sde-mcp:
enabled: trueMCP Server
Table of Contents
The MCP (Model Context Protocol) server provides a standardized interface for AI tool integration with SD Elements.
| These instructions apply to Self-Hosted deployments of SD Elements. If you are using a SaaS instance and wish to enable the MCP server, please contact our Support Team for assistance. |
Installation and Deployment
Prerequisites:
-
SD Elements helm chart version
2026.3.2+1or later -
sde-mcphelm chart version2026.3.2+2or later
MCP Integrated Server (Recommended)
The sdelements helm chart includes the sde-mcp subchart which can be enabled to deploy the MCP server in the same namespace.
Update the custom values file
Advanced Deployment Configuration
For network policies, update the below values
sde-mcp:
networkPoliciesEnabled: true
## For example network policy ingress to the mcp pod
networkPolicies:
mcp:
podSelector:
matchLabels:
name: sde-mcp
ingress:
- selectors:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
podSelector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
ports:
- port: 443For instances with self-signed certificates, it might be necessary to enable below
sde-mcp:
mcp:
nodeTlsRejectUnauthorized: "0"For additional configuration see the sde-mcp Helm chart values.
Deploy the MCP Server
-
Run
helm upgradeto apply the changes. -
Verify that the
{RELEASE_NAME}-mcppod is in aRunningstatus.
MCP Standalone Server
The sde-mcp chart can also deployed as a standalone MCP server in a separate namespace.
You must set exactly one of the following values to restrict which SD Elements instances the MCP server can connect to.
| These two options are mutually exclusive. Setting both will cause the deployment to fail. |
-
Single Instance Mode
mcp:
sdeInstance: "https://your-sdelements-instance.com"-
Allowlist Mode
mcp:
sdeInstanceAllowlist: "https://sde.example.com,https://sde2.example.com"Advanced Configuration
TLS Certificate Configuration
mcp:
fqdn: "sde-mcp.example.com"MCP Server Configuration
mcp:
# Instance restriction (one of sdeInstance or sdeInstanceAllowlist is required - see above)
sdeInstance: ""
sdeInstanceAllowlist: ""
# Allow HTTP (non-HTTPS) hosts (default: false)
# Set to true only for local/dev environments
allowInsecureHttp: false
# Port the MCP server listens on (default: 3000)
port: 3000
# Fully Qualified Domain Name (FQDN) for TLS certificates
# Required when cert-manager is enabled (global.certManager enabled)
# Optional when using self-signed certificates (used if provided)
# Example: "sde-mcp.example.com"
fqdn: ""
# Alternate DNS names for TLS certificates (optional)
# Additional hostnames to include in the certificate's Subject Alternative Names (SAN)
# Example: ["sde-mcp-alias.example.com", "sde-mcp.internal"]
alternateDnsNames: []Ingress Configuration
ingress:
# Enable/disable ingress (default: true)
enabled: true
# Ingress controller class (e.g., "nginx", "traefik", "istio")
className: "nginx"
# Ingress annotations (e.g., for nginx settings)
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# Hosts and paths to route traffic
hosts:
- host: sde-mcp.example.com
paths:
- path: /
pathType: Prefix
backend:
servicePort: 3000
# TLS configuration
tls:
- secretName: sde-mcp-web-server-tls-secrets
hosts:
- sde-mcp.example.comNginx Sidecar Configuration
nginx:
# Enable/disable nginx sidecar (default: true)
enabled: true
# HTTPS port for nginx (default: 443)
port: 443
# Nginx container image
image:
repository: nginx
tag: "1.25-alpine"
pullPolicy: IfNotPresent
# TLS secret name (auto-generated if not specified)
# tlsSecretName: "sde-mcp-web-server-tls-secrets"
# Client certificate verification (optional)
# Options: "on", "optional", "off"
# sslVerifyClient: "on"Network Policies
# Network policies configuration (optional, default=false)
networkPoliciesEnabled: true
networkPolicies:
# Configure as needed for your environmentDeploy the MCP Server
-
Run
helm installfor the first install orhelm upgradeto apply the changes. -
Verify that the
{RELEASE_NAME}-mcppod is in aRunningstatus.
Client Configuration
MCP client configuration is typically defined in:
-
A JSON configuration file (common for IDE extensions)
-
A configuration manage
-
Environment variables
At minimum, the client must know:
-
Where the MCP server is running
-
Which headers to include for authentication and routing
Intregrated MCP
Use this configuration if using the integrated MCP deployment.
Required Configuration:
-
MCP service URL
-
SD Elements API Key
{
"mcpServers": {
"sdelements": {
"url": "https://your-sdelements-instance.com/mcp",
"headers": {
"sde-api-key": "your-api-key-here"
}
}
}
}Single Instance Mode
Use this configuration if MCP is deployed for a single SD Elements instance (mcp.sdeInstance enabled in the Helm chart).
Required Configuration:
-
MCP service URL
-
SD Elements API Key
{
"mcpServers": {
"sdelements": {
"url": "https://sde-mcp.example.com/mcp",
"headers": {
"sde-api-key": "your-api-key-here"
}
}
}
}Allowlist Mode
Use this configuration if MCP supports multiple SD Elements instances (mcp.sdeInstanceAllowlist enabled).
Required Configuration:
-
MCP service URL
-
SD Elements API Key
-
SD Elements instance URL
{
"mcpServers": {
"sdelements": {
"url": "https://sde-mcp.example.com/mcp",
"headers": {
"sde-host": "https://your-sdelements-instance.com",
"sde-api-key": "your-api-key-here"
}
}
}
}Additional Options and Headers
In some cases, it may be necessary to include additional options and headers.
{
"mcpServers": {
"sde-mcp-server": {
"url": "https://sde-mcp.example.com/mcp",
"type": "streamableHttp",
"transport": "https",
"headers": {
"Accept": "application/json, text/event-stream",
"sde-host": "https://<your-SDE-instance.com>",
"sde-api-key": "<your-sde-instance-token>"
}
}
}
}