DeployMCPRegistry deploys the MCP Registry to the Kubernetes cluster
(ctx *pulumi.Context, cluster *providers.ProviderInfo, environment string, ingressNginx *helm.Chart, pgCluster *apiextensions.CustomResource)
| 30 | |
| 31 | // DeployMCPRegistry deploys the MCP Registry to the Kubernetes cluster |
| 32 | func DeployMCPRegistry(ctx *pulumi.Context, cluster *providers.ProviderInfo, environment string, ingressNginx *helm.Chart, pgCluster *apiextensions.CustomResource) (*corev1.Service, error) { |
| 33 | conf := config.New(ctx, "mcp-registry") |
| 34 | githubClientId := conf.Require("githubClientId") |
| 35 | |
| 36 | // Determine Docker image tag based on environment |
| 37 | imageTag := "main" // Default for staging |
| 38 | if environment == "prod" { |
| 39 | // Use explicitly configured image tag for production |
| 40 | // This prevents automatic promotion and requires manual control of production releases |
| 41 | imageTag = conf.Require("imageTag") // Explicit configuration required - no fallback |
| 42 | } |
| 43 | |
| 44 | // Create Secret with sensitive configuration |
| 45 | secret, err := corev1.NewSecret(ctx, "mcp-registry-secrets", &corev1.SecretArgs{ |
| 46 | Metadata: &metav1.ObjectMetaArgs{ |
| 47 | Name: pulumi.String("mcp-registry-secrets"), |
| 48 | Namespace: pulumi.String("default"), |
| 49 | Labels: pulumi.StringMap{ |
| 50 | "app": pulumi.String("mcp-registry"), |
| 51 | "environment": pulumi.String(environment), |
| 52 | }, |
| 53 | }, |
| 54 | StringData: pulumi.StringMap{ |
| 55 | "GITHUB_CLIENT_SECRET": conf.RequireSecret("githubClientSecret"), |
| 56 | "JWT_PRIVATE_KEY": conf.RequireSecret("jwtPrivateKey"), |
| 57 | }, |
| 58 | Type: pulumi.String("Opaque"), |
| 59 | }, pulumi.Provider(cluster.Provider)) |
| 60 | if err != nil { |
| 61 | return nil, err |
| 62 | } |
| 63 | |
| 64 | // Create Deployment |
| 65 | _, err = v1.NewDeployment(ctx, "mcp-registry", &v1.DeploymentArgs{ |
| 66 | Metadata: &metav1.ObjectMetaArgs{ |
| 67 | Name: pulumi.String("mcp-registry"), |
| 68 | Namespace: pulumi.String("default"), |
| 69 | Labels: pulumi.StringMap{ |
| 70 | "app": pulumi.String("mcp-registry"), |
| 71 | "environment": pulumi.String(environment), |
| 72 | }, |
| 73 | }, |
| 74 | Spec: &v1.DeploymentSpecArgs{ |
| 75 | Replicas: pulumi.Int(2), |
| 76 | Strategy: &v1.DeploymentStrategyArgs{ |
| 77 | Type: pulumi.String("RollingUpdate"), |
| 78 | RollingUpdate: &v1.RollingUpdateDeploymentArgs{ |
| 79 | MaxUnavailable: pulumi.IntPtr(0), // Never reduce capacity during updates |
| 80 | MaxSurge: pulumi.IntPtr(1), // Create new pods first, then terminate old |
| 81 | }, |
| 82 | }, |
| 83 | Selector: &metav1.LabelSelectorArgs{ |
| 84 | MatchLabels: pulumi.StringMap{ |
| 85 | "app": pulumi.String("mcp-registry"), |
| 86 | }, |
| 87 | }, |
| 88 | Template: &corev1.PodTemplateSpecArgs{ |
| 89 | Metadata: &metav1.ObjectMetaArgs{ |
no test coverage detected
searching dependent graphs…