# Use Claude Code MCP with Kubernetes

Answer first: give the agent live cluster context through localhost MCP, not raw credentials or a hosted privileged bridge.

## Problem

Claude Code can inspect the repo, but it cannot see the running cluster, failing pods, ingress state, or cloud context without a controlled tool surface.

## App workflow/query

```text
Clanker Cloud app:
1. Open the app on the machine with kubeconfig and cloud credentials already configured.
2. Use the app as the trusted local context workspace, then connect Claude Code to the local Clanker MCP runtime.
3. Ask the agent:
Why are prod-api pods CrashLoopBackOff, and what cluster evidence supports the answer?
```

## Open-source CLI equivalent

```bash
clanker mcp --transport stdio
```

Example MCP server config shape:

```json
{
    "mcpServers": {
        "clanker": {
            "command": "clanker",
            "args": ["mcp", "--transport", "stdio"]
        }
    }
}
```

## Input context

Clanker Cloud app installed or local Clanker runtime available, kubeconfig already trusted on the machine, cloud provider credentials already configured locally, and an MCP-capable agent that can launch a stdio server.

## Output example

```text
Agent answer: prod-api pods are CrashLoopBackOff after commit 4f2c1b because the container expects REDIS_URL but the live secret still exposes REDIS_HOST and REDIS_PORT. No cluster write was run. Suggested next step: update the app config or generate a reviewed secret migration plan.
```

## Safety boundary

MCP runs locally through the same runtime that powers the app. Read-only tools expose version, routing, and provider queries through the Clanker safety model. Apply-style changes still require an explicit approved plan.

## Supported providers

Kubernetes, EKS, GKE, AKS, AWS, GCP, Azure, Cloudflare, GitHub.

## Next step

Let the agent draft a patch or plan from the evidence, then review the diff or maker plan before applying anything to the cluster.