Exoskeleton Setup
The exoskeleton provides optional per-tentacle backing services: PostgreSQL, NATS messaging, and RustFS object storage. Each service is independently feature-flagged. The backing services themselves are installed independently, then connected to the MCP server via its Helm chart values.
Prerequisites
Section titled “Prerequisites”- Kubernetes cluster with the MCP server installed (
tentacular-mcp) - Helm 3+
kubectlconfigured with cluster access
1. Install Backing Services
Section titled “1. Install Backing Services”Install whichever services you need. These are standard deployments — use your preferred method:
PostgreSQL:
# Example using Bitnami Helm charthelm install postgres oci://registry-1.docker.io/bitnamicharts/postgresql \ --namespace tentacular-exoskeleton --create-namespace \ --set auth.postgresPassword=$(openssl rand -hex 32)NATS:
helm repo add nats https://nats-io.github.io/k8s/helm/charts/helm install nats nats/nats \ --namespace tentacular-exoskeletonSee NATS + SPIFFE Setup for SPIRE integration.
RustFS (S3-compatible):
# Install RustFS or MinIO in your cluster2. Enable the Exoskeleton in the MCP Server
Section titled “2. Enable the Exoskeleton in the MCP Server”Upgrade the MCP server Helm release with exoskeleton configuration:
helm upgrade tentacular-mcp ./tentacular-mcp/charts/tentacular-mcp \ --namespace tentacular-system \ --set auth.token="${TOKEN}" \ --set exoskeleton.enabled=true \ --set exoskeleton.postgres.host=postgres-postgresql.tentacular-exoskeleton.svc \ --set exoskeleton.postgres.port=5432 \ --set exoskeleton.postgres.database=tentacular \ --set exoskeleton.postgres.user=postgres \ --set exoskeleton.postgres.password=<your-password> \ --set exoskeleton.nats.url=nats://nats.tentacular-exoskeleton.svc:4222 \ --set exoskeleton.nats.token=<your-token> \ --set exoskeleton.rustfs.endpoint=http://rustfs.tentacular-exoskeleton.svc:9000 \ --set exoskeleton.rustfs.accessKey=<your-key> \ --set exoskeleton.rustfs.secretKey=<your-secret>Or use existing Kubernetes Secrets:
helm upgrade tentacular-mcp ./tentacular-mcp/charts/tentacular-mcp \ --namespace tentacular-system \ --set auth.token="${TOKEN}" \ --set exoskeleton.enabled=true \ --set exoskeleton.postgres.existingSecret=my-postgres-creds \ --set exoskeleton.nats.existingSecret=my-nats-creds \ --set exoskeleton.rustfs.existingSecret=my-rustfs-credsOnly configure the services you’ve installed — the exoskeleton handles each independently.
3. Verify
Section titled “3. Verify”# Check which services the exoskeleton reports as available# (agents use enclave_info MCP tool to check exo_services availability)tntc cluster checkDeploy a tentacle with an exoskeleton dependency:
contract: version: "1" dependencies: tentacular-postgres:tntc deploy -n my-namespacetntc status my-tentacle -n my-namespace --detailHelm Values Reference
Section titled “Helm Values Reference”| Value | Default | Description |
|---|---|---|
exoskeleton.enabled | false | Enable the exoskeleton control plane |
exoskeleton.cleanupOnUndeploy | false | Delete backing-service data on undeploy |
exoskeleton.postgres.existingSecret | "" | Existing Secret with keys: host, port, database, user, password |
exoskeleton.postgres.host | "" | Postgres host (inline config) |
exoskeleton.postgres.port | "5432" | Postgres port |
exoskeleton.postgres.database | "tentacular" | Postgres database |
exoskeleton.postgres.sslMode | "disable" | SSL mode (disable, require, verify-ca, verify-full) |
exoskeleton.nats.existingSecret | "" | Existing Secret with keys: url, token |
exoskeleton.nats.url | "" | NATS URL (inline config) |
exoskeleton.rustfs.existingSecret | "" | Existing Secret with keys: endpoint, access_key, secret_key, bucket, region |
exoskeleton.rustfs.endpoint | "" | RustFS endpoint (inline config) |
Verification
Section titled “Verification”enclave_inforeports installed services as available viaexo_services- Tentacles with
tentacular-*dependencies deploy successfully - Deployed tentacles can connect to provisioned resources
tntc undeploy --forcecleans up backing-service resources
Troubleshooting
Section titled “Troubleshooting”| Symptom | Cause | Fix |
|---|---|---|
exoskeleton: postgres not enabled | Feature flag not set | Set exoskeleton.enabled=true in MCP Helm values |
| Connection refused | Service not running | Check pod status in tentacular-exoskeleton namespace |
| Permission denied | Registrar failed | Check MCP server logs for registrar errors |
| Stale credentials | Credentials rotated | Undeploy and redeploy to re-run registrars |