{"id":43725575,"url":"https://github.com/futuretea/rancher-mcp-server","last_synced_at":"2026-02-14T16:10:29.159Z","repository":{"id":318724606,"uuid":"1073868753","full_name":"futuretea/rancher-mcp-server","owner":"futuretea","description":null,"archived":false,"fork":false,"pushed_at":"2025-11-12T15:05:44.000Z","size":88,"stargazers_count":0,"open_issues_count":3,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-12T17:11:52.481Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/futuretea.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-10T18:43:11.000Z","updated_at":"2025-11-12T15:04:16.000Z","dependencies_parsed_at":"2025-10-12T18:28:14.447Z","dependency_job_id":"9c55715f-4d67-4f29-b9ac-dfe121bca471","html_url":"https://github.com/futuretea/rancher-mcp-server","commit_stats":null,"previous_names":["futuretea/rancher-mcp-server"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/futuretea/rancher-mcp-server","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/futuretea%2Francher-mcp-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/futuretea%2Francher-mcp-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/futuretea%2Francher-mcp-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/futuretea%2Francher-mcp-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/futuretea","download_url":"https://codeload.github.com/futuretea/rancher-mcp-server/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/futuretea%2Francher-mcp-server/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29117916,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-05T05:31:32.482Z","status":"ssl_error","status_checked_at":"2026-02-05T05:31:29.075Z","response_time":65,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-02-05T09:01:22.070Z","updated_at":"2026-02-14T16:10:29.150Z","avatar_url":"https://github.com/futuretea.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Rancher MCP Server\n\n[![GitHub License](https://img.shields.io/github/license/futuretea/rancher-mcp-server)](https://github.com/futuretea/rancher-mcp-server/blob/main/LICENSE)\n[![npm](https://img.shields.io/npm/v/@futuretea/rancher-mcp-server)](https://www.npmjs.com/package/@futuretea/rancher-mcp-server)\n[![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/futuretea/rancher-mcp-server?sort=semver)](https://github.com/futuretea/rancher-mcp-server/releases/latest)\n\n[Features](#features) | [Getting Started](#getting-started) | [Configuration](#configuration) | [Tools](#tools-and-functionalities) | [Development](#development)\n\n## Features \u003ca id=\"features\"\u003e\u003c/a\u003e\n\nA [Model Context Protocol (MCP)](https://modelcontextprotocol.io/) server for Rancher multi-cluster management.\n\n- **Multi-cluster Management**: Access multiple Kubernetes clusters through Rancher API\n- **Kubernetes Resources via Steve API**: CRUD operations on any resource type\n  - Get/List any resource (Pod, Deployment, Service, ConfigMap, Secret, CRD, etc.)\n  - Create resources from JSON manifests\n  - Patch resources using JSON Patch (RFC 6902)\n  - Delete resources\n  - Describe resources with related events (similar to `kubectl describe`)\n  - List and filter Kubernetes events by namespace, object name, and object kind\n  - Query container logs with filtering (tail lines, time range, timestamps, keyword search)\n  - Inspect pods with parent workload, metrics, and logs\n  - Show dependency/dependent trees for any resource (inspired by kube-lineage)\n- **Rancher Resources via Norman API**: List clusters and projects\n- **Security Controls**:\n  - `read_only`: Disables create, patch, and delete operations\n  - `disable_destructive`: Disables delete operations only\n  - `show_sensitive_data`: Global administrator control for sensitive data visibility (default: `false`)\n    - When disabled (default): All sensitive data is masked with `***`\n    - When enabled: Per-tool `showSensitiveData` parameter controls visibility\n    - Applies to: Kubernetes Secret `data` and `stringData` fields\n    - Affects tools: `kubernetes_get`, `kubernetes_list`, `kubernetes_describe`\n- **Output Formats**: Table, YAML, and JSON\n- **Output Filters**: Remove verbose fields like `managedFields` from responses\n- **Pagination**: Limit and page parameters for list operations\n- **Cross-platform**: Native binaries for Linux, macOS, Windows, and npm package\n\n## Getting Started \u003ca id=\"getting-started\"\u003e\u003c/a\u003e\n\n### Requirements\n\n- Access to a Rancher server\n- Rancher API credentials (Token or Access Key/Secret Key)\n\n### Claude Code\n\n```shell\nclaude mcp add rancher -- npx @futuretea/rancher-mcp-server@latest \\\n  --rancher-server-url https://your-rancher-server.com \\\n  --rancher-token your-token\n```\n\n### VS Code / Cursor\n\nAdd to `.vscode/mcp.json` or `~/.cursor/mcp.json`:\n\n```json\n{\n  \"servers\": {\n    \"rancher\": {\n      \"command\": \"npx\",\n      \"args\": [\n        \"-y\",\n        \"@futuretea/rancher-mcp-server@latest\",\n        \"--rancher-server-url\",\n        \"https://your-rancher-server.com\",\n        \"--rancher-token\",\n        \"your-token\"\n      ]\n    }\n  }\n}\n```\n\n## Configuration \u003ca id=\"configuration\"\u003e\u003c/a\u003e\n\nConfiguration can be set via CLI flags, environment variables, or a config file.\n\n**Priority (highest to lowest):**\n1. Command-line flags\n2. Environment variables (prefix: `RANCHER_MCP_`)\n3. Configuration file\n4. Default values\n\n### CLI Options\n\n```shell\nnpx @futuretea/rancher-mcp-server@latest --help\n```\n\n| Option | Description | Default |\n|--------|-------------|---------|\n| `--config` | Config file path (YAML) | |\n| `--port` | Port for HTTP/SSE mode (0 = stdio mode) | `0` |\n| `--sse-base-url` | Public base URL for SSE endpoint | |\n| `--log-level` | Log level (0-9) | `5` |\n| `--rancher-server-url` | Rancher server URL | |\n| `--rancher-token` | Rancher bearer token | |\n| `--rancher-access-key` | Rancher access key | |\n| `--rancher-secret-key` | Rancher secret key | |\n| `--rancher-tls-insecure` | Skip TLS verification | `false` |\n| `--read-only` | Disable write operations | `true` |\n| `--disable-destructive` | Disable delete operations | `false` |\n| `--show-sensitive-data` | Global admin flag to allow sensitive data visibility | `false` |\n| `--list-output` | Output format (json, table, yaml) | `json` |\n| `--output-filters` | Fields to remove from output | `metadata.managedFields` |\n| `--toolsets` | Toolsets to enable | `kubernetes,rancher` |\n| `--enabled-tools` | Specific tools to enable | |\n| `--disabled-tools` | Specific tools to disable | |\n\n### Configuration File\n\nCreate `config.yaml`:\n\n```yaml\nport: 0  # 0 for stdio, or set a port like 8080 for HTTP/SSE\n\nlog_level: 5\n\nrancher_server_url: https://your-rancher-server.com\nrancher_token: your-bearer-token\n# Or use Access Key/Secret Key:\n# rancher_access_key: your-access-key\n# rancher_secret_key: your-secret-key\n# rancher_tls_insecure: false\n\nread_only: true  # default: true\ndisable_destructive: false\n\n# Sensitive Data Control:\n# Global administrator setting that controls whether sensitive data can be shown.\n# - false (default): All sensitive data is always masked with '***'\n# - true: Allows per-tool showSensitiveData parameter to control visibility\n# Applies to Kubernetes Secret data and stringData fields.\nshow_sensitive_data: false\n\nlist_output: json\n\n# Remove verbose fields from output\noutput_filters:\n  - metadata.managedFields\n  - metadata.annotations.kubectl.kubernetes.io/last-applied-configuration\n\ntoolsets:\n  - kubernetes\n  - rancher\n\n# enabled_tools: []\n# disabled_tools: []\n```\n\n### Environment Variables\n\nUse `RANCHER_MCP_` prefix with underscores:\n\n```shell\nRANCHER_MCP_PORT=8080\nRANCHER_MCP_RANCHER_SERVER_URL=https://rancher.example.com\nRANCHER_MCP_RANCHER_TOKEN=your-token\nRANCHER_MCP_READ_ONLY=true\nRANCHER_MCP_SHOW_SENSITIVE_DATA=false  # Global admin control for sensitive data\n```\n\n### HTTP/SSE Mode\n\nRun with a port number for network access:\n\n```shell\nrancher-mcp-server --port 8080 \\\n  --rancher-server-url https://your-rancher-server.com \\\n  --rancher-token your-token\n```\n\nEndpoints:\n- `/healthz` - Health check\n- `/mcp` - Streamable HTTP endpoint\n- `/sse` - Server-Sent Events endpoint\n- `/message` - Message endpoint for SSE clients\n\nWith a public URL behind a proxy:\n\n```shell\nrancher-mcp-server --port 8080 \\\n  --sse-base-url https://your-domain.com:8080 \\\n  --rancher-server-url https://your-rancher-server.com \\\n  --rancher-token your-token\n```\n\n## Tools and Functionalities \u003ca id=\"tools-and-functionalities\"\u003e\u003c/a\u003e\n\n### Sensitive Data Protection\n\nThe server provides a two-tier security control for handling sensitive Kubernetes resources (currently Secrets):\n\n#### Global Administrator Control\n\nThe `--show-sensitive-data` flag (default: `false`) is a global administrator setting that determines whether sensitive data can ever be revealed:\n\n- **Disabled (default: `false`)**: All sensitive data is **always masked** with `***`, regardless of per-tool parameters\n  - Secret `data` and `stringData` fields are masked\n  - Provides maximum security by preventing any accidental data exposure\n  - Recommended for production environments\n\n- **Enabled (`true`)**: Allows per-tool `showSensitiveData` parameter to control visibility\n  - Each tool call can choose whether to show or mask sensitive data\n  - Useful for troubleshooting and administrative tasks\n  - Requires explicit per-call parameter to reveal data\n\n#### Per-Tool Parameter Control\n\nWhen global `--show-sensitive-data` is enabled, tools that access sensitive resources accept a `showSensitiveData` parameter:\n\n- `showSensitiveData: false` (default): Masks sensitive fields with `***`\n- `showSensitiveData: true`: Shows actual values\n\n**Affected Tools:**\n- `kubernetes_get`: Get individual resources including Secrets\n- `kubernetes_list`: List resources including Secrets\n- `kubernetes_describe`: Describe resources with events\n\n**Example Behavior:**\n\n```yaml\n# Global flag disabled (--show-sensitive-data=false)\n# Secret data is ALWAYS masked, regardless of per-tool parameter\napiVersion: v1\nkind: Secret\ndata:\n  password: \"***\"  # Always masked\n  token: \"***\"     # Always masked\n\n# Global flag enabled (--show-sensitive-data=true)\n# Per-tool parameter controls visibility:\n\n# With showSensitiveData: false (default)\napiVersion: v1\nkind: Secret\ndata:\n  password: \"***\"  # Masked\n  token: \"***\"     # Masked\n\n# With showSensitiveData: true\napiVersion: v1\nkind: Secret\ndata:\n  password: \"\u003cbase64-encoded-value\u003e\"  # Actual base64 value shown\n  token: \"\u003cbase64-encoded-value\u003e\"     # Actual base64 value shown\n```\n\n**Configuration Examples:**\n\n```shell\n# Maximum security (production recommended)\nrancher-mcp-server --show-sensitive-data=false  # or omit (default)\n\n# Allow administrators to reveal data when needed\nrancher-mcp-server --show-sensitive-data=true\n```\n\n```yaml\n# config.yaml\nshow_sensitive_data: false  # Production: always mask\n# show_sensitive_data: true  # Development: allow per-tool control\n```\n\n```shell\n# Environment variable\nRANCHER_MCP_SHOW_SENSITIVE_DATA=false\n```\n\nTools are organized into toolsets. Use `--toolsets` to enable specific sets or `--enabled-tools`/`--disabled-tools` for fine-grained control.\n\n### Toolsets\n\n| Toolset | API | Description |\n|---------|-----|-------------|\n| kubernetes | Steve | Kubernetes CRUD operations for any resource type |\n| rancher | Norman | Cluster and project listing |\n\n### kubernetes\n\n\u003cdetails\u003e\n\u003csummary\u003ekubernetes_dep\u003c/summary\u003e\n\nShow all dependencies or dependents of any Kubernetes resource as a tree. Covers OwnerReference chains, Pod→Node/SA/ConfigMap/Secret/PVC, Service→Pod (label selector), Ingress→IngressClass/Service/TLS Secret, PVC↔PV→StorageClass, RBAC bindings, PDB→Pod, and Events.\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| `cluster` | string | Yes | Cluster ID |\n| `kind` | string | Yes | Resource kind (e.g., deployment, pod, service, ingress, node) |\n| `namespace` | string | No | Namespace (optional for cluster-scoped resources) |\n| `name` | string | Yes | Resource name |\n| `direction` | string | No | Traversal direction: `dependents` (default) or `dependencies` |\n| `depth` | integer | No | Maximum traversal depth, 1-20 (default: 10) |\n| `format` | string | No | Output format: tree, json (default: tree) |\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003ekubernetes_get\u003c/summary\u003e\n\nGet a Kubernetes resource by kind, namespace, and name.\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| `cluster` | string | Yes | Cluster ID |\n| `kind` | string | Yes | Resource kind (e.g., pod, deployment, service) |\n| `namespace` | string | No | Namespace (optional for cluster-scoped resources) |\n| `name` | string | Yes | Resource name |\n| `format` | string | No | Output format: json, yaml (default: json) |\n| `showSensitiveData` | boolean | No | Show sensitive data values (e.g., Secret data). Default: false. Only takes effect when global `--show-sensitive-data` is enabled. When global setting is disabled, data is always masked with `***` |\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003ekubernetes_list\u003c/summary\u003e\n\nList Kubernetes resources by kind.\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| `cluster` | string | Yes | Cluster ID |\n| `kind` | string | Yes | Resource kind |\n| `namespace` | string | No | Namespace (empty = all namespaces) |\n| `name` | string | No | Filter by name (partial match) |\n| `labelSelector` | string | No | Label selector (e.g., \"app=nginx,env=prod\") |\n| `limit` | integer | No | Items per page (default: 100) |\n| `page` | integer | No | Page number, starting from 1 (default: 1) |\n| `format` | string | No | Output format: json, table, yaml (default: json) |\n| `showSensitiveData` | boolean | No | Show sensitive data values (e.g., Secret data). Default: false. Only takes effect when global `--show-sensitive-data` is enabled. When global setting is disabled, data is always masked with `***` |\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003ekubernetes_logs\u003c/summary\u003e\n\nGet logs from a pod container.\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| `cluster` | string | Yes | Cluster ID |\n| `namespace` | string | Yes | Namespace |\n| `name` | string | Yes | Pod name |\n| `container` | string | No | Container name (empty = all containers) |\n| `tailLines` | integer | No | Lines from end (default: 100) |\n| `sinceSeconds` | integer | No | Logs from last N seconds |\n| `timestamps` | boolean | No | Include timestamps (default: false) |\n| `previous` | boolean | No | Previous container instance (default: false) |\n| `keyword` | string | No | Filter log lines containing this keyword (case-insensitive) |\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003ekubernetes_inspect_pod\u003c/summary\u003e\n\nGet pod diagnostics: details, parent workload, metrics, and logs.\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| `cluster` | string | Yes | Cluster ID |\n| `namespace` | string | Yes | Namespace |\n| `name` | string | Yes | Pod name |\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003ekubernetes_describe\u003c/summary\u003e\n\nDescribe a Kubernetes resource with its related events. Similar to `kubectl describe`.\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| `cluster` | string | Yes | Cluster ID |\n| `kind` | string | Yes | Resource kind (e.g., pod, deployment, service, node) |\n| `namespace` | string | No | Namespace (optional for cluster-scoped resources) |\n| `name` | string | Yes | Resource name |\n| `format` | string | No | Output format: json, yaml (default: json) |\n| `showSensitiveData` | boolean | No | Show sensitive data values (e.g., Secret data). Default: false. Only takes effect when global `--show-sensitive-data` is enabled. When global setting is disabled, data is always masked with `***` |\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003ekubernetes_events\u003c/summary\u003e\n\nList Kubernetes events. Supports filtering by namespace, involved object name, and kind.\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| `cluster` | string | Yes | Cluster ID |\n| `namespace` | string | No | Namespace (empty = all namespaces) |\n| `name` | string | No | Filter by involved object name |\n| `kind` | string | No | Filter by involved object kind (e.g., Pod, Deployment, Node) |\n| `limit` | integer | No | Events per page (default: 50) |\n| `page` | integer | No | Page number, starting from 1 (default: 1) |\n| `format` | string | No | Output format: json, table, yaml (default: table) |\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003ekubernetes_create\u003c/summary\u003e\n\nCreate a Kubernetes resource. Disabled when `read_only=true`.\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| `cluster` | string | Yes | Cluster ID |\n| `resource` | string | Yes | JSON manifest (must include apiVersion, kind, metadata, spec) |\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003ekubernetes_patch\u003c/summary\u003e\n\nPatch a resource using JSON Patch (RFC 6902). Disabled when `read_only=true`.\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| `cluster` | string | Yes | Cluster ID |\n| `kind` | string | Yes | Resource kind |\n| `namespace` | string | No | Namespace (optional for cluster-scoped) |\n| `name` | string | Yes | Resource name |\n| `patch` | string | Yes | JSON Patch array, e.g., `[{\"op\":\"replace\",\"path\":\"/spec/replicas\",\"value\":3}]` |\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003ekubernetes_delete\u003c/summary\u003e\n\nDelete a Kubernetes resource. Disabled when `read_only=true` or `disable_destructive=true`.\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| `cluster` | string | Yes | Cluster ID |\n| `kind` | string | Yes | Resource kind |\n| `namespace` | string | No | Namespace (optional for cluster-scoped) |\n| `name` | string | Yes | Resource name |\n\n\u003c/details\u003e\n\n### rancher\n\n\u003cdetails\u003e\n\u003csummary\u003ecluster_list\u003c/summary\u003e\n\nList available Rancher clusters.\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| `name` | string | No | Filter by cluster name (partial match) |\n| `limit` | integer | No | Items per page (default: 100) |\n| `page` | integer | No | Page number (default: 1) |\n| `format` | string | No | Output format: json, table, yaml (default: json) |\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eproject_list\u003c/summary\u003e\n\nList Rancher projects.\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| `cluster` | string | No | Filter by cluster ID |\n| `name` | string | No | Filter by project name (partial match) |\n| `limit` | integer | No | Items per page (default: 100) |\n| `page` | integer | No | Page number (default: 1) |\n| `format` | string | No | Output format: json, table, yaml (default: json) |\n\n\u003c/details\u003e\n\n## Development \u003ca id=\"development\"\u003e\u003c/a\u003e\n\n### Build\n\n```shell\nmake build\n```\n\n### Run with mcp-inspector\n\n```shell\nnpx @modelcontextprotocol/inspector@latest $(pwd)/rancher-mcp-server\n```\n\nSee [DEVELOPMENT.md](DEVELOPMENT.md) for more details.\n\n## Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.\n\n## Support\n\n- [GitHub Issues](https://github.com/futuretea/rancher-mcp-server/issues)\n- [Troubleshooting Guide](TROUBLESHOOTING.md)\n\n## License\n\n[Apache-2.0](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffuturetea%2Francher-mcp-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffuturetea%2Francher-mcp-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffuturetea%2Francher-mcp-server/lists"}