Add Kubernetes pod template patching support#267
Merged
Conversation
5b866ff to
873d3b3
Compare
ChrisJBurns
approved these changes
Apr 24, 2025
When running ToolHive in a Kubernetes environment, you can customize the Kubernetes pod template used to deploy MCP servers. This is useful when you need to add specific Kubernetes configurations to your MCP server pods, such as:
- Volume mounts
- Environment variables
- Resource limits and requests
- Node selectors
- Tolerations
- Security contexts
- Service accounts
- And more
The `--k8s-pod-patch` flag allows you to provide a JSON string that will be used to patch the Kubernetes pod template. This flag is only applicable when using the Kubernetes runtime.
```bash
thv run my-server --k8s-pod-patch '{"spec":{"volumes":[{"name":"my-volume","emptyDir":{}}]}}'
```
When ToolHive deploys an MCP server in Kubernetes, it creates a pod with a single container named **"mcp"**. This is important to know when you want to modify container-specific settings in your pod template patch.
For example, to add environment variables or volume mounts to the container, you need to target the "mcp" container specifically:
```bash
thv run my-server --k8s-pod-patch '{
"spec": {
"containers": [
{
"name": "mcp",
"env": [
{
"name": "CUSTOM_ENV",
"value": "custom-value"
}
]
}
]
}
}'
```
```bash
thv run my-server --k8s-pod-patch '{
"spec": {
"volumes": [
{
"name": "data-volume",
"emptyDir": {}
}
],
"containers": [
{
"name": "mcp",
"volumeMounts": [
{
"name": "data-volume",
"mountPath": "/data"
}
]
}
]
}
}'
```
```bash
thv run my-server --k8s-pod-patch '{
"spec": {
"tolerations": [
{
"key": "dedicated",
"operator": "Equal",
"value": "mcp-server",
"effect": "NoSchedule"
}
]
}
}'
```
```bash
thv run my-server --k8s-pod-patch '{
"spec": {
"containers": [
{
"name": "mcp",
"resources": {
"limits": {
"cpu": "500m",
"memory": "512Mi"
},
"requests": {
"cpu": "100m",
"memory": "128Mi"
}
}
}
]
}
}'
```
```bash
thv run my-server --k8s-pod-patch '{
"spec": {
"serviceAccountName": "my-service-account"
}
}'
```
```bash
thv run my-server --k8s-pod-patch '{
"spec": {
"containers": [
{
"name": "mcp",
"env": [
{
"name": "DATABASE_URL",
"value": "postgres://user:password@localhost:5432/db"
},
{
"name": "API_KEY",
"valueFrom": {
"secretKeyRef": {
"name": "api-secrets",
"key": "api-key"
}
}
}
]
}
]
}
}'
```
```bash
thv run my-server --k8s-pod-patch '{
"spec": {
"containers": [
{
"name": "mcp",
"securityContext": {
"runAsUser": 1000,
"runAsGroup": 1000,
"allowPrivilegeEscalation": false
}
}
]
}
}'
```
When you provide a JSON patch via the `--k8s-pod-patch` flag:
1. ToolHive creates a base pod template spec
2. The JSON patch is applied to the base template
3. ToolHive then applies its own required configurations (container name, image, command, etc.)
4. The final pod template is used to create a StatefulSet in Kubernetes
This approach allows you to customize the pod template while ensuring that ToolHive's required configurations are still applied.
- The JSON patch must be valid JSON and conform to the Kubernetes pod template spec structure
- The patch is applied before ToolHive's own configurations, so some fields may be overridden by ToolHive
- This feature is only applicable when running ToolHive in a Kubernetes environment
- Always target the container named "mcp" when modifying container-specific settings
- Some container settings like image, command, and args will be overridden by ToolHive's configurations
Signed-off-by: Juan Antonio Osorio <ozz@stacklok.com>
873d3b3 to
9c15e55
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add Kubernetes pod template patching support
Kubernetes Pod Template Patching
When running ToolHive in a Kubernetes environment, you can customize the Kubernetes pod template used to deploy MCP servers. This is useful when you need to add specific Kubernetes configurations to your MCP server pods, such as:
Using the
--k8s-pod-patchFlagThe
--k8s-pod-patchflag allows you to provide a JSON string that will be used to patch the Kubernetes pod template. This flag is only applicable when using the Kubernetes runtime.thv run my-server --k8s-pod-patch '{"spec":{"volumes":[{"name":"my-volume","emptyDir":{}}]}}'Container Structure
When ToolHive deploys an MCP server in Kubernetes, it creates a pod with a single container named "mcp". This is important to know when you want to modify container-specific settings in your pod template patch.
For example, to add environment variables or volume mounts to the container, you need to target the "mcp" container specifically:
Example Use Cases
Adding Volumes and Volume Mounts
Adding Node Tolerations
Setting Resource Limits and Requests
Using a Service Account
Adding Environment Variables
Setting Security Context
How It Works
When you provide a JSON patch via the
--k8s-pod-patchflag:This approach allows you to customize the pod template while ensuring that ToolHive's required configurations are still applied.
Notes