MCP Helm Chart

Security: To verify the container’s authenticity and inspect its SBOM, see the Attestation & Verification Guide.

Installing the Helm Chart

The Subnoto MCP Server is available as a Helm chart published to an OCI registry. This makes it easy to deploy to any Kubernetes cluster.

Installation

Install the chart directly from the OCI registry:

helm install mcp-server oci://registry-1.docker.io/subnoto/mcp-server --version 0.1.4

Available Versions

View available versions on Docker Hub or use the Docker Hub API:

curl -s https://registry.hub.docker.com/v2/repositories/subnoto/mcp-server/tags/ | jq -r '.results[].name'

Configuration

Configuration Parameters

Parameter	Description	Default
replicaCount	Number of replicas	1
image.repository	Container image repository	subnoto/mcp-server
image.tag	Container image tag	Chart version
image.pullPolicy	Image pull policy	IfNotPresent
env.API_BASE_URL	Subnoto API base URL	https://enclave.subnoto.com
env.API_ACCESS_KEY	Subnoto API access key	Required
env.API_SECRET_KEY	Subnoto API secret key	Required
env.DISABLE_ATTESTATION	Disable attestation verification	false
env.ATTESTATION_PUBLIC_KEYS	Base64-encoded attestation public keys	""
env.MCP_TRANSPORT	Transport mode (stdio/http)	http
service.type	Kubernetes service type	ClusterIP
service.port	Service port	8080
ingress.enabled	Enable ingress	false
resources.requests.memory	Memory request	256Mi
resources.requests.cpu	CPU request	100m
resources.limits.memory	Memory limit	512Mi
resources.limits.cpu	CPU limit	500m

Ingress Configuration

To expose the MCP server externally:

ingress:
    enabled: true
    className: nginx
    annotations:
        cert-manager.io/cluster-issuer: "letsencrypt-prod"
    hosts:
        - host: mcp.example.com
          paths:
              - path: /
                pathType: Prefix
    tls:
        enabled: true
        secretName: mcp-server-tls