feat: add tls configuration in mcpserver

api/v1alpha1/mcpserver_types.go

@@ -160,6 +160,27 @@ type HTTPTransport struct {
 
 	// the target path where MCP is served
 	TargetPath string `json:"path,omitempty"`
+
+	// TLS defines the TLS configuration for HTTPS access to the MCP server.
+	// +optional
+	TLS *HTTPTransportTLS `json:"tls,omitempty"`
+}
+
+// HTTPTransportTLS defines the TLS configuration for HTTP transport.
+type HTTPTransportTLS struct {
+	// SecretRef is a reference to a Kubernetes Secret containing
+	// the client certificate (tls.crt), key (tls.key), and optionally
+	// the CA certificate (ca.crt) for mTLS authentication.
+	// The Secret must be in the same namespace as the MCPServer.
+	// +optional
+	SecretRef string `json:"secretRef,omitempty"`
+
+	// InsecureSkipVerify disables SSL certificate verification.
+	// WARNING: This should ONLY be used in development/testing environments.
+	// Production deployments MUST use proper certificates.
+	// +optional
+	// +kubebuilder:default=false
+	InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`
 }
 
 // MCPServerStatus defines the observed state of MCPServer.

config/crd/bases/kagent.dev_mcpservers.yaml

@@ -3471,6 +3471,25 @@ spec:
                       server.over HTTP
                     format: int32
                     type: integer
+                  tls:
+                    description: TLS defines the TLS configuration for HTTPS access
+                      to the MCP server.
+                    properties:
+                      insecureSkipVerify:
+                        default: false
+                        description: |-
+                          InsecureSkipVerify disables SSL certificate verification.
+                          WARNING: This should ONLY be used in development/testing environments.
+                          Production deployments MUST use proper certificates.
+                        type: boolean
+                      secretRef:
+                        description: |-
+                          SecretRef is a reference to a Kubernetes Secret containing
+                          the client certificate (tls.crt), key (tls.key), and optionally
+                          the CA certificate (ca.crt) for mTLS authentication.
+                          The Secret must be in the same namespace as the MCPServer.
+                        type: string
+                    type: object
                 type: object
               stdioTransport:
                 description: StdioTransport defines the configuration for a standard

helm/kmcp-crds/templates/mcpserver-crd.yaml

@@ -1990,6 +1990,25 @@ spec:
                       server.over HTTP
                     format: int32
                     type: integer
+                  tls:
+                    description: TLS defines the TLS configuration for HTTPS access
+                      to the MCP server.
+                    properties:
+                      insecureSkipVerify:
+                        default: false
+                        description: |-
+                          InsecureSkipVerify disables SSL certificate verification.
+                          WARNING: This should ONLY be used in development/testing environments.
+                          Production deployments MUST use proper certificates.
+                        type: boolean
+                      secretRef:
+                        description: |-
+                          SecretRef is a reference to a Kubernetes Secret containing
+                          the client certificate (tls.crt), key (tls.key), and optionally
+                          the CA certificate (ca.crt) for mTLS authentication.
+                          The Secret must be in the same namespace as the MCPServer.
+                        type: string
+                    type: object
                 type: object
               stdioTransport:
                 description: StdioTransport defines the configuration for a standard