Sienna Meridian Satterwhite
fcb80f1f37
Penpot (designer.sunbeam.pt): - Frontend/backend/exporter deployments with OIDC-only auth via Hydra - VSO-managed DB, S3, and app secrets from OpenBao - PostgreSQL user/db in CNPG postInitSQL - Hydra Maester enabledNamespaces extended to devtools Penpot MCP server (mcp-designer.sunbeam.pt): - Pre-built Node.js image pushed to Gitea registry - Auth-gated via Pingora auth_request → Hydra /userinfo - WebSocket path for browser plugin connection Wildcard TLS: - Switched cert-manager from HTTP-01 (per-SAN) to DNS-01 via Scaleway webhook - Certificate collapsed to *.sunbeam.pt + sunbeam.pt - Added scaleway-certmanager-webhook Helm chart - VSO secret for Scaleway DNS API credentials in cert-manager namespace - Added cert-manager to OpenBao VSO auth role
57 lines
1.3 KiB
YAML
57 lines
1.3 KiB
YAML
# Penpot MCP server — bridges AI clients to Penpot via the MCP plugin.
|
|
# Port 4401: HTTP/SSE for MCP clients (Claude, etc.)
|
|
# Port 4402: WebSocket for the Penpot browser plugin
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: penpot-mcp
|
|
namespace: devtools
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: penpot-mcp
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: penpot-mcp
|
|
spec:
|
|
containers:
|
|
- name: penpot-mcp
|
|
image: src.sunbeam.pt/studio/penpot-mcp:latest
|
|
ports:
|
|
- name: http
|
|
containerPort: 4401
|
|
- name: ws
|
|
containerPort: 4402
|
|
env:
|
|
- name: PENPOT_MCP_REMOTE_MODE
|
|
value: "true"
|
|
- name: PENPOT_MCP_SERVER_HOST
|
|
value: "0.0.0.0"
|
|
- name: PENPOT_MCP_SERVER_ADDRESS
|
|
value: "mcp-designer.DOMAIN_SUFFIX"
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 64Mi
|
|
limits:
|
|
memory: 256Mi
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: penpot-mcp
|
|
namespace: devtools
|
|
spec:
|
|
selector:
|
|
app: penpot-mcp
|
|
ports:
|
|
- name: http
|
|
port: 4401
|
|
targetPort: http
|
|
- name: ws
|
|
port: 4402
|
|
targetPort: ws
|