Skip to content

Add virtualmcpservers to default Helm RBAC values#299

Merged
danbarr merged 2 commits intomainfrom
fix-helm-rbac
Jan 27, 2026
Merged

Add virtualmcpservers to default Helm RBAC values#299
danbarr merged 2 commits intomainfrom
fix-helm-rbac

Conversation

@danbarr
Copy link
Contributor

@danbarr danbarr commented Jan 27, 2026

This fixes an issue with v0.2.4 of the Helm chart, where the mcp-optimizer pod would fail to start up since virtualmcpservers was missing from the default values.yaml

2026-01-27 19:13:43 [error    ] HTTP error listing VirtualMCPServers: 403 [mcp_optimizer.toolhive.k8s_client] response_text='{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"virtualmcpservers.toolhive.stacklok.dev is forbidden: User \\"system:serviceaccount:toolhive-system:mcp-optimizer\\" cannot list resource \\"virtualmcpservers\\" in API group \\"toolhive.stacklok.dev\\" at the cluster scope","reason":"Forbidden","details":{"group":"toolhive.stacklok.dev","kind":"virtualmcpservers"},"code":403}\n' status_code=403

Signed-off-by: Dan Barr 6922515+danbarr@users.noreply.github.com

@danbarr
Add virtualmcpservers to default Helm RBAC values
4e01247 
Signed-off-by: Dan Barr <6922515+danbarr@users.noreply.github.com>
@claude
Copy link

claude bot commented Jan 27, 2026

PR Review

Summary: Critical bug fix that adds missing RBAC permissions for virtualmcpservers. The fix correctly addresses the 403 error preventing pod startup.

✅ Positives

  • Properly fixes the RBAC permission issue across all key configuration files
  • Updates documentation to reflect both MCPServer and VirtualMCPServer requirements
  • Consistent changes across Helm values and docs

⚠️ Issue Found

Missing update in example file (examples/mcp-servers/mcpserver_mcp-optimizer.yaml:16):
The RBAC rules still only include "mcpservers":

resources: ["mcpservers"]  # Should be ["mcpservers", "virtualmcpservers"]

This example file is used as a reference and will fail with the same 403 error if users follow it.

Recommendation

Update examples/mcp-servers/mcpserver_mcp-optimizer.yaml line 16 to match the other fixes:

resources: ["mcpservers", "virtualmcpservers"]

Verdict: Approve with requested fix to the example file.

@danbarr
Fix missed example
2eae9d5 
Signed-off-by: Dan Barr <6922515+danbarr@users.noreply.github.com>
@danbarr danbarr merged commit d6ae33a into main Jan 27, 2026
7 checks passed
@danbarr danbarr deleted the fix-helm-rbac branch January 27, 2026 21:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@ptelang ptelang ptelang approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@danbarr @ptelang