OpenShift MCP Server Deployment

This guide walks through deploying the OpenShift Kubernetes MCP Server on Azure Red Hat OpenShift (ARO). The same steps apply to ROSA, OSD, and self-managed OpenShift; only API URLs and route hostnames differ (this guide uses ARO *.aroapp.io examples).

You install the server with Helm, bind a read-only ClusterRole to authorized users or groups, require a bearer token on the MCP HTTP endpoint, and test locally with oc port-forward before optionally exposing an edge-terminated HTTPS route.

The MCP server runs in read-only mode with destructive operations disabled. With authentication enabled, callers must send a bearer token; the server uses token passthrough so each user’s identity is used for Kubernetes API calls.

Prerequisites

• OpenShift CLI (oc) installed and configured
• Helm 3.x installed
• Git installed
• Cluster admin credentials for the ARO cluster
• Network access to the cluster API endpoint

Security and authentication

Two separate security layers apply:

Do not expose a public route without authentication. For initial testing, this guide uses oc port-forward so the MCP endpoint is not reachable from the internet. To expose the server externally, enable the chart’s edge-terminated ingress only after auth is working, or add an OAuth proxy sidecar (out of scope here).

The service account token must remain mounted (automountToken: true) so the server can discover the cluster API URL and CA certificate, even in passthrough mode. The SA token is used for discovery only; API calls use the forwarded user bearer token.

Deployment procedure

Step 1: Login to ARO Cluster

Authenticate to the ARO cluster. Replace placeholders with your credentials and API URL.

Step 2: Create New Project

Step 3: Create Service Account

The chart is configured to use a pre-created service account (serviceAccount.create: false). Create it in the project:

Step 4: Create RBAC for MCP Users

Create a ClusterRole with read-only permissions. Save one manifest as mcp-readonly-clusterrole.yaml (Options A and B share the same name; apply only one).

Option A: Full Read-Only RBAC (Recommended)

Option B: Minimum RBAC

Step 5: Apply ClusterRole and Grant Access

Bind the role to the users or groups that will call the MCP server. For a solo test, bind your current oc user:

For a team, bind an Entra ID or OpenShift group instead:

Step 6: Clone the OpenShift MCP Server Repository

The chart already ships values-openshift.yaml (sets openshift: true and OpenShift image defaults). Your overlay file layers on top of that—do not replace it.

Step 7: Determine the Ingress Hostname (if exposing a route later)

The chart requires ingress.host when ingress.enabled is true. Retrieve your cluster apps domain and set a hostname now so it is ready if you enable the route.

ARO example:

On ROSA, you can also use rosa describe cluster -c <cluster> -o json | jq -r '.dns.base_domain' and build kubernetes-mcp-server-mcp-server.apps.<base_domain>.

Step 8: Create the ARO Values Overlay

Create values-aro.yaml. This file intentionally does not set securityContext or podSecurityContext—the chart defaults already satisfy OpenShift’s restricted-v2 SCC (readOnlyRootFilesystem, dropped capabilities, seccompProfile, and so on). Overriding those fields with a partial block removes those protections.

Do not use mcp.args—that key is ignored by Helm. Use the config block (rendered to config.toml) for server settings.

Replace ingress.host with the value from Step 7 before enabling ingress.

Step 9: Install the Helm Chart

Step 10: Verify Deployment

The pod should be Running. If it is in CrashLoopBackOff with no current-context is set in the logs, confirm serviceAccount.automountToken is true.

Step 11: Test Locally With Port-Forward

Forward the service to your workstation (no external route required):

In another terminal, confirm unauthenticated access is denied:

Expect HTTP 401 Unauthorized.

Test with your OpenShift bearer token (user must have the mcp-readonly role):

Expect HTTP 200 with a JSON-RPC result containing server capabilities.

Step 12: Expose an Edge-Terminated HTTPS Route (Optional)

Only after local testing succeeds, enable the chart ingress. The chart adds route.openshift.io/termination: edge when openshift: true (from values-openshift.yaml), creating an HTTPS route—do not use oc expose svc, which creates a plain HTTP route.

Set ingress.enabled: true and a non-empty ingress.host in values-aro.yaml, then upgrade:

Verify the route:

Step 13: Configure MCP Clients

Point MCP clients at:

when using port-forward, or:

when using the optional route. Clients must send a valid OpenShift bearer token (or complete a full OIDC flow if you add Entra ID settings—see below).

Optional: Full Entra ID OIDC

For clusters that use Microsoft Entra ID (typical on ARO), you can replace skip_jwt_verification: true with full OIDC validation:

1. Register an app in Entra ID with redirect URI https://<route-host>/oauth/callback.
2. Set authorization_url, oauth_audience, oauth_scopes, server_url, sts_client_id, and sts_client_secret in the Helm config block.
3. See the upstream Entra ID setup guide .

Store client secrets in a Kubernetes Secret and pass them at install time with --set config.sts_client_secret="$MCP_OAUTH_SECRET" rather than committing secrets to Git.

Summary

References

• Model Context Protocol server for Red Hat OpenShift (technology preview)
• OpenShift MCP Server (GitHub)
• Kubernetes MCP Server — configuration (OAuth)
• Kubernetes MCP Server — Entra ID setup
• Configure Azure AD as an ARO identity provider