Expose resource-url parameter through MCPServer CRD (#1426)

Signed-off-by: ChrisJBurns <[email protected]>
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Chris Burns <[email protected]>

Author: ChrisJBurns

cmd/thv-operator/api/v1alpha1/mcpserver_types.go

@@ -272,6 +272,11 @@ type OIDCConfigRef struct {
 	// +kubebuilder:default=kubernetes
 	Type string `json:"type"`
 
+	// ResourceURL is the explicit resource URL for OAuth discovery endpoint (RFC 9728)
+	// If not specified, defaults to the in-cluster Kubernetes service URL
+	// +optional
+	ResourceURL string `json:"resourceUrl,omitempty"`
+
 	// Kubernetes configures OIDC for Kubernetes service account token validation
 	// Only used when Type is "kubernetes"
 	// +optional

cmd/thv-operator/controllers/mcpserver_controller.go

@@ -431,7 +431,10 @@ func (r *MCPServerReconciler) deploymentForMCPServer(m *mcpv1alpha1.MCPServer) *
 		args = append(args, oidcArgs...)
 
 		// Add OAuth discovery resource URL for RFC 9728 compliance
-		resourceURL := createServiceURL(m.Name, m.Namespace, m.Spec.Port)
+		resourceURL := m.Spec.OIDCConfig.ResourceURL
+		if resourceURL == "" {
+			resourceURL = createServiceURL(m.Name, m.Namespace, m.Spec.Port)
+		}
 		args = append(args, fmt.Sprintf("--resource-url=%s", resourceURL))
 	}
 

deploy/charts/operator-crds/Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v2
 name: toolhive-operator-crds
 description: A Helm chart for installing the ToolHive Operator CRDs into Kubernetes.
 type: application
-version: 0.0.13
+version: 0.0.14
 appVersion: "0.0.1"

deploy/charts/operator-crds/README.md

@@ -1,7 +1,7 @@
 
 # ToolHive Operator CRDs Helm Chart
 
-![Version: 0.0.13](https://img.shields.io/badge/Version-0.0.13-informational?style=flat-square)
+![Version: 0.0.14](https://img.shields.io/badge/Version-0.0.14-informational?style=flat-square)
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 A Helm chart for installing the ToolHive Operator CRDs into Kubernetes.

deploy/charts/operator-crds/templates/toolhive.stacklok.dev_mcpservers.yaml

@@ -228,6 +228,11 @@ spec:
                           Defaults to true if not specified
                         type: boolean
                     type: object
+                  resourceUrl:
+                    description: |-
+                      ResourceURL is the explicit resource URL for OAuth discovery endpoint (RFC 9728)
+                      If not specified, defaults to the in-cluster Kubernetes service URL
+                    type: string
                   type:
                     default: kubernetes
                     description: Type is the type of OIDC configuration