss4rxry
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTmV2M216RDRUMXVwRnlC
d1F1ZEl2ZS9pNSs5Y2F0bjJqNHFoQXpieWpJCmtiNTJVenloNEJYRUFPN2JIMEN2
blRvMDBiZ3pCaDRZTzhDWm1kZjZPNncKLS0tIE5OMGl0S0I4VXF0YXBqeWxGUGFv
bDlMZHNKcE9CNFBucG1oYXJyWWxLTVEKDV05XZgG0+fKzKYDiFuU0TD5Ml/fno41
UQcxgkiBTabv0ajtsGBUQ1/A5D+vL0SwPo7PHzH+drE63PVxekTl3w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-16T08:04:02Z"
mac: ENC[AES256_GCM,data:JdAT1Hm2DpNQcPWNYC/BI/0yuzWAFyCDZ4SwLR0eZOelYV28R83oYKC4tnCNTwEKm8/tgACLkq0ndfAei0N3cNFGr5o0gCReeN1KQFu1/URENYxLVVofg033AVZEeK8R/TAZkXndhd6HUYhHQatX1l5ro6hLrcItPAYl1s0AFBI=,iv:AfHDa+p1O3/cpcXTG/+CXq0yzlFJ9QBUBAh1UCj+pwo=,tag:a9gaISxT7iJ/1RcHoFwPgg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key|auth|\.dockerconfigjson)$
version: 3.9.2

7
platform/mcp-servers/helmrelease.yaml
View File

@@ -8,10 +8,11 @@ spec:
timeout: 5m timeout: 5m
chart: chart:
spec: spec:
chart: ./platform/mcp-servers chart: mcp-umbrella
version: "1.0.0"
sourceRef: sourceRef:
kind: GitRepository kind: HelmRepository
name: flux-system name: mcp-charts
namespace: flux-system namespace: flux-system
interval: 5m interval: 5m

11
platform/mcp-servers/helmrepository.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: mcp-charts
namespace: flux-system
spec:
type: oci
url: oci://images.caffeinetux.com/mcp-charts
interval: 5m
secretRef:
name: harbor-registry-secret

4
platform/mcp-servers/kustomization.yaml
View File

@@ -1,11 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: mcp
resources: resources:
- namespace.yaml - namespace.yaml
- secrets.enc.yaml - secrets.enc.yaml
- harbor-secret.enc.yaml
- helmrepository.yaml
- helmrelease.yaml - helmrelease.yaml
# SOPS decryption for encrypted secrets # SOPS decryption for encrypted secrets