@@ -245,6 +245,74 @@ type MCPServerDeployment struct {
245245 // ServiceAccount defines the configuration for the ServiceAccount.
246246 // +optional
247247 ServiceAccount * ServiceAccountConfig `json:"serviceAccount,omitempty"`
248+
249+ // Labels defines additional labels to add to the pod template.
250+ // These labels will be merged with the default labels.
251+ // +optional
252+ Labels map [string ]string `json:"labels,omitempty"`
253+
254+ // Annotations defines additional annotations to add to the pod template.
255+ // These annotations will be merged with the default annotations.
256+ // +optional
257+ Annotations map [string ]string `json:"annotations,omitempty"`
258+
259+ // Resources defines the compute resource requirements for the main MCP server container.
260+ // Use this to specify CPU and memory requests and limits.
261+ // Example:
262+ // resources:
263+ // requests:
264+ // cpu: "100m"
265+ // memory: "128Mi"
266+ // limits:
267+ // cpu: "500m"
268+ // memory: "512Mi"
269+ // +optional
270+ Resources * corev1.ResourceRequirements `json:"resources,omitempty"`
271+
272+ // SecurityContext defines the security context for the main MCP server container.
273+ // Use this to configure container-level security settings such as:
274+ // - runAsUser/runAsGroup: Run as specific user/group
275+ // - runAsNonRoot: Ensure container doesn't run as root
276+ // - readOnlyRootFilesystem: Make root filesystem read-only
277+ // - allowPrivilegeEscalation: Prevent privilege escalation
278+ // - capabilities: Add or drop Linux capabilities
279+ // +optional
280+ SecurityContext * corev1.SecurityContext `json:"securityContext,omitempty"`
281+
282+ // PodSecurityContext defines the security context for the entire pod.
283+ // Use this to configure pod-level security settings such as:
284+ // - runAsUser/runAsGroup: Default user/group for all containers
285+ // - fsGroup: Group ownership of mounted volumes
286+ // - seccompProfile: Seccomp profile for the pod
287+ // - sysctls: Kernel parameters to set
288+ // +optional
289+ PodSecurityContext * corev1.PodSecurityContext `json:"podSecurityContext,omitempty"`
290+
291+ // Tolerations defines the tolerations for the pod.
292+ // Use this to schedule pods on nodes with matching taints.
293+ // +optional
294+ Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
295+
296+ // Affinity defines the affinity rules for the pod.
297+ // Use this to control pod placement based on node labels, pod labels,
298+ // or other scheduling constraints.
299+ // +optional
300+ Affinity * corev1.Affinity `json:"affinity,omitempty"`
301+
302+ // NodeSelector defines the node selector for the pod.
303+ // Use this to constrain pods to nodes with specific labels.
304+ // +optional
305+ NodeSelector map [string ]string `json:"nodeSelector,omitempty"`
306+
307+ // Replicas defines the number of desired pod replicas.
308+ // Defaults to 1 if not specified.
309+ // +optional
310+ // +kubebuilder:default=1
311+ Replicas * int32 `json:"replicas,omitempty"`
312+
313+ // ImagePullSecrets defines the list of secrets to use for pulling container images.
314+ // +optional
315+ ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
248316}
249317
250318// InitContainerConfig defines the configuration for the init container.
@@ -259,6 +327,16 @@ type InitContainerConfig struct {
259327 // +optional
260328 // +kubebuilder:validation:Enum=Always;Never;IfNotPresent
261329 ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"`
330+
331+ // Resources defines the compute resource requirements for the init container.
332+ // Use this to specify CPU and memory requests and limits for the init container.
333+ // +optional
334+ Resources * corev1.ResourceRequirements `json:"resources,omitempty"`
335+
336+ // SecurityContext defines the security context for the init container.
337+ // If not specified, the main container's security context will be used.
338+ // +optional
339+ SecurityContext * corev1.SecurityContext `json:"securityContext,omitempty"`
262340}
263341
264342// ServiceAccountConfig defines the configuration for the ServiceAccount.
0 commit comments