Skip to content

feat(gateway): add optional openapi-to-mcp sidecar#279

Open
jarvis9443 wants to merge 4 commits intomainfrom
feat/openapi-to-mcp-sidecar
Open

feat(gateway): add optional openapi-to-mcp sidecar#279
jarvis9443 wants to merge 4 commits intomainfrom
feat/openapi-to-mcp-sidecar

Conversation

@jarvis9443
Copy link
Copy Markdown
Contributor

@jarvis9443 jarvis9443 commented Apr 17, 2026
edited by coderabbitai bot
Loading

Summary

The OpenAPI-to-MCP server has been extracted from the gateway image into a standalone image (api7/openapi-to-mcp). This PR adds an optional sidecar deployment for it under openapiToMcp in the gateway chart.

Changes

  • charts/gateway/values.yaml: new openapiToMcp block (enabled: false, image api7/openapi-to-mcp:0.0.1-beta, port 3000, empty resources).
  • charts/gateway/templates/_pod.tpl: render the sidecar container when openapiToMcp.enabled is true. Shares the pod network namespace so the gateway plugin reaches it on 127.0.0.1:<port>.
  • charts/gateway/README.md: regenerated via make helm-docs.

Notes

  • The upstream server binds to 127.0.0.1 inside the container, so httpGet/tcpSocket probes from kubelet would fail. The template uses an exec probe that runs a small node -e script against 127.0.0.1:$SSE_PORT/health.
  • Default is enabled: false. Users running the openapi-to-mcp or mcp-tools-acl plugins must flip this to true after upgrading to a gateway image that no longer bundles the server.

Related

  • api7/OpenAPI2MCP#39 (standalone image + release workflow)
  • api7/api7-ee-3-gateway#1463 (strip OpenAPI2MCP from gateway image)

Verification

helm lint charts/gateway                    # passes
helm template t charts/gateway              # no openapi-to-mcp container
helm template t charts/gateway --set openapiToMcp.enabled=true   # container rendered

Summary by CodeRabbit

  • New Features

    • Optional OpenAPI-to-MCP sidecar with enable/disable toggle, configurable image, port, and resource requests/limits.
    • Built-in readiness and liveness checks for the sidecar.
    • Deployment-time validation to ensure the sidecar port matches the gateway plugin port.

  • Documentation

    • Updated Helm chart values and README with sidecar configuration and usage guidance.

@jarvis9443
feat(gateway): add optional openapi-to-mcp sidecar
0b1232a 
The OpenAPI-to-MCP service has been moved out of the gateway image into
a standalone image (api7/openapi-to-mcp). This chart now optionally
deploys it as a sidecar in the gateway pod when the openapi-to-mcp /
mcp-tools-acl plugins are in use.

- Disabled by default; enable via openapiToMcp.enabled=true.
- Shares the pod network namespace with the gateway so the plugin can
  continue to reach it on 127.0.0.1:<port>.
- Uses exec-based probes because the upstream server binds to 127.0.0.1
  inside the container.
- Existing users of the openapi-to-mcp / mcp-tools-acl plugins must set
  openapiToMcp.enabled=true after upgrading.
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Apr 17, 2026
edited
Loading

📝 Walkthrough

Walkthrough

Adds Helm values and README documentation for an optional OpenAPI-to-MCP sidecar and updates the gateway pod template to conditionally inject that sidecar (image, port, env, probes, resources) with template-time validation that the sidecar port matches gateway plugin attributes.

Changes

Cohort / File(s) Summary
Helm values & docs
charts/gateway/values.yaml, charts/gateway/README.md		 Add openapiToMcp values: enabled, image.{repository,tag,pullPolicy}, port, and resources; document that openapiToMcp.port must match plugin_attr.openapi-to-mcp (plugin attribute port).
Pod template
charts/gateway/templates/_pod.tpl		 Conditionally inject an openapi-to-mcp container when .Values.openapiToMcp.enabled is true; configure image/pullPolicy, set SSE_PORT from .Values.openapiToMcp.port, expose TCP port http, add HTTP readiness/liveness probes on /health, apply .Values.openapiToMcp.resources, and perform template-time fail if the configured port is missing or mismatched with pluginAttrs["openapi-to-mcp"].port.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
E2e Test Quality Review ⚠️ Warning PR lacks E2E tests for the new OpenAPI-to-MCP sidecar container feature in the Helm chart. Implement E2E tests validating sidecar deployment, port binding, health probes, and resource limits across enabled/disabled scenarios.
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The pull request title accurately describes the main change: adding an optional openapi-to-mcp sidecar to the gateway chart. It is concise, specific, and directly reflects the primary objective of the changeset.
Security Check ✅ Passed OpenAPI-to-MCP sidecar container includes proper environment variable injection, port binding to localhost, health probes, and no hardcoded secrets.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/openapi-to-mcp-sidecar

Comment @coderabbitai help to get the list of available commands and usage tips.

@jarvis9443 jarvis9443 marked this pull request as ready for review April 17, 2026 05:00
coderabbitai[bot]
coderabbitai bot reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@charts/gateway/templates/_pod.tpl`:
- Around line 231-273: The template currently wires the sidecar to
.Values.openapiToMcp.port but doesn't validate equality with
pluginAttrs["openapi-to-mcp"].port, allowing silent runtime breakage; add a Helm
template guard at the top of the openapi-to-mcp block that compares
.Values.openapiToMcp.port with index .Values.pluginAttrs "openapi-to-mcp" .port
and calls fail(...) if they differ so the chart rendering fails fast; locate the
openapiToMcp block in _pod.tpl and add the eq check using Helm's eq/if or ne and
fail to produce a clear error message referencing both .Values.openapiToMcp.port
and pluginAttrs["openapi-to-mcp"].port.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: aef03d22-ecda-46e0-b474-8f58bef58637

📥 Commits

Reviewing files that changed from the base of the PR and between 8e20c00 and 0b1232a.

📒 Files selected for processing (3)
  • charts/gateway/README.md
  • charts/gateway/templates/_pod.tpl
  • charts/gateway/values.yaml

Comment thread charts/gateway/templates/_pod.tpl
nic-6443
nic-6443 reviewed Apr 17, 2026
View reviewed changes
Comment thread charts/gateway/templates/_pod.tpl Outdated
@jarvis9443
chore(gateway): use httpGet probe for openapi-to-mcp sidecar
9ac8a14 
OpenAPI2MCP image now binds to 0.0.0.0 by default (via SSE_HOST) in
api7/OpenAPI2MCP#40, so we can drop the awkward exec+node probe.
coderabbitai[bot]
coderabbitai bot reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@charts/gateway/templates/_pod.tpl`:
- Around line 232-235: The template currently skips validation when
pluginAttrs.openapi-to-mcp.port is missing; change the logic in the block using
$mcpAttr and the hasKey check so you always validate port alignment: retrieve
pluginPort from (index $mcpAttr "port") using a default/sentinel and then
compare int(pluginPort) to int(.Values.openapiToMcp.port), and if pluginPort is
absent fail when .Values.openapiToMcp.port does not equal the plugin’s expected
default port; update the fail message in the same block to reference
.Values.openapiToMcp.port and the plugin port value so a mismatch is caught even
when pluginAttrs omits the port.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: cbd830d4-0bfc-4a74-ba64-9769da0a5de8

📥 Commits

Reviewing files that changed from the base of the PR and between 6a074fb and 9ac8a14.

📒 Files selected for processing (1)
  • charts/gateway/templates/_pod.tpl

Comment thread charts/gateway/templates/_pod.tpl
coderabbitai[bot]
coderabbitai bot reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
charts/gateway/templates/_pod.tpl (1)

232-235: Prefer merged plugin attrs over raw .Values.pluginAttrs to avoid default drift.

This works, but using the merged helper output as the source of truth will reduce maintenance risk if base plugin defaults change later.

♻️ Proposed refactor 
-    {{- $mcpAttr := (index .Values.pluginAttrs "openapi-to-mcp" | default dict) -}}
+    {{- $pluginAttrs := (include "apisix.pluginAttrs" . | fromYaml) -}}
+    {{- $mcpAttr := (index $pluginAttrs "openapi-to-mcp" | default dict) -}}
     {{- $pluginMcpPort := (index $mcpAttr "port" | default 3000 | int) -}}
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@charts/gateway/templates/_pod.tpl` around lines 232 - 235, The comparison is
reading raw .Values.pluginAttrs via $mcpAttr but should use the chart's merged
plugin-attrs helper output to avoid default-drift; replace the lookup currently
using (index .Values.pluginAttrs "openapi-to-mcp") with the merged-plugin-attrs
variable or helper used elsewhere (e.g., the template variable that holds merged
plugin attrs, such as $mergedPluginAttrs or the include/tuple helper that
returns merged attrs), then use (index $mergedPluginAttrs "openapi-to-mcp" |
default dict) to compute $mcpAttr and keep the rest of the check against
.Values.openapiToMcp.port unchanged so plugin defaults remain authoritative.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@charts/gateway/templates/_pod.tpl`:
- Around line 232-235: The comparison is reading raw .Values.pluginAttrs via
$mcpAttr but should use the chart's merged plugin-attrs helper output to avoid
default-drift; replace the lookup currently using (index .Values.pluginAttrs
"openapi-to-mcp") with the merged-plugin-attrs variable or helper used elsewhere
(e.g., the template variable that holds merged plugin attrs, such as
$mergedPluginAttrs or the include/tuple helper that returns merged attrs), then
use (index $mergedPluginAttrs "openapi-to-mcp" | default dict) to compute
$mcpAttr and keep the rest of the check against .Values.openapiToMcp.port
unchanged so plugin defaults remain authoritative.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 061002d3-fc4e-4416-843f-959c88e3bca3

📥 Commits

Reviewing files that changed from the base of the PR and between 9ac8a14 and 5cb6415.

📒 Files selected for processing (1)
  • charts/gateway/templates/_pod.tpl

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nic-6443 nic-6443 nic-6443 left review comments

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jarvis9443 @nic-6443