obs-mcp
by rhobs
Overview
An MCP (Model Context Protocol) server enabling LLMs to interact with a Prometheus monitoring instance for querying metrics.
Installation
go run ./cmd/obs-mcp/ --listen 127.0.0.1:9100 --auth-mode kubeconfig --insecureEnvironment Variables
- PROMETHEUS_URL
Security Notes
The Kubernetes deployment manifest (manifests/kubernetes/03_deployment.yaml) explicitly sets `--auth-mode header` and `--insecure`. Crucially, the source code (pkg/mcp/auth.go:getTokenFromCtx) indicates that user authentication is intentionally disabled in 'header' mode (`return ""`). This means that any client able to reach the MCP server in 'header' mode can execute arbitrary PromQL queries against the configured Prometheus instance without any authentication. This is a severe security vulnerability if the server is exposed. Additionally, the `--insecure` flag disables TLS certificate verification, posing a man-in-the-middle risk. The OpenShift deployment (manifests/openshift/02_deployment.yaml) uses `serviceaccount` mode, which has broader permissions (create/update on `prometheuses/api`) than strictly necessary for a read-only metrics tool, though mitigated by in-cluster RBAC.
Similar Servers
prometheus-mcp-server
A Model Context Protocol (MCP) server that enables AI assistants to query and analyze Prometheus metrics for monitoring and insights.
mcp-k8s
Facilitates natural language interaction and automation for Kubernetes cluster management and Helm operations via the Model Control Protocol (MCP).
mkp
MKP is a Model Context Protocol (MCP) server for Kubernetes, enabling LLM-powered applications to interact with Kubernetes clusters by providing tools for resource listing, getting, applying, deleting, and executing commands.
metoro-mcp-server
The Metoro MCP Server allows LLM applications, specifically the Claude Desktop App, to interact with Kubernetes cluster observability data provided by the Metoro platform.