Skip to content

Commit b687339

Browse files
JAORMXclaude
JAORMX
and
claude
authored
RFC-0055: MCPServerEntry CRD for Direct Remote MCP Server Backends (#55)
* RFC: MCPServerEntry CRD for direct remote MCP server backends Introduces a new MCPServerEntry CRD that lets VirtualMCPServer connect directly to remote MCP servers without MCPRemoteProxy infrastructure, resolving the forced-auth (#3104) and dual-boundary confusion (#4109) issues. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Rename RFC to match PR number THV-0055 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove Go code samples, replace with prose descriptions RFC should focus on design intent, not implementation code. Keep YAML/Mermaid examples, replace Go blocks with prose describing controller behavior, discovery logic, and TLS handling. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove file path lists from component changes section Implementation details like specific file paths belong in the implementation, not the RFC design document. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Address review feedback on MCPServerEntry RFC - Clarify groupRef is plain string for consistency with MCPServer/MCPRemoteProxy - Fix Alt 1 YAML example to use string form for groupRef - Change caBundleRef to reference ConfigMap (CA certs are public data) - Add SSRF rationale: CEL IP blocking omitted since internal servers are legitimate - Clarify auth resolution loads config only, token exchange deferred to request time - Specify CA bundle volume mount for static mode (PEM files, not env vars) - Document toolConfigRef migration path via aggregation.tools[].workload Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add planned deprecation notice in favor of MCPRemoteEndpoint MCPServerEntry ships now to unblock near-term use cases. It will be superseded by MCPRemoteEndpoint, a unified CRD that combines direct and proxy remote connectivity under a single resource. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Update deprecation notice to reference THV-0067 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Remove THV-0067 from this branch (belongs in its own PR) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Address @ChrisJBurns review feedback on SSRF blast radius and CA bundle complexity Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 06cf378 commit b687339

File tree

1 file changed

+921
-0
lines changed

1 file changed

+921
-0
lines changed

0 commit comments

Comments
 (0)