feat: add Helm chart scaffolding and core templates

Add initial Helm chart under dist/chart/ with core templates that
produce the same resources as the kustomize deployment:

- Chart.yaml, values.yaml, .helmignore
- CRD (crds/mcp.x-k8s.io_mcpservers.yaml)
- ServiceAccount (conditional via serviceAccount.create)
- RBAC: manager ClusterRole/Binding, leader-election Role/Binding,
  metrics-auth ClusterRole/Binding, metrics-reader ClusterRole
  (conditional via rbac.create)
- Controller manager Deployment with configurable image, resources,
  nodeSelector, tolerations, affinity, podAnnotations, podLabels
- Metrics Service (port 8443)
- NOTES.txt with post-install instructions
- _helpers.tpl with standard naming/labeling helpers

Part of #132

Signed-off-by: Venkatesh1505 <venkyravi97@gmail.com>

Author: Venkatesh1505

dist/chart/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

dist/chart/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: mcp-lifecycle-operator
+description: A Kubernetes operator that provides a declarative API to deploy, manage, and safely roll out MCP Servers
+type: application
+version: 0.1.0
+appVersion: "0.1.0"
+kubeVersion: ">= 1.28.0"
+home: https://github.com/kubernetes-sigs/mcp-lifecycle-operator
+sources:
+  - https://github.com/kubernetes-sigs/mcp-lifecycle-operator
+keywords:
+  - kubernetes
+  - operator
+  - mcp
+  - model-context-protocol
+maintainers:
+  - name: mcp-lifecycle-operator maintainers
+    url: https://github.com/kubernetes-sigs/mcp-lifecycle-operator

dist/chart/crds/mcp.x-k8s.io_mcpservers.yaml

@@ -0,0 +1,27 @@
+{{ .Chart.Name }} {{ .Chart.AppVersion }} has been deployed successfully!
+
+1. Verify the operator is running:
+
+  kubectl get deployment -n {{ .Release.Namespace }} {{ include "mcp-lifecycle-operator.fullname" . }}-controller-manager
+
+2. Create an MCPServer resource:
+
+  kubectl apply -f - <<EOF
+  apiVersion: mcp.x-k8s.io/v1alpha1
+  kind: MCPServer
+  metadata:
+    name: test-server
+  spec:
+    source:
+      type: ContainerImage
+      containerImage:
+        ref: quay.io/containers/kubernetes_mcp_server:latest
+    config:
+      port: 8080
+  EOF
+
+3. Check the MCPServer status:
+
+  kubectl get mcpservers
+
+For more information, visit: {{ .Chart.Home }}

dist/chart/templates/NOTES.txt

@@ -0,0 +1,68 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "mcp-lifecycle-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+*/}}
+{{- define "mcp-lifecycle-operator.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "mcp-lifecycle-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "mcp-lifecycle-operator.labels" -}}
+helm.sh/chart: {{ include "mcp-lifecycle-operator.chart" . }}
+{{ include "mcp-lifecycle-operator.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "mcp-lifecycle-operator.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "mcp-lifecycle-operator.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+control-plane: controller-manager
+{{- end }}
+
+{{/*
+Create the name of the service account to use.
+*/}}
+{{- define "mcp-lifecycle-operator.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (printf "%s-controller-manager" (include "mcp-lifecycle-operator.fullname" .)) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Controller manager image
+*/}}
+{{- define "mcp-lifecycle-operator.image" -}}
+{{- printf "%s:%s" .Values.image.repository (.Values.image.tag | default .Chart.AppVersion) }}
+{{- end }}

dist/chart/templates/_helpers.tpl

@@ -0,0 +1,85 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "mcp-lifecycle-operator.fullname" . }}-controller-manager
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "mcp-lifecycle-operator.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      {{- include "mcp-lifecycle-operator.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+        {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+        {{- include "mcp-lifecycle-operator.selectorLabels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: manager
+          image: {{ include "mcp-lifecycle-operator.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command:
+            - /manager
+          args:
+            {{- if .Values.leaderElection.enabled }}
+            - --leader-elect
+            {{- end }}
+            - --health-probe-bind-address={{ .Values.healthProbe.bindAddress }}
+            - --metrics-bind-address={{ .Values.metrics.bindAddress }}
+          ports:
+            - name: metrics
+              containerPort: {{ .Values.metrics.service.port }}
+              protocol: TCP
+            - name: health
+              containerPort: 8081
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8081
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: 8081
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
+      serviceAccountName: {{ include "mcp-lifecycle-operator.serviceAccountName" . }}
+      terminationGracePeriodSeconds: 10
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

dist/chart/templates/deployment.yaml

@@ -0,0 +1,41 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "mcp-lifecycle-operator.fullname" . }}-leader-election-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "mcp-lifecycle-operator.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+{{- end }}

dist/chart/templates/leader-election-role.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "mcp-lifecycle-operator.fullname" . }}-leader-election-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "mcp-lifecycle-operator.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "mcp-lifecycle-operator.fullname" . }}-leader-election-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "mcp-lifecycle-operator.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}

dist/chart/templates/leader-election-rolebinding.yaml

@@ -0,0 +1,76 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "mcp-lifecycle-operator.fullname" . }}-manager-role
+  labels:
+    {{- include "mcp-lifecycle-operator.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - ""
+      - events.k8s.io
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - apps
+    resources:
+      - deployments
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - mcp.x-k8s.io
+    resources:
+      - mcpservers
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - mcp.x-k8s.io
+    resources:
+      - mcpservers/finalizers
+    verbs:
+      - update
+  - apiGroups:
+      - mcp.x-k8s.io
+    resources:
+      - mcpservers/status
+    verbs:
+      - get
+      - patch
+      - update
+{{- end }}

dist/chart/templates/manager-clusterrole.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "mcp-lifecycle-operator.fullname" . }}-manager-rolebinding
+  labels:
+    {{- include "mcp-lifecycle-operator.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "mcp-lifecycle-operator.fullname" . }}-manager-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "mcp-lifecycle-operator.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}