Skip to content

README.md

Latest commit

 

History

History
187 lines (131 loc) · 8.47 KB

README.md

File metadata and controls

187 lines (131 loc) · 8.47 KB

MCP Kubernetes Helm Chart

This Helm chart deploys the MCP server based on the mcp/kubernetes Docker image to a Kubernetes cluster.

Prerequisites

  • Kubernetes 1.16+
  • Helm 3.2.0+

Installing the Chart

To install the chart with the release name mcp-kubernetes:

helm install mcp-kubernetes ./charts/kubernetes

The command deploys the MCP server on the Kubernetes cluster in the default configuration. The Parameters section lists the parameters that can be configured during installation.

Uninstalling the Chart

To uninstall/delete the mcp-kubernetes deployment:

helm delete mcp-kubernetes

The command removes all the Kubernetes components associated with the chart and deletes the release.

Parameters

Global parameters

Name Description Value
replicaCount Number of MCP replicas to deploy 1
nameOverride String to partially override mcp-kubernetes.fullname ""
fullnameOverride String to fully override mcp-kubernetes.fullname ""

Image parameters

Name Description Value
image.repository MCP image repository mcp/kubernetes
image.tag MCP image tag (immutable tags are recommended) latest
image.pullPolicy MCP image pull policy IfNotPresent
imagePullSecrets MCP image pull secrets []

Service Account parameters

Name Description Value
serviceAccount.create Specifies whether a service account should be created true
serviceAccount.annotations Annotations to add to the service account {}
serviceAccount.name The name of the service account to use ""

The RBAC templates always bind to the service account defined above. With the default values you get a dedicated service account plus the required ClusterRole/ClusterRoleBinding, so no additional configuration is needed to let MCP talk to the Kubernetes API of its own cluster.

RBAC parameters

Name Description Value
rbac.create Create the RBAC objects needed by the chart true
rbac.useClusterAdmin Bind the service account to the built-in cluster-admin ClusterRole false
rbac.existingClusterRole Name of an existing ClusterRole to bind to instead of creating one ""
rbac.clusterRole.name Override the autogenerated ClusterRole name ""
rbac.clusterRole.annotations Additional annotations for the generated ClusterRole {}
rbac.clusterRole.rules Rules for the generated ClusterRole [{ apiGroups: ["*"], resources: ["*"], verbs: ["*"] }]
rbac.clusterRoleBinding.name Override the autogenerated ClusterRoleBinding name ""
rbac.clusterRoleBinding.annotations Additional annotations for the ClusterRoleBinding {}

ℹ️ The ClusterRoleBinding always points to the chart's service account (managed through serviceAccount.*). If you disable service account creation, be sure to provide the existing name so the binding still works.

Service parameters

Name Description Value
service.type MCP service type ClusterIP
service.port MCP service HTTP port 8080

Ingress parameters

Name Description Value
ingress.enabled Enable ingress record generation for MCP false
ingress.className IngressClass that will be be used to implement the Ingress ""
ingress.annotations Additional annotations for the Ingress resource {}
ingress.path Base path for the service (trimmed before requests hit MCP) /
ingress.pathType Path matching behavior Prefix
ingress.hosts List of hostnames ["mcp.local"]
ingress.tls TLS configuration for ingress []

When ingress.path is not /, the annotation nginx.ingress.kubernetes.io/use-regex: "true" is automatically added.

Additionally, the chart injects the nginx.ingress.kubernetes.io/rewrite-target: /$2 annotation so that any configured path prefix is removed before traffic reaches the MCP server. This keeps the application serving from / and removes the need for container flags such as --path-prefix.

Environment variables

Name Description Value
env Environment variables to be set on the container {}
envSecrets Environment variables from external secrets {}
secretEnv Environment variables to be set from created secret {}

Autoscaling parameters

Name Description Value
autoscaling.enabled Enable Horizontal Pod Autoscaler (HPA) false
autoscaling.minReplicas Minimum number of MCP replicas 1
autoscaling.maxReplicas Maximum number of MCP replicas 100
autoscaling.targetCPUUtilizationPercentage Target CPU utilization percentage 80
autoscaling.targetMemoryUtilizationPercentage Target Memory utilization percentage ""

Configuration and installation details

Exposing the application

To access the MCP server from outside the cluster, you can:

  1. Use port forwarding (for development):

    kubectl port-forward svc/mcp-kubernetes 8080:8080

  2. Enable ingress (for production):

    ingress:
  enabled: true
  className: "nginx"
  path: /
  hosts:
    - mcp.your-domain.com

  3. Use LoadBalancer service type:

    service:
  type: LoadBalancer

Granting Kubernetes permissions

When mcp-kubernetes runs inside the cluster that it manages, it needs elevated Kubernetes API access. The chart enables this by default with a dedicated ServiceAccount plus a release-scoped ClusterRole and ClusterRoleBinding that grant full-cluster permissions. A standard installation therefore has everything required to talk to the Kubernetes API without any extra flags:

helm install mcp-kubernetes ./charts/kubernetes

If you prefer to bind to the built-in cluster-admin ClusterRole instead of the generated one, set:

rbac:
  useClusterAdmin: true

To bind the service account to a pre-existing ClusterRole, specify its name instead:

rbac:
  existingClusterRole: my-mcp-role

When existingClusterRole is provided, the chart skips rendering a new ClusterRole and only creates the binding.

Troubleshooting

Check pod status

kubectl get pods -l app.kubernetes.io/name=mcp-kubernetes-helm

Check logs

kubectl logs -l app.kubernetes.io/name=mcp-kubernetes-helm

Test connection

helm test mcp-kubernetes