Created
January 20, 2026 00:44
-
-
Save christian-posta/24f2589b58496d77cd55813eac9d0e61 to your computer and use it in GitHub Desktop.
Simple agent gateway installation of a Kubernetes mcp server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: gateway.networking.k8s.io/v1 | |
| kind: Gateway | |
| metadata: | |
| name: agentgateway | |
| namespace: gloo-system | |
| spec: | |
| gatewayClassName: enterprise-agentgateway | |
| listeners: | |
| - name: http | |
| port: 8080 | |
| protocol: HTTP | |
| allowedRoutes: | |
| namespaces: | |
| from: All | |
| --- | |
| apiVersion: gateway.networking.k8s.io/v1 | |
| kind: HTTPRoute | |
| metadata: | |
| name: mcp-k8s-tools-route | |
| spec: | |
| parentRefs: | |
| - name: agentgateway | |
| namespace: enterprise-agentgateway | |
| rules: | |
| - matches: | |
| - path: | |
| type: PathPrefix | |
| value: /k8s-tools/mcp | |
| backendRefs: | |
| - name: mcp-k8s-backend | |
| group: agentgateway.dev | |
| kind: AgentgatewayBackend | |
| --- | |
| apiVersion: agentgateway.dev/v1alpha1 | |
| kind: AgentgatewayBackend | |
| metadata: | |
| name: mcp-k8s-backend | |
| spec: | |
| mcp: | |
| targets: | |
| - name: k8s-cluster-tools | |
| static: | |
| host: mcp-kubernetes-server.default.svc.cluster.local | |
| port: 8000 | |
| path: /mcp | |
| protocol: StreamableHTTP | |
| --- | |
| # Policy for CORS, header modification, and backend TLS | |
| apiVersion: enterpriseagentgateway.solo.io/v1alpha1 | |
| kind: EnterpriseAgentgatewayPolicy | |
| metadata: | |
| name: mcp-k8s-tools-policy | |
| spec: | |
| targetRefs: | |
| - group: gateway.networking.k8s.io | |
| kind: HTTPRoute | |
| name: mcp-k8s-tools-route | |
| traffic: | |
| cors: | |
| allowOrigins: | |
| - "*" | |
| allowHeaders: | |
| - "*" | |
| allowMethods: | |
| - "*" | |
| allowCredentials: false | |
| headerModifiers: | |
| request: | |
| remove: | |
| - x-forwarded-for | |
| - x-forwarded-host | |
| - x-forwarded-proto | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: mcp-kubernetes-server | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: mcp-k8s | |
| template: | |
| metadata: | |
| labels: | |
| app: mcp-k8s | |
| spec: | |
| serviceAccountName: mcp-k8s-sa | |
| containers: | |
| - name: mcp-server | |
| image: ghcr.io/feiskyer/mcp-kubernetes-server:latest | |
| args: | |
| - --transport | |
| - streamable-http # Change this from sse to http | |
| - --port | |
| - "8000" | |
| - --host | |
| - "0.0.0.0" | |
| ports: | |
| - containerPort: 8000 | |
| livenessProbe: | |
| httpGet: | |
| path: /healthz # Most MCP servers provide a health check at this path | |
| port: 8000 | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: mcp-kubernetes-server | |
| spec: | |
| selector: | |
| app: mcp-k8s | |
| ports: | |
| - protocol: TCP | |
| port: 8000 | |
| targetPort: 8000 | |
| type: ClusterIP | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: mcp-k8s-sa | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: mcp-k8s-read-only | |
| rules: | |
| - apiGroups: [""] | |
| resources: ["pods", "pods/log", "nodes", "services", "endpoints", "namespaces", "events"] | |
| verbs: ["get", "list", "watch"] | |
| - apiGroups: ["apps"] | |
| resources: ["deployments", "statefulsets", "daemonsets", "replicasets"] | |
| verbs: ["get", "list", "watch"] | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: mcp-k8s-read-only-binding | |
| subjects: | |
| - kind: ServiceAccount | |
| name: mcp-k8s-sa | |
| namespace: default | |
| roleRef: | |
| kind: ClusterRole | |
| name: mcp-k8s-read-only | |
| apiGroup: rbac.authorization.k8s.io |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment