a754d05075
Individual MCP charts don't support existingSecret pattern. Secrets are now embedded in values.yaml which is stored in git. NOTE: This is a temporary solution. Future improvement should: - Modify MCP charts to support existingSecret - Or use SealedSecrets/SOPS-encrypted valuesFrom in Flux All 16 MCP charts now ready for deployment via Flux.
MCP Umbrella Helm Chart
Complete deployment solution for the MCP (Model Context Protocol) server ecosystem. This umbrella chart deploys all MCP servers with a central gateway for unified access.
Architecture
┌─────────────────────────────────────────────────────────────────┐
│ MCP Gateway │
│ (LoadBalancer Service) │
│ http://<LoadBalancer-IP>:3000 │
│ │
│ Routes requests to individual MCP servers: │
│ POST /mcp/n8n-mcp → n8n-mcp:3001 │
│ POST /mcp/playwright-mcp → playwright-mcp:3002 │
│ POST /mcp/kubernetes-mcp → kubernetes-mcp:3003 │
│ POST /mcp/github-mcp → github-mcp:3004 │
│ ... (all 13 MCP servers) │
└─────────────────────────────────────────────────────────────────┘
│ │ │ │
▼ ▼ ▼ ▼
┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐
│ n8n-MCP │ │Playwright│ │Kubernetes│ │ GitHub │
│ :3001 │ │ MCP │ │ MCP │ │ MCP │
│ │ │ :3002 │ │ :3003 │ │ :3004 │
└──────────┘ └──────────┘ └──────────┘ └──────────┘
... (9 more servers)
┌──────────────────────────────────────────────────────┐
│ Memory MCP (Central State) │
│ :3013 → Redis/PostgreSQL │
│ Provides shared state for all MCP servers │
└──────────────────────────────────────────────────────┘
Features
- 13 MCP Servers available for automation
- Central Gateway with API key authentication
- LoadBalancer access to entire MCP ecosystem
- Memory-MCP as central coordinator for shared state
- Selective Deployment - enable only the servers you need
- Production-Ready with RBAC, security contexts, and health checks
- Auto-Scaling for gateway and resource-intensive servers
Quick Start
1. Prerequisites
# Ensure you're in the right directory
cd /data/data/com.termux/files/home/git/mcp-servers/mcp-umbrella
# Build chart dependencies
helm dependency build
2. Generate API Keys
# Generate secure API keys for the gateway
echo "n8n API key: $(openssl rand -hex 32)"
echo "admin API key: $(openssl rand -hex 32)"
3. Configure Required Secrets
Create a custom-values.yaml file:
mcp-gateway:
gateway:
auth:
apiKeys:
- name: "n8n"
key: "YOUR_N8N_API_KEY_HERE"
- name: "admin"
key: "YOUR_ADMIN_API_KEY_HERE"
n8n-mcp:
n8nMCP:
n8n:
apiKey: "YOUR_N8N_INSTANCE_API_KEY"
github-mcp:
github:
token: "YOUR_GITHUB_TOKEN"
owner: "your-github-username"
4. Deploy
# Create the mcp namespace
kubectl create namespace mcp
# Install the umbrella chart
helm install mcp-ecosystem . \
--namespace mcp \
-f custom-values.yaml
5. Verify Deployment
# Check all pods
kubectl get pods -n mcp
# Get gateway LoadBalancer IP
kubectl get svc -n mcp mcp-ecosystem-mcp-gateway
# Test health endpoint
GATEWAY_IP=$(kubectl get svc -n mcp mcp-ecosystem-mcp-gateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
curl http://$GATEWAY_IP:3000/health
MCP Servers Included
| Server | Port | Status | Description |
|---|---|---|---|
| mcp-gateway | 3000 | Always Enabled | Central routing gateway |
| n8n-mcp | 3001 | Enabled | n8n workflow automation |
| playwright-mcp | 3002 | Enabled | Browser automation |
| kubernetes-mcp | 3003 | Enabled | Kubectl operations |
| github-mcp | 3004 | Enabled | GitHub API operations |
| postgresql-mcp | 3005 | Disabled* | PostgreSQL operations |
| sqlite-mcp | 3006 | Enabled | SQLite operations |
| prometheus-mcp | 3007 | Disabled* | Metrics queries |
| slack-mcp | 3008 | Disabled* | Slack operations |
| s3-mcp | 3009 | Disabled* | S3/MinIO operations |
| filesystem-mcp | 3010 | Enabled | File operations |
| puppeteer-mcp | 3011 | Disabled* | Chrome automation |
| fetch-mcp | 3012 | Enabled | HTTP requests |
| memory-mcp | 3013 | Enabled | Central state coordinator |
*Requires additional configuration - see Configuration section
Configuration
Enabling/Disabling Servers
In your custom-values.yaml:
# Enable a disabled server
prometheus-mcp:
enabled: true
prometheus:
url: "http://your-prometheus-server"
# Disable an enabled server
playwright-mcp:
enabled: false
Configuring the Gateway
mcp-gateway:
service:
type: LoadBalancer
loadBalancerIP: "192.168.1.100" # Optional static IP
ingress:
enabled: true # Enable Ingress (currently disabled)
hosts:
- host: mcp.caffeinetux.com
paths:
- path: /
pathType: Prefix
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 5
Configuring Memory-MCP Backend
Choose Redis or PostgreSQL:
memory-mcp:
storage:
backend: "redis" # or "postgres"
redis:
host: "redis.default.svc.cluster.local"
port: 6379
password: "your-redis-password"
Usage Examples
From n8n Workflow
Use the HTTP Request node:
// n8n HTTP Request Node
Method: POST
URL: http://mcp-ecosystem-mcp-gateway.mcp.svc.cluster.local:3000/mcp/playwright-mcp
Authentication: Header Auth
Header Name: Authorization
Header Value: Bearer YOUR_N8N_API_KEY
Body:
{
"jsonrpc": "2.0",
"method": "navigate",
"params": {
"url": "https://example.com"
},
"id": 1
}
From External Client
# Get list of available servers
curl -H "Authorization: Bearer YOUR_ADMIN_API_KEY" \
http://<LoadBalancer-IP>:3000/servers
# Make MCP request to Kubernetes-MCP
curl -H "Authorization: Bearer YOUR_ADMIN_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"method": "get_pods",
"params": {"namespace": "default"},
"id": 1
}' \
http://<LoadBalancer-IP>:3000/mcp/kubernetes-mcp
Store Shared State in Memory-MCP
# Store a value
curl -H "Authorization: Bearer YOUR_ADMIN_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"method": "memory_store",
"params": {
"namespace": "workflow",
"key": "user_session",
"value": {"user_id": 123, "state": "active"},
"ttl": 3600
},
"id": 1
}' \
http://<LoadBalancer-IP>:3000/mcp/memory-mcp
# Retrieve the value
curl -H "Authorization: Bearer YOUR_ADMIN_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"method": "memory_retrieve",
"params": {
"namespace": "workflow",
"key": "user_session"
},
"id": 2
}' \
http://<LoadBalancer-IP>:3000/mcp/memory-mcp
Upgrading
# Update dependencies
helm dependency update
# Upgrade the deployment
helm upgrade mcp-ecosystem . \
--namespace mcp \
-f custom-values.yaml
Uninstalling
# Remove the deployment
helm uninstall mcp-ecosystem --namespace mcp
# Optionally delete the namespace
kubectl delete namespace mcp
Troubleshooting
Gateway not accessible
# Check gateway pod logs
kubectl logs -n mcp -l app.kubernetes.io/name=mcp-gateway
# Check service
kubectl describe svc -n mcp mcp-ecosystem-mcp-gateway
MCP server not responding
# Check specific server logs
kubectl logs -n mcp -l app.kubernetes.io/name=playwright-mcp
# Check if server is registered in gateway
curl -H "Authorization: Bearer YOUR_ADMIN_API_KEY" \
http://<LoadBalancer-IP>:3000/servers
Authentication errors
# Verify API keys are set
kubectl get secret -n mcp mcp-ecosystem-mcp-gateway-auth -o yaml
# Test without auth (should fail with 401)
curl http://<LoadBalancer-IP>:3000/servers
Resource Requirements
Minimal Setup (5 servers)
- CPU: ~2 cores total
- Memory: ~3Gi total
- Storage: ~15Gi (PVCs for SQLite, Filesystem, Playwright)
Full Setup (all 13 servers)
- CPU: ~6 cores total
- Memory: ~10Gi total
- Storage: ~50Gi (with all persistence enabled)
Per-Server Resources
| Server | CPU Request | CPU Limit | RAM Request | RAM Limit |
|---|---|---|---|---|
| Gateway | 100m | 500m | 128Mi | 512Mi |
| n8n-MCP | 50m | 200m | 128Mi | 256Mi |
| Playwright | 200m | 1000m | 512Mi | 2Gi |
| Kubernetes | 100m | 100m | 128Mi | 128Mi |
| Memory-MCP | 100m | 200m | 256Mi | 512Mi |
| Others | 50-100m | 100-200m | 64-128Mi | 128-256Mi |
Security
- API Key Authentication on gateway
- RBAC for Kubernetes-MCP cluster access
- Secrets for all credentials (GitHub tokens, database passwords, etc.)
- Non-root users in all containers
- Read-only root filesystem where possible
- Network policies (add custom NetworkPolicy resources as needed)
Advanced Configuration
Custom n8n Node
See n8n-mcp-node/README.md for installing a custom n8n node that simplifies MCP gateway access.
Monitoring
# Enable Prometheus monitoring
prometheus-mcp:
enabled: true
prometheus:
url: "http://prometheus-server.prometheus.svc.cluster.local"
High Availability
mcp-gateway:
replicaCount: 3
autoscaling:
enabled: true
minReplicas: 3
maxReplicas: 10
Support
For issues or questions:
- Check the individual MCP server READMEs in
../*/README.md - Review logs:
kubectl logs -n mcp <pod-name> - GitHub Issues: https://github.com/modelcontextprotocol/servers
License
See individual MCP server repositories for their respective licenses.