Release 0.4.12 — LiteLLM FinOps MCP Server
Released: 2026-05-13 Chart:
oci://ghcr.io/cnoe-io/charts/ai-platform-engineering:0.4.12Previous release: 0.4.11
Highlights
0.4.12 adds a standalone LiteLLM MCP server for FinOps reporting, letting dynamic agents query LiteLLM cost and usage data directly. The chart gains a new optional litellmMcp section — disabled by default — so existing deployments are unaffected until you opt in. Dynamic agents now expose their persisted agent ID through the self_identity tool. This is a drop-in Helm upgrade; the only values change is the new opt-in litellmMcp block.
What's New
LiteLLM FinOps MCP
mcp-litellmserver — new standalone MCP server (ghcr.io/cnoe-io/mcp-litellm) exposing LiteLLM FinOps reporting tools for cost and usage analysis; enable it when dynamic agents should call LiteLLM tools directly. Ships with theme-aware FinOps workflow images and improved LiteLLM FinOps report exports. Deployed via the new optionallitellmMcpHelm section (enabled: falseby default) (#1402)
Dynamic Agents
- Agent ID in self-identity — the
self_identitybuilt-in tool now returns the persisted dynamic agent ID, so an agent can reliably report which agent it is (#1403)
Security
- litellm: sanitize example values that resembled secrets in the LiteLLM MCP configuration so shipped examples no longer look like real API keys (#1402)
Breaking Changes
No breaking changes. Drop-in upgrade from 0.4.11.
Known Issues
None known at this time.
Upgrade
helm upgrade ai-platform-engineering \
oci://ghcr.io/cnoe-io/charts/ai-platform-engineering \
--version 0.4.12 \
-f your-values.yaml
Upgrade Guide: 0.4.11 → 0.4.12
Overview
0.4.12 is a drop-in upgrade for existing deployments. It adds one new optional chart section — litellmMcp — which is disabled by default. No existing keys are renamed, removed, or changed.
Helm Values Changes
One new optional section was added. Nothing else changed.
New Optional: LiteLLM MCP
The litellmMcp block deploys the standalone LiteLLM FinOps MCP server. It is enabled: false by default, so no action is required unless you want it.
| Key | Default | Description |
|---|---|---|
litellmMcp.enabled | false | Deploy the LiteLLM MCP server |
litellmMcp.image.repository | ghcr.io/cnoe-io/mcp-litellm | Server image |
litellmMcp.service.port | 8000 | Service port |
litellmMcp.config.LITELLM_API_URL | "" | LiteLLM API base URL |
litellmMcp.config.LITELLM_API_TIMEOUT | "120" | Request timeout (seconds) |
litellmMcp.config.LITELLM_VERIFY_SSL | "true" | Verify TLS on the LiteLLM API |
litellmMcp.existingSecret | "" | Existing Secret holding LITELLM_API_KEY (preferred in shared clusters) |
litellmMcp.externalSecrets.enabled | false | Source LITELLM_API_KEY from a ClusterSecretStore (e.g. Vault) |
To enable it in your values.yaml:
litellmMcp:
enabled: true
config:
LITELLM_API_URL: "https://litellm.example.com"
# Prefer an existing Secret or externalSecrets for the API key in shared clusters
existingSecret: "litellm-mcp"
# externalSecrets:
# enabled: true
# data:
# - secretKey: LITELLM_API_KEY
# remoteRef:
# key: dev/litellm-mcp
# property: LITELLM_API_KEY
Data Migrations
No MongoDB schema or data migrations required.
Upgrade Runbook
1. Update chart version
helm upgrade ai-platform-engineering \
oci://ghcr.io/cnoe-io/charts/ai-platform-engineering \
--version 0.4.12 \
-f your-values.yaml
2. (Optional) Enable the LiteLLM MCP server
Set litellmMcp.enabled: true and provide LITELLM_API_URL plus the LITELLM_API_KEY (via existingSecret or externalSecrets) if you want dynamic agents to query LiteLLM FinOps data.
3. Verify
kubectl get pods -n <namespace>
# If you enabled it, confirm the LiteLLM MCP server is running
kubectl get deploy -n <namespace> | grep litellm-mcp
Full Values Diff
Raw diff (0.4.11 → 0.4.12)
@@ -793,6 +793,80 @@
# remoteRef:
# key: dev/mongodb
# property: password
+
+######### LiteLLM MCP configuration #########
+# Standalone MCP server for LiteLLM FinOps reporting.
+# Enable this when dynamic agents should call LiteLLM tools directly.
+litellmMcp:
+ enabled: false
+ nameOverride: "litellm-mcp"
+ fullnameOverride: ""
+ replicaCount: 1
+ revisionHistoryLimit: 3
+ image:
+ repository: "ghcr.io/cnoe-io/mcp-litellm"
+ # tag defaults to .Chart.AppVersion when not specified
+ tag: ""
+ pullPolicy: "IfNotPresent"
+ imagePullSecrets: []
+ service:
+ type: ClusterIP
+ port: 8000
+ # Non-sensitive environment variables.
+ config:
+ SERVER_NAME: "LITELLM"
+ LITELLM_API_URL: ""
+ LITELLM_API_TIMEOUT: "120"
+ LITELLM_VERIFY_SSL: "true"
+ # Existing Secret containing LITELLM_API_KEY. Takes precedence over secret.name.
+ existingSecret: ""
+ # Simple Secret creation for local/dev installs. Prefer existingSecret or
+ # externalSecrets in shared clusters.
+ secret:
+ create: false
+ name: ""
+ data: {}
+ # LITELLM_API_KEY: ""
+ externalSecrets:
+ enabled: false
+ apiVersion: "v1beta1"
+ refreshInterval: "1h"
+ secretStoreRef:
+ name: "vault"
+ kind: "ClusterSecretStore"
+ data: []
+ # - secretKey: LITELLM_API_KEY
+ # remoteRef:
+ # key: dev/litellm-mcp
+ # property: LITELLM_API_KEY
+ podAnnotations: {}
+ podLabels: {}
+ podSecurityContext: {}
+ securityContext: {}
+ resources: {}
+ livenessProbe:
+ tcpSocket:
+ port: http
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ readinessProbe:
+ tcpSocket:
+ port: http
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ nodeSelector: {}
+ tolerations: []
+ affinity: {}