openshift-mcp-server
Verified Safeby junzzhu
Overview
A Model Context Protocol (MCP) server for OpenShift diagnostics and troubleshooting.
Installation
uv run openshift-mcp-serverSecurity Notes
The server executes `oc` commands using `asyncio.create_subprocess_exec`, which is generally safe as arguments are passed as a list, mitigating shell injection risks. However, the `_query_via_route` function uses `curl -k` (insecure) to query Prometheus, disabling TLS certificate validation. This is a security vulnerability that could allow man-in-the-middle attacks if the network path to Prometheus is not fully trusted. Additionally, the `run_oc_debug_node` function allows running arbitrary shell scripts (`bash -c '...'`) on a node, a powerful primitive. While currently only used with hardcoded scripts within `inspect_node_storage_forensics` (making it safe in this context), this function could be a high-risk vector if ever exposed to unsanitized user input.
Similar Servers
kubernetes-mcp-server
Facilitates AI agent interaction with Kubernetes and OpenShift clusters by exposing management and observability tools via the Model Context Protocol.
mcp-k8s-go
This MCP server enables interaction with Kubernetes clusters to list, get, apply, and execute commands on various resources through a conversational interface.
mcp-k8s
Facilitates natural language interaction and automation for Kubernetes cluster management and Helm operations via the Model Control Protocol (MCP).
linux-mcp-server
This server provides read-only Linux system administration, diagnostics, and troubleshooting capabilities for AI agents using the Model Context Protocol (MCP).