AI and MCP Services

Relevant source files

• kubernetes/apps/ai/context7-mcp/app/externalsecret.yaml
• kubernetes/apps/ai/context7-mcp/app/kustomization.yaml
• kubernetes/apps/ai/context7-mcp/app/mcpserver.yaml
• kubernetes/apps/ai/context7-mcp/ks.yaml
• kubernetes/apps/ai/flux-operator-mcp/app/kustomization.yaml
• kubernetes/apps/ai/flux-operator-mcp/app/mcpserver.yaml
• kubernetes/apps/ai/flux-operator-mcp/app/rbac.yaml
• kubernetes/apps/ai/flux-operator-mcp/ks.yaml
• kubernetes/apps/ai/github-mcp/app/externalsecret.yaml
• kubernetes/apps/ai/github-mcp/app/kustomization.yaml
• kubernetes/apps/ai/github-mcp/app/mcpserver.yaml
• kubernetes/apps/ai/github-mcp/ks.yaml
• kubernetes/apps/ai/grafana-mcp/app/externalsecret.yaml
• kubernetes/apps/ai/grafana-mcp/app/kustomization.yaml
• kubernetes/apps/ai/grafana-mcp/app/mcpserver.yaml
• kubernetes/apps/ai/grafana-mcp/ks.yaml
• kubernetes/apps/ai/ha-mcp/app/mcpserver.yaml
• kubernetes/apps/ai/kustomization.yaml
• kubernetes/apps/ai/open-webui/app/helmrelease.yaml
• kubernetes/apps/ai/searxng-mcp/app/kustomization.yaml
• kubernetes/apps/ai/searxng-mcp/app/mcpserver.yaml
• kubernetes/apps/ai/searxng-mcp/ks.yaml
• kubernetes/apps/ai/toolhive/config/httproute.yaml
• kubernetes/apps/ai/toolhive/config/kustomization.yaml
• kubernetes/apps/ai/toolhive/config/mcpoidcconfig.yaml
• kubernetes/apps/ai/toolhive/config/toolhive-operator-event-rbac.yaml
• kubernetes/apps/ai/toolhive/ks.yaml
• kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml
• kubernetes/apps/dev/forgejo/app/kustomization.yaml
• kubernetes/apps/dev/forgejo/app/ocirepository.yaml
• kubernetes/apps/dev/forgejo/runner/externalsecret.yaml
• kubernetes/apps/dev/forgejo/runner/helmrelease.yaml

The ai namespace provides a comprehensive stack for Large Language Model (LLM) inference, user-facing chat interfaces, and a sophisticated Model Context Protocol (MCP) ecosystem. This architecture enables LLMs to interact with cluster services (Home Assistant, Grafana, Flux) and external data sources (GitHub, SearXNG) through a centralized MCP gateway managed by the ToolHive operator.

Core AI Infrastructure

The foundation of the AI stack consists of Ollama for model serving and Open WebUI as the primary interaction layer.

Open WebUI

Open WebUI serves as the central chat interface, configured to communicate with Ollama and integrated with the cluster’s search and observability stack.

• Model Backend: Connects to Ollama via OLLAMA_BASE_URL: http://ollama.ai:11434kubernetes/apps/ai/open-webui/app/helmrelease.yaml63
• Search Integration: Utilizes the cluster’s SearXNG instance for RAG (Retrieval-Augmented Generation) web searches kubernetes/apps/ai/open-webui/app/helmrelease.yaml64-68
• State Management: Uses a DragonflyDB (Redis) instance for websocket management at redis://dragonfly.database.svc.cluster.local:6379/1kubernetes/apps/ai/open-webui/app/helmrelease.yaml70-71
• Observability: Exports OpenTelemetry (OTLP) metrics to the k8s-monitoring-alloy-receiver in the observability namespace kubernetes/apps/ai/open-webui/app/helmrelease.yaml42-45

Ollama

Ollama handles the LLM inference. It is deployed via a standard Flux Kustomizationkubernetes/apps/ai/ollama/ks.yaml1-21 and serves the API used by Open WebUI and other internal consumers.

Sources:

• kubernetes/apps/ai/open-webui/app/helmrelease.yaml
• kubernetes/apps/ai/ollama/ks.yaml

ToolHive MCP Operator

The cluster utilizes the ToolHive operator (stacklok) to manage Model Context Protocol servers. This allows LLMs to use “tools” by standardizing how they call external APIs.

Configuration and Security

• VirtualMCPServer: Defined in virtualmcpserver.yamlkubernetes/apps/ai/toolhive/config/kustomization.yaml13 this acts as the entry point for the MCP gateway.
• OIDC Authentication: Secured via MCPOIDCConfig, integrating with the cluster’s identity provider kubernetes/apps/ai/toolhive/config/mcpoidcconfig.yaml1-9
• MCP Grouping: Servers are organized into groups, such as mcp-tools, to manage access and routing kubernetes/apps/ai/grafana-mcp/app/mcpserver.yaml25-26

MCP Gateway Routing

The gateway is exposed via Envoy Gateway using HTTPRoute resources.

Route Name	Hostname	Backend Service	Port
mcp-gateway	mcp.cloudjur.com	vmcp-mcp-gateway	4483
mcp-gateway-internal	mcp-direct.cloudjur.com	vmcp-mcp-gateway-internal	4483

Sources:

• kubernetes/apps/ai/toolhive/config/httproute.yaml1-40
• kubernetes/apps/ai/toolhive/config/kustomization.yaml
• kubernetes/apps/ai/grafana-mcp/app/mcpserver.yaml

MCP Server Integrations

Multiple specialized MCP servers are deployed to grant the AI context and control over the home-ops environment.

System Integration Diagram (Natural Language to Code)

This diagram maps the logical MCP tools to their specific Kubernetes Custom Resources and backend service targets.

[Flowchart Diagram]

Sources:

• kubernetes/apps/ai/toolhive/config/httproute.yaml
• kubernetes/apps/ai/grafana-mcp/app/mcpserver.yaml15-16
• kubernetes/apps/ai/flux-operator-mcp/ks.yaml

Implementation Details

MCP Server	Image / Source	Purpose	Key Config
Context7	context7-mcp	Specialized context retrieval	CONTEXT7_API_KEY via ExternalSecret kubernetes/apps/ai/context7-mcp/app/externalsecret.yaml12
GitHub	github-mcp	Repo and Issue management	Managed via github-mcp-secret
Grafana	mcp-grafana:0.14.0	Querying metrics and dashboards	GRAFANA_URLkubernetes/apps/ai/grafana-mcp/app/mcpserver.yaml16
Home Assistant	ha-mcp	IoT device control	Connects to home-assistant service
SearXNG	mcp-searxng:1.0.5	Privacy-respecting web search	SEARXNG_URLkubernetes/apps/ai/searxng-mcp/app/mcpserver.yaml14
Flux Operator	flux-operator-mcp	GitOps lifecycle management	Depends on toolhive-operator-crdskubernetes/apps/ai/flux-operator-mcp/ks.yaml12

Data Flow: Chat to Tool Execution

The following diagram traces a request from the user interface through the MCP routing layer to a specific tool execution (e.g., searching the web via SearXNG).

sequenceDiagram
    participant User
    participant OWU as Open-WebUI [app]
    participant GW as MCP Gateway [vmcp-mcp-gateway]
    participant SearxMCP as SearXNG MCP [MCPServer]
    participant SearxSvc as SearXNG [searxng.default]
    User->>OWU: "Search for Kubernetes news"
    OWU->>GW: Request Tool: searxng_search
    GW->>SearxMCP: Forward via streamable-http [mcpserver.yaml:9]
    SearxMCP->>SearxSvc: HTTP GET /search?q=... [mcpserver.yaml:14]
    SearxSvc-->>SearxMCP: Results (JSON)
    SearxMCP-->>GW: MCP Tool Response
    GW-->>OWU: Tool Output
    OWU-->>User: "Here are the latest news..."

Sources:

• kubernetes/apps/ai/open-webui/app/helmrelease.yaml68
• kubernetes/apps/ai/searxng-mcp/app/mcpserver.yaml8-16
• kubernetes/apps/ai/toolhive/config/httproute.yaml17-19

Persistence and Storage

Open-WebUI uses a PersistentVolumeClaim (PVC) named open-webui to store application data (users, chat history, local RAG database) at /app/backend/datakubernetes/apps/ai/open-webui/app/helmrelease.yaml92-97

Sources:

• kubernetes/apps/ai/open-webui/app/helmrelease.yaml
• kubernetes/apps/ai/kustomization.yaml
• kubernetes/apps/ai/context7-mcp/app/mcpserver.yaml
• kubernetes/apps/ai/searxng-mcp/app/mcpserver.yaml