README
¶
Rancher MCP Server
Features | Getting Started | Configuration | Tools | Development
Features
A Model Context Protocol (MCP) server for Rancher multi-cluster management.
- Multi-cluster Management: Access multiple Kubernetes clusters through Rancher API
- Kubernetes Resources via Steve API: CRUD operations on any resource type
- Get/List any resource (Pod, Deployment, Service, ConfigMap, Secret, CRD, etc.)
- Create resources from JSON manifests
- Patch resources using JSON Patch (RFC 6902)
- Delete resources
- Query container logs with filtering (tail lines, time range, timestamps)
- Inspect pods with parent workload, metrics, and logs
- Rancher Resources via Norman API: List clusters and projects
- Security Controls:
read_only: Disables create, patch, and delete operationsdisable_destructive: Disables delete operations only- Secret data is never exposed, only metadata
- Output Formats: Table, YAML, and JSON
- Output Filters: Remove verbose fields like
managedFieldsfrom responses - Pagination: Limit and page parameters for list operations
- Cross-platform: Native binaries for Linux, macOS, Windows, and npm package
Getting Started
Requirements
- Access to a Rancher server
- Rancher API credentials (Token or Access Key/Secret Key)
Claude Desktop
Using npx:
{
"mcpServers": {
"rancher": {
"command": "npx",
"args": [
"-y",
"@futuretea/rancher-mcp-server@latest",
"--rancher-server-url",
"https://your-rancher-server.com",
"--rancher-token",
"your-token"
]
}
}
}
VS Code / VS Code Insiders
# For VS Code
code --add-mcp '{"name":"rancher","command":"npx","args":["@futuretea/rancher-mcp-server@latest","--rancher-server-url","https://your-rancher-server.com","--rancher-token","your-token"]}'
# For VS Code Insiders
code-insiders --add-mcp '{"name":"rancher","command":"npx","args":["@futuretea/rancher-mcp-server@latest","--rancher-server-url","https://your-rancher-server.com","--rancher-token","your-token"]}'
Cursor
Edit mcp.json:
{
"mcpServers": {
"rancher": {
"command": "npx",
"args": [
"-y",
"@futuretea/rancher-mcp-server@latest",
"--rancher-server-url",
"https://your-rancher-server.com",
"--rancher-token",
"your-token"
]
}
}
}
Configuration
Configuration can be set via CLI flags, environment variables, or a config file.
Priority (highest to lowest):
- Command-line flags
- Environment variables (prefix:
RANCHER_MCP_) - Configuration file
- Default values
CLI Options
npx @futuretea/rancher-mcp-server@latest --help
| Option | Description | Default |
|---|---|---|
--config |
Config file path (YAML) | |
--port |
Port for HTTP/SSE mode (0 = stdio mode) | 0 |
--sse-base-url |
Public base URL for SSE endpoint | |
--log-level |
Log level (0-9) | 5 |
--rancher-server-url |
Rancher server URL | |
--rancher-token |
Rancher bearer token | |
--rancher-access-key |
Rancher access key | |
--rancher-secret-key |
Rancher secret key | |
--rancher-tls-insecure |
Skip TLS verification | false |
--read-only |
Disable write operations | true |
--disable-destructive |
Disable delete operations | false |
--list-output |
Output format (json, table, yaml) | json |
--output-filters |
Fields to remove from output | metadata.managedFields |
--toolsets |
Toolsets to enable | kubernetes,rancher |
--enabled-tools |
Specific tools to enable | |
--disabled-tools |
Specific tools to disable |
Configuration File
Create config.yaml:
port: 0 # 0 for stdio, or set a port like 8080 for HTTP/SSE
log_level: 5
rancher_server_url: https://your-rancher-server.com
rancher_token: your-bearer-token
# Or use Access Key/Secret Key:
# rancher_access_key: your-access-key
# rancher_secret_key: your-secret-key
# rancher_tls_insecure: false
read_only: true # default: true
disable_destructive: false
list_output: json
# Remove verbose fields from output
output_filters:
- metadata.managedFields
- metadata.annotations.kubectl.kubernetes.io/last-applied-configuration
toolsets:
- kubernetes
- rancher
# enabled_tools: []
# disabled_tools: []
Environment Variables
Use RANCHER_MCP_ prefix with underscores:
RANCHER_MCP_PORT=8080
RANCHER_MCP_RANCHER_SERVER_URL=https://rancher.example.com
RANCHER_MCP_RANCHER_TOKEN=your-token
RANCHER_MCP_READ_ONLY=true
HTTP/SSE Mode
Run with a port number for network access:
rancher-mcp-server --port 8080 \
--rancher-server-url https://your-rancher-server.com \
--rancher-token your-token
Endpoints:
/healthz- Health check/mcp- Streamable HTTP endpoint/sse- Server-Sent Events endpoint/message- Message endpoint for SSE clients
With a public URL behind a proxy:
rancher-mcp-server --port 8080 \
--sse-base-url https://your-domain.com:8080 \
--rancher-server-url https://your-rancher-server.com \
--rancher-token your-token
Tools and Functionalities
Tools are organized into toolsets. Use --toolsets to enable specific sets or --enabled-tools/--disabled-tools for fine-grained control.
Toolsets
| Toolset | API | Description |
|---|---|---|
| kubernetes | Steve | Kubernetes CRUD operations for any resource type |
| rancher | Norman | Cluster and project listing |
kubernetes
kubernetes_get
Get a Kubernetes resource by kind, namespace, and name.
| Parameter | Type | Required | Description |
|---|---|---|---|
cluster |
string | Yes | Cluster ID |
kind |
string | Yes | Resource kind (e.g., pod, deployment, service) |
namespace |
string | No | Namespace (optional for cluster-scoped resources) |
name |
string | Yes | Resource name |
format |
string | No | Output format: json, yaml (default: json) |
kubernetes_list
List Kubernetes resources by kind.
| Parameter | Type | Required | Description |
|---|---|---|---|
cluster |
string | Yes | Cluster ID |
kind |
string | Yes | Resource kind |
namespace |
string | No | Namespace (empty = all namespaces) |
name |
string | No | Filter by name (partial match) |
labelSelector |
string | No | Label selector (e.g., "app=nginx,env=prod") |
limit |
integer | No | Items per page (default: 100) |
page |
integer | No | Page number, starting from 1 (default: 1) |
format |
string | No | Output format: json, table, yaml (default: json) |
kubernetes_logs
Get logs from a pod container.
| Parameter | Type | Required | Description |
|---|---|---|---|
cluster |
string | Yes | Cluster ID |
namespace |
string | Yes | Namespace |
name |
string | Yes | Pod name |
container |
string | No | Container name (empty = all containers) |
tailLines |
integer | No | Lines from end (default: 100) |
sinceSeconds |
integer | No | Logs from last N seconds |
timestamps |
boolean | No | Include timestamps (default: false) |
previous |
boolean | No | Previous container instance (default: false) |
kubernetes_inspect_pod
Get pod diagnostics: details, parent workload, metrics, and logs.
| Parameter | Type | Required | Description |
|---|---|---|---|
cluster |
string | Yes | Cluster ID |
namespace |
string | Yes | Namespace |
name |
string | Yes | Pod name |
kubernetes_create
Create a Kubernetes resource. Disabled when read_only=true.
| Parameter | Type | Required | Description |
|---|---|---|---|
cluster |
string | Yes | Cluster ID |
resource |
string | Yes | JSON manifest (must include apiVersion, kind, metadata, spec) |
kubernetes_patch
Patch a resource using JSON Patch (RFC 6902). Disabled when read_only=true.
| Parameter | Type | Required | Description |
|---|---|---|---|
cluster |
string | Yes | Cluster ID |
kind |
string | Yes | Resource kind |
namespace |
string | No | Namespace (optional for cluster-scoped) |
name |
string | Yes | Resource name |
patch |
string | Yes | JSON Patch array, e.g., [{"op":"replace","path":"/spec/replicas","value":3}] |
kubernetes_delete
Delete a Kubernetes resource. Disabled when read_only=true or disable_destructive=true.
| Parameter | Type | Required | Description |
|---|---|---|---|
cluster |
string | Yes | Cluster ID |
kind |
string | Yes | Resource kind |
namespace |
string | No | Namespace (optional for cluster-scoped) |
name |
string | Yes | Resource name |
rancher
cluster_list
List available Rancher clusters.
| Parameter | Type | Required | Description |
|---|---|---|---|
name |
string | No | Filter by cluster name (partial match) |
limit |
integer | No | Items per page (default: 100) |
page |
integer | No | Page number (default: 1) |
format |
string | No | Output format: json, table, yaml (default: json) |
project_list
List Rancher projects.
| Parameter | Type | Required | Description |
|---|---|---|---|
cluster |
string | No | Filter by cluster ID |
name |
string | No | Filter by project name (partial match) |
limit |
integer | No | Items per page (default: 100) |
page |
integer | No | Page number (default: 1) |
format |
string | No | Output format: json, table, yaml (default: json) |
Development
Build
make build
Run with mcp-inspector
npx @modelcontextprotocol/inspector@latest $(pwd)/rancher-mcp-server
See DEVELOPMENT.md for more details.
Contributing
See CONTRIBUTING.md for guidelines.
Support
License
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
rancher-mcp-server
command
|
|
|
internal
|
|
|
pkg
|
|
|
client/norman
Package norman provides the Norman API client for Rancher management operations.
|
Package norman provides the Norman API client for Rancher management operations. |
|
client/steve
Package steve provides a Kubernetes dynamic client for accessing clusters via Rancher's Steve API.
|
Package steve provides a Kubernetes dynamic client for accessing clusters via Rancher's Steve API. |
|
toolset/kubernetes
Package kubernetes provides the Kubernetes toolset using Steve API.
|
Package kubernetes provides the Kubernetes toolset using Steve API. |
|
toolset/rancher
Package rancher provides Rancher-specific toolset for multi-cluster management.
|
Package rancher provides Rancher-specific toolset for multi-cluster management. |
|
util/url
Package url provides URL normalization utilities for Rancher API endpoints.
|
Package url provides URL normalization utilities for Rancher API endpoints. |
Click to show internal directories.
Click to hide internal directories.