General infra reliability improvements

domdomegg · domdomegg · commit ff7eb6eba6a3 · 2025-08-19T21:40:32.000+01:00
diff --git a/deploy/Pulumi.local.yaml b/deploy/Pulumi.local.yaml
@@ -3,4 +3,5 @@ config:
   mcp-registry:provider: local
   mcp-registry:githubClientId: Iv23licy3GSiM9Km5jtd
   mcp-registry:githubClientSecret: 0e8db54879b02c29adef51795586f3c510a9341d
+  mcp-registry:jwtPrivateKey: bb2c6b424005acd5df47a9e2c87f446def86dd740c888ea3efb825b23f7ef47c
 encryptionsalt: v1:ijIHaqhbXVA=:v1:7voX1Kv+Bunz33iN:fyVHMOhlGIymzJ+ILgUBy3ExTwUUnA==
diff --git a/deploy/README.md b/deploy/README.md
@@ -11,7 +11,7 @@ Pre-requisites:
 - Access to a Kubernetes cluster via kubeconfig. You can run a cluster locally with [minikube](https://minikube.sigs.k8s.io/docs/start/).
 
 1. Ensure your kubeconfig is configured at the cluster you want to use. For minikube, run `minikube start && minikube tunnel`.
-2. Run `make local-up` to deploy the stack. Run this again if the first attempt fails.
+2. Run `make local-up` to deploy the stack.
 3. Access the repository via the ingress load balancer. You can find its external IP with `kubectl get svc ingress-nginx-controller -n ingress-nginx`. Then run `curl -H "Host: local.registry.modelcontextprotocol.io" -k https://<EXTERNAL-IP>/v0/ping` to check that the service is up.
 
 #### To change config
diff --git a/deploy/pkg/k8s/cert_manager.go b/deploy/pkg/k8s/cert_manager.go
@@ -69,7 +69,7 @@ func SetupCertManager(ctx *pulumi.Context, cluster *providers.ProviderInfo) erro
 				},
 			},
 		},
-	}, pulumi.Provider(cluster.Provider), pulumi.DependsOn([]pulumi.Resource{certManager}))
+	}, pulumi.Provider(cluster.Provider), pulumi.DependsOnInputs(certManager.Ready))
 	if err != nil {
 		return err
 	}
diff --git a/deploy/pkg/k8s/deploy.go b/deploy/pkg/k8s/deploy.go
@@ -16,7 +16,7 @@ func DeployAll(ctx *pulumi.Context, cluster *providers.ProviderInfo, environment
 	}
 
 	// Setup ingress controller
-	err = SetupIngressController(ctx, cluster, environment)
+	ingressNginx, err := SetupIngressController(ctx, cluster, environment)
 	if err != nil {
 		return nil, err
 	}
@@ -28,7 +28,7 @@ func DeployAll(ctx *pulumi.Context, cluster *providers.ProviderInfo, environment
 	}
 
 	// Deploy MCP Registry
-	service, err = DeployMCPRegistry(ctx, cluster, environment, pgCluster)
+	service, err = DeployMCPRegistry(ctx, cluster, environment, ingressNginx, pgCluster)
 	if err != nil {
 		return nil, err
 	}
diff --git a/deploy/pkg/k8s/ingress.go b/deploy/pkg/k8s/ingress.go
@@ -13,7 +13,7 @@ import (
 )
 
 // SetupIngressController sets up the NGINX Ingress Controller
-func SetupIngressController(ctx *pulumi.Context, cluster *providers.ProviderInfo, environment string) error {
+func SetupIngressController(ctx *pulumi.Context, cluster *providers.ProviderInfo, environment string) (*helm.Chart, error) {
 	conf := config.New(ctx, "mcp-registry")
 	provider := conf.Get("provider")
 	if provider == "" {
@@ -27,7 +27,7 @@ func SetupIngressController(ctx *pulumi.Context, cluster *providers.ProviderInfo
 		},
 	}, pulumi.Provider(cluster.Provider))
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	// Install NGINX Ingress Controller
@@ -60,7 +60,7 @@ func SetupIngressController(ctx *pulumi.Context, cluster *providers.ProviderInfo
 		},
 	}, pulumi.Provider(cluster.Provider))
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	// Extract ingress IPs from the Helm chart's controller service
@@ -90,5 +90,5 @@ func SetupIngressController(ctx *pulumi.Context, cluster *providers.ProviderInfo
 	})
 	ctx.Export("ingressIps", ingressIps)
 
-	return nil
+	return ingressNginx, nil
 }
diff --git a/deploy/pkg/k8s/postgres.go b/deploy/pkg/k8s/postgres.go
@@ -2,6 +2,7 @@ package k8s
 
 import (
 	"github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/apiextensions"
+	corev1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/core/v1"
 	"github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/helm/v3"
 	metav1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1"
 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
@@ -11,20 +12,36 @@ import (
 
 // DeployPostgresDatabases deploys the CloudNative PostgreSQL operator and PostgreSQL cluster
 func DeployPostgresDatabases(ctx *pulumi.Context, cluster *providers.ProviderInfo, environment string) (*apiextensions.CustomResource, error) {
+	// Create cnpg-system namespace
+	cnpgNamespace, err := corev1.NewNamespace(ctx, "cnpg-system", &corev1.NamespaceArgs{
+		Metadata: &metav1.ObjectMetaArgs{
+			Name: pulumi.String("cnpg-system"),
+		},
+	}, pulumi.Provider(cluster.Provider))
+	if err != nil {
+		return nil, err
+	}
+
 	// Install cloudnative-pg Helm chart
 	cloudNativePG, err := helm.NewChart(ctx, "cloudnative-pg", helm.ChartArgs{
 		Chart:   pulumi.String("cloudnative-pg"),
 		Version: pulumi.String("v0.26.0"),
 		FetchArgs: helm.FetchArgs{
 			Repo: pulumi.String("https://cloudnative-pg.github.io/charts"),
 		},
-		Namespace: pulumi.String("cnpg-system"),
+		Namespace: cnpgNamespace.Metadata.Name().Elem(),
+		Values: pulumi.Map{
+			"webhooks": pulumi.Map{
+				"replicaCount": pulumi.Int(1),
+			},
+		},
 	}, pulumi.Provider(cluster.Provider))
 	if err != nil {
 		return nil, err
 	}
 
-	// Create PostgreSQL cluster
+	// Create PostgreSQL cluster with proper timeout handling
+	// Note: This may fail on first run until CloudNativePG operator is fully ready
 	pgCluster, err := apiextensions.NewCustomResource(ctx, "registry-pg", &apiextensions.CustomResourceArgs{
 		ApiVersion: pulumi.String("postgresql.cnpg.io/v1"),
 		Kind:       pulumi.String("Cluster"),
@@ -36,15 +53,15 @@ func DeployPostgresDatabases(ctx *pulumi.Context, cluster *providers.ProviderInf
 				"environment": pulumi.String(environment),
 			},
 		},
-		OtherFields: map[string]interface{}{
-			"spec": map[string]interface{}{
+		OtherFields: map[string]any{
+			"spec": map[string]any{
 				"instances": 1,
-				"storage": map[string]interface{}{
+				"storage": map[string]any{
 					"size": "50Gi",
 				},
 			},
 		},
-	}, pulumi.Provider(cluster.Provider), pulumi.DependsOn([]pulumi.Resource{cloudNativePG}))
+	}, pulumi.Provider(cluster.Provider), pulumi.DependsOnInputs(cloudNativePG.Ready))
 	if err != nil {
 		return nil, err
 	}
diff --git a/deploy/pkg/k8s/registry.go b/deploy/pkg/k8s/registry.go
@@ -4,9 +4,10 @@ import (
 	"os/exec"
 	"strings"
 
-	v1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/apps/v1"
 	"github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/apiextensions"
+	v1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/apps/v1"
 	corev1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/core/v1"
+	"github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/helm/v3"
 	metav1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1"
 	networkingv1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/networking/v1"
 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
@@ -27,7 +28,7 @@ func getGitCommitHash() string {
 }
 
 // DeployMCPRegistry deploys the MCP Registry to the Kubernetes cluster
-func DeployMCPRegistry(ctx *pulumi.Context, cluster *providers.ProviderInfo, environment string, pgCluster *apiextensions.CustomResource) (*corev1.Service, error) {
+func DeployMCPRegistry(ctx *pulumi.Context, cluster *providers.ProviderInfo, environment string, ingressNginx *helm.Chart, pgCluster *apiextensions.CustomResource) (*corev1.Service, error) {
 	conf := config.New(ctx, "mcp-registry")
 	githubClientId := conf.Require("githubClientId")
 
@@ -95,8 +96,11 @@ func DeployMCPRegistry(ctx *pulumi.Context, cluster *providers.ProviderInfo, env
 									Name: pulumi.String("MCP_REGISTRY_DATABASE_URL"),
 									ValueFrom: &corev1.EnvVarSourceArgs{
 										SecretKeyRef: &corev1.SecretKeySelectorArgs{
-											Name: pgCluster.Metadata.Name().ApplyT(func(name string) string {
-												return name + "-app"
+											Name: pgCluster.Metadata.Name().ApplyT(func(name *string) string {
+												if name == nil {
+													return "registry-pg-app"
+												}
+												return *name + "-app"
 											}).(pulumi.StringOutput),
 											Key: pulumi.String("uri"),
 										},
@@ -235,7 +239,7 @@ func DeployMCPRegistry(ctx *pulumi.Context, cluster *providers.ProviderInfo, env
 				return rules
 			}).(networkingv1.IngressRuleArrayOutput),
 		},
-	}, pulumi.Provider(cluster.Provider))
+	}, pulumi.Provider(cluster.Provider), pulumi.DependsOnInputs(ingressNginx.Ready))
 	if err != nil {
 		return nil, err
 	}

Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ func SetupCertManager(ctx pulumi.Context, cluster providers.ProviderInfo) erro`
`69`	`69`	`},`
`70`	`70`	`},`
`71`	`71`	`},`
`72`		`- }, pulumi.Provider(cluster.Provider), pulumi.DependsOn([]pulumi.Resource{certManager}))`
	`72`	`+ }, pulumi.Provider(cluster.Provider), pulumi.DependsOnInputs(certManager.Ready))`
`73`	`73`	`if err != nil {`
`74`	`74`	`return err`
`75`	`75`	`}`
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@ func DeployAll(ctx pulumi.Context, cluster providers.ProviderInfo, environment`
`16`	`16`	`}`
`17`	`17`
`18`	`18`	`// Setup ingress controller`
`19`		`- err = SetupIngressController(ctx, cluster, environment)`
	`19`	`+ ingressNginx, err := SetupIngressController(ctx, cluster, environment)`
`20`	`20`	`if err != nil {`
`21`	`21`	`return nil, err`
`22`	`22`	`}`
`@@ -28,7 +28,7 @@ func DeployAll(ctx pulumi.Context, cluster providers.ProviderInfo, environment`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`// Deploy MCP Registry`
`31`		`- service, err = DeployMCPRegistry(ctx, cluster, environment, pgCluster)`
	`31`	`+ service, err = DeployMCPRegistry(ctx, cluster, environment, ingressNginx, pgCluster)`
`32`	`32`	`if err != nil {`
`33`	`33`	`return nil, err`
`34`	`34`	`}`