[FEATURE] Support MCP Servers with Certs signed by Custom RootCAΒ #1110
Description
π Prerequisites
- I have searched the existing issues to avoid creating a duplicate
- By submitting this issue, you agree to follow our Code of Conduct
π Feature Summary
We are hosting internal MCP Servers which are secured with TLS and have certificates signed by custom root CAs
β Problem Statement / Motivation
- At the moment adding such a MCP server results in TLS errors:
ERROR reconciler failed to upsert tool server for remote mcp server {"remoteMCPServer": "kagent/custom-mcp", "error": "failed to fetch tools for toolServer kagent/custom-mcp: failed to initialize client for toolServer kagent/custom-mcp: transport error: failed to send request: failed to send request: Post \"https://<customURL>/mcp\": tls: failed to verify certificate: x509: certificate signed by unknown authority"} - similar to [FEATURE] Add custom CAs for LLM callsΒ #775 , but focussed on the MCP servers, not custom LLMs
π‘ Proposed Solution
- possibility to add custom root CA bundle, e.g. via ConfigMap
π Alternatives Considered
No response
π― Affected Service(s)
Controller Service
π Additional Context
Example Definition:
apiVersion: kagent.dev/v1alpha2
kind: RemoteMCPServer
metadata:
name: custom-mcp
namespace: kagent
spec:
description: ''
protocol: STREAMABLE_HTTP
terminateOnClose: true
timeout: 5s
url: https://internal-url/mcpπ Are you willing to contribute?
- I am willing to submit a PR for this feature