The AKS-MCP is a Model Context Protocol (MCP) server that enables AI assistants to interact with Azure Kubernetes Service (AKS) clusters. It serves as a bridge between AI tools (like GitHub Copilot, Claude, and other MCP-compatible AI assistants) and AKS, translating natural language requests into AKS operations and returning the results in a format the AI tools can understand.
It allows AI tools to:
- Operate (CRUD) AKS resources
- Retrieve details related to AKS clusters (VNets, Subnets, NSGs, Route Tables, etc.)
AKS-MCP connects to Azure using the Azure SDK and provides a set of tools that AI assistants can use to interact with AKS resources. It leverages the Model Context Protocol (MCP) to facilitate this communication, enabling AI tools to make API calls to Azure and interpret the responses.
Configure your MCP servers in supported AI clients like GitHub Copilot, Claude, or other MCP-compatible clients:
{
"mcpServers": {
"aks": {
"command": "<path of binary aks-mcp>",
"args": [
"--transport", "stdio"
]
}
}
}For GitHub Copilot in VS Code, configure the MCP server in your .vscode/mcp.json file:
{
"servers": {
"aks-mcp-server": {
"type": "stdio",
"command": "<path of binary aks-mcp>",
"args": [
"--transport", "stdio"
]
}
}
}Command line arguments:
Usage of ./aks-mcp:
--access-level string Access level (readonly, readwrite, admin) (default "readonly")
--host string Host to listen for the server (only used with transport sse or streamable-http) (default "127.0.0.1")
--port int Port to listen for the server (only used with transport sse or streamable-http) (default 8000)
--timeout int Timeout for command execution in seconds, default is 600s (default 600)
--transport string Transport mechanism to use (stdio, sse or streamable-http) (default "stdio")Environment variables:
- Standard Azure authentication environment variables are supported (
AZURE_TENANT_ID,AZURE_CLIENT_ID,AZURE_CLIENT_SECRET,AZURE_SUBSCRIPTION_ID)
This project includes a Makefile for convenient development, building, and testing. To see all available targets:
make help# Build the binary
make build
# Run tests
make test
# Run tests with coverage
make test-coverage
# Format and lint code
make check
# Build for all platforms
make release# Install dependencies
make deps
# Build and run with --help
make run
# Clean build artifacts
make clean
# Install binary to GOBIN
make install
# Run security scan
make security# Build Docker image
make docker-build
# Run Docker container
make docker-runIf you prefer to build without the Makefile:
go build -o aks-mcp ./cmd/aks-mcpAsk any questions about your AKS clusters in your AI client, for example:
List all my AKS clusters in my subscription xxx.
What is the network configuration of my AKS cluster?
Show me the network security groups associated with my cluster.
The AKS-MCP server provides the following tools for interacting with AKS clusters:
AKS Cluster Management Tools (Read-Only)
az_aks_show: Show the details of a managed Kubernetes clusteraz_aks_list: List managed Kubernetes clustersaz_aks_get-versions: Get the versions available for creating a managed Kubernetes clusteraz_aks_check-network_outbound: Perform outbound network connectivity check for a nodeaz_aks_nodepool_list: List node pools in a managed Kubernetes clusteraz_aks_nodepool_show: Show the details for a node pool in the managed Kubernetes cluster
AKS Cluster Management Tools (Read-Write)
Available with --access-level readwrite or admin
az_aks_create: Create a new managed Kubernetes clusteraz_aks_delete: Delete a managed Kubernetes clusteraz_aks_scale: Scale the node pool in a managed Kubernetes clusteraz_aks_update: Update a managed Kubernetes clusteraz_aks_upgrade: Upgrade a managed Kubernetes cluster to a newer versionaz_aks_nodepool_add: Add a node pool to the managed Kubernetes clusteraz_aks_nodepool_delete: Delete a node pool from the managed Kubernetes clusteraz_aks_nodepool_scale: Scale a node pool in a managed Kubernetes clusteraz_aks_nodepool_upgrade: Upgrade a node pool to a newer version
AKS Cluster Management Tools (Admin)
Available with --access-level admin only
az_aks_get-credentials: Get access credentials for a managed Kubernetes cluster
Network Tools
get_vnet_info: Get information about the VNet used by the AKS clusterget_subnet_info: Get information about the Subnet used by the AKS clusterget_route_table_info: Get information about the Route Table used by the AKS clusterget_nsg_info: Get information about the Network Security Group used by the AKS clusterget_load_balancers_info: Get information about all Load Balancers used by the AKS clusterget_private_endpoint_info: Get information about the private endpoint used by the AKS cluster
Compute Tools
get_aks_vmss_info: Get detailed VMSS configuration for node pools in the AKS clusteraz_vmss_run-command_invoke: Execute a command on instances of a Virtual Machine Scale Set (readwrite/admin)
Monitor Tools
az_monitor_metrics_list: List the metric values for a resourceaz_monitor_metrics_list-definitions: List the metric definitions for a resourceaz_monitor_metrics_list-namespaces: List the metric namespaces for a resourceaz_monitor_activity_log_resource_health: Retrieve resource health events for AKS clustersaz_monitor_app_insights_query: Execute KQL queries against Application Insights telemetry data
AKS Control Plane Tools
aks_control_plane_diagnostic_settings: Check if AKS cluster has diagnostic settings configuredaks_control_plane_logs: Query AKS control plane logs with safety constraints and time range validation
Fleet Tools
az_fleet: Execute Azure Fleet commands with structured parameters for AKS Fleet management- Supports operations: list, show, create, update, delete, start, stop
- Supports resources: fleet, member, updaterun, updatestrategy
- Requires readwrite or admin access for write operations
Detector Tools
list_detectors: List all available AKS cluster detectorsrun_detector: Run a specific AKS detectorrun_detectors_by_category: Run all detectors in a specific category
Azure Advisor Tools
az_advisor_recommendation: Retrieve and manage Azure Advisor recommendations for AKS clusters
Kubernetes Tools
Note: kubectl commands are available with all access levels. Additional tools (helm, cilium) require explicit enablement via --additional-tools
kubectl Commands (Read-Only):
kubectl_get: Display one or many resourceskubectl_describe: Show details of a specific resource or group of resourceskubectl_explain: Documentation of resourceskubectl_logs: Print the logs for a container in a podkubectl_api-resources: Print the supported API resources on the serverkubectl_api-versions: Print the supported API versions on the serverkubectl_diff: Diff live configuration against a would-be applied filekubectl_cluster-info: Display cluster infokubectl_top: Display resource usagekubectl_events: List events in the clusterkubectl_auth: Inspect authorization
kubectl Commands (Read-Write/Admin):
kubectl_create: Create a resource from a file or from stdinkubectl_delete: Delete resources by file names, stdin, resources and names, or by resources and label selectorkubectl_apply: Apply a configuration to a resource by file name or stdinkubectl_expose: Take a replication controller, service, deployment or pod and expose it as a new Kubernetes Servicekubectl_run: Run a particular image on the clusterkubectl_set: Set specific features on objectskubectl_rollout: Manage the rollout of a resourcekubectl_scale: Set a new size for a Deployment, ReplicaSet, Replication Controller, or StatefulSetkubectl_autoscale: Auto-scale a Deployment, ReplicaSet, or StatefulSetkubectl_label: Update the labels on a resourcekubectl_annotate: Update the annotations on a resourcekubectl_patch: Update field(s) of a resourcekubectl_replace: Replace a resource by file name or stdinkubectl_cp: Copy files and directories to and from containerskubectl_exec: Execute a command in a containerkubectl_cordon: Mark node as unschedulablekubectl_uncordon: Mark node as schedulablekubectl_drain: Drain node in preparation for maintenancekubectl_taint: Update the taints on one or more nodeskubectl_certificate: Modify certificate resources
Additional Tools (Optional):
helm: Helm package manager for Kubernetes (requires--additional-tools helm)cilium: Cilium CLI for eBPF-based networking and security (requires--additional-tools cilium)
Account Management Tools
az_account_list: List all subscriptions for the authenticated accountaz_account_set: Set a subscription as the current active subscriptionaz_login: Log in to Azure using service principal credentials
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
