Bump helm chart to v0.6.0 (#106)

Starttoaster · web-flow · commit 5964733dec17 · 2026-05-18T12:07:34.000-07:00
* Bump helm chart to v0.6.0

* Add Ingress for MCP endpoint
diff --git a/chart/trivy-operator-explorer/Chart.yaml b/chart/trivy-operator-explorer/Chart.yaml
@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.7
+version: 0.4.8
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "v0.5.9"
+appVersion: "v0.6.0"
diff --git a/chart/trivy-operator-explorer/templates/mcp-ingress.yaml b/chart/trivy-operator-explorer/templates/mcp-ingress.yaml
@@ -0,0 +1,71 @@
+{{- if .Values.mcpIngress.enabled -}}
+{{- $fullName := include "trivy-operator-explorer.fullname" . -}}
+{{- $svcPort := .Values.service.mcpPort -}}
+{{- if and .Values.mcpIngress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.mcpIngress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.mcpIngress.annotations "kubernetes.io/ingress.class" .Values.mcpIngress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-mcp
+  labels:
+    {{- include "trivy-operator-explorer.labels" . | nindent 4 }}
+  {{- with .Values.mcpIngress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.mcpIngress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.mcpIngress.className }}
+  {{- end }}
+  {{- if .Values.mcpIngress.tls }}
+  tls:
+    {{- range .Values.mcpIngress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      {{- if .secretName }}
+      secretName: {{ .secretName }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  {{- if eq $.Values.mcpIngress.ruleType "rules" }}
+  rules:
+    {{- range .Values.mcpIngress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+          {{- end }}
+    {{- end }}
+  {{- else if eq $.Values.mcpIngress.ruleType "defaultBackend" }}
+  defaultBackend:
+    service:
+      name: {{ $fullName }}
+      port:
+        number: {{ $svcPort }}
+  {{- end }}
+{{- end }}
diff --git a/chart/trivy-operator-explorer/values.yaml b/chart/trivy-operator-explorer/values.yaml
@@ -96,6 +96,28 @@ ingress:
   # Switch between different Ingress rule styles. Can be one of "rules", or "defaultBackend"
   ruleType: "rules"
 
+# Opt-in Ingress for the MCP server. Disabled by default. When enabled, this
+# creates a separate Ingress that routes to service.mcpPort. There is no
+# authentication on the MCP endpoint, so rely on network policy / ingress auth
+# to gate access.
+mcpIngress:
+  enabled: false
+  className: ""
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: mcp.chart-example.local
+      paths:
+        - path: /
+          pathType: Prefix
+  tls: []
+  #  - secretName: chart-example-mcp-tls
+  #    hosts:
+  #      - mcp.chart-example.local
+  # Switch between different Ingress rule styles. Can be one of "rules", or "defaultBackend"
+  ruleType: "rules"
+
 resources: 
   # Change these as needed. Larger clusters with more resources may run into issues with too low of limits.
   limits:
