OpenShift

OpenShift MCP Server

OpenShift

OpenShift MCP Server

Enterprise MCP Server for OpenShift Lightspeed. Dual server deployment combining 19 custom operational tools with the official Kubernetes MCP server. AI-powered cluster monitoring, deployment management, and performance testing through natural language.

Experimental Quarkus 3.27 MCP Protocol 40+ Tools Helm Chart OpenShift AI v0.1.0-alpha

Experimental — Under active development. APIs, tool signatures, and Helm chart values may change without notice.

View on GitHub →

How It Works

OpenShift Lightspeed acts as an MCP Client that connects to two MCP Servers. When a user asks a question in natural language, the LLM (served by RHOAI vLLM through LiteLLM) reasons about which tool to call, Lightspeed executes the tool against the MCP Server, and the result is returned to the LLM for analysis and response.

Sequence: MCP Tool Calling Flow

User Lightspeed LiteLLM + vLLM MCP Server Quarkus/K8s OCP API 1. "Check cluster health" 2. Send prompt + tool definitions LLM reasoning Qwen3 8B selects checkClusterHealth 3. tool_call: checkClusterHealth 4. POST /mcp {checkClusterHealth} 5. K8s API calls nodes, pods, metrics 6. Cluster data 7. Tool result (JSON) 8. Send tool result to LLM 9. Natural language analysis 10. "3 nodes healthy, 2 pods failing..."

Architecture

High-level topology showing how OpenShift Lightspeed connects to the dual MCP servers through LiteLLM, backed by RHOAI vLLM model serving. Each pod uses the OpenShift logo and runs in the same namespace.

openshift-lightspeed namespace OpenShift Lightspeed MCP Client LiteLLM Proxy OpenAI-compatible :4000 RHOAI vLLM Qwen3 8B / Granite PostgreSQL LiteLLM DB :5432 Quarkus MCP Server 19 tools · POST /mcp :8080 Kubernetes MCP Server 21 tools · POST /mcp :8085 MCP Inspector Testing UI :8080 OpenShift API Cluster Resources Deployments apps/v1 Pods v1 Nodes v1 Services v1 Routes route.openshift.io LLM inference tool calls LEGEND: Data flow Tool registration Custom Official AI/Model Testing

Q Quarkus MCP Server

Custom Java server with 19 operational tools for monitoring, deployment, and performance testing. Built with Fabric8 Kubernetes Client.

  • checkClusterHealth
  • getPerformanceMetrics
  • createDeployment
  • deployDatabase
  • runKubeBurner
  • + 14 more tools

K Kubernetes MCP Server

Official Go-based server from openshift/openshift-mcp-server. Generic CRUD, pod management, Helm operations.

  • resources_list / get / create / delete
  • pods_exec / pods_log
  • helm_install / helm_list
  • events_list / namespaces_list
  • nodes_top / pods_top
  • + 10 more tools

+ Supporting Services

Included in the Helm chart for a complete AI-assisted operations stack.

  • LiteLLM Proxy (OpenAI-compatible gateway)
  • PostgreSQL (LiteLLM backend DB)
  • MCP Inspector (testing & debug UI)
  • RHOAI vLLM (model serving)

OpenShift AI Integration

The MCP Server integrates with Red Hat OpenShift AI (RHOAI) for model serving. vLLM serves Qwen3 8B or Granite models with native tool calling support via the hermes parser. The LiteLLM proxy provides an OpenAI-compatible API gateway that routes requests to the vLLM InferenceService.

vLLM InferenceService Configuration for Tool Calling

apiVersion: serving.kserve.io/v1beta1
kind: InferenceService
metadata:
  name: isvc-qwen3-8b
spec:
  predictor:
    model:
      modelFormat:
        name: vLLM
      runtime: vllm-runtime
      args:
        - --enable-auto-tool-choice
        - --tool-call-parser=hermes
        - --chat-template=/app/data/template_hermes_tool.jinja

The --tool-call-parser=hermes flag enables native function calling. The LLM receives tool definitions from the MCP servers and can autonomously decide which tool to invoke based on the user's natural language query.

Deployment Options

Choose the deployment mode that matches your environment and permissions. The Developer Sandbox edition provides a safe way to explore MCP capabilities with limited cluster access.

Developer Sandbox

Sandbox Edition — Qwen3 8B

Perfect for evaluating MCP Server capabilities in the Red Hat Developer Sandbox. Uses namespace-scoped permissions and the Qwen3 8B model via RHOAI vLLM. Only tools compatible with ServiceAccount namespace-level permissions are available.

  • Namespace-scoped ServiceAccount (no cluster-admin)
  • Qwen3 8B model via OpenShift AI / vLLM
  • Deployment tools (createDeployment, deployDatabase)
  • Namespace monitoring (monitorDeployments, detectResourceIssues)
  • Performance testing (runStorageBenchmark, runCpuStressTest)
  • HPA, Services, NetworkPolicies
  • Kubernetes MCP (pods, resources, helm — namespace only)
  • Cluster-wide monitoring (checkClusterHealth, checkNodeConditions)
  • Node-level tools (checkKubeletStatus, checkCrioStatus)
  • Cluster density testing (runKubeBurner)
helm install openshift-mcp-server openshift-mcp/openshift-mcp-server \
  -n $NAMESPACE \
  -f values-developer-sandbox.yaml
Tools are limited by the ServiceAccount Role permissions. Cluster-wide monitoring and node-level operations require cluster-admin and are not available in this mode.
Full Version

Full Cluster — cluster-admin

Complete deployment with all 40+ tools enabled. Requires cluster-admin ClusterRoleBinding for full access to nodes, metrics API, cross-namespace monitoring, and cluster density testing.

  • ClusterRoleBinding with cluster-admin
  • All 19 custom Quarkus MCP tools
  • All 21 Kubernetes MCP tools
  • Full cluster health monitoring across all namespaces
  • Node conditions, kubelet & CRI-O status
  • Performance metrics API access
  • KubeBurner cluster density testing
  • OLSConfig integration for OpenShift Lightspeed
  • LiteLLM proxy with configurable model backend
  • MCP Inspector testing UI
helm install openshift-mcp-server openshift-mcp/openshift-mcp-server \
  -n openshift-lightspeed \
  --set namespace=openshift-lightspeed \
  --set serviceAccount.create=true
Requires cluster-admin. This deployment creates a ClusterRoleBinding granting full cluster access to the MCP Server ServiceAccount.

Helm Chart

VersionApp VersionDescription
0.1.0-alpha0.1.0-alphaDual MCP server + Inspector + LiteLLM (experimental)

Add the Helm Repository

helm repo add openshift-mcp https://maximilianoPizarro.github.io/openshift-mcp-server
helm repo update

Full Install (cluster-admin required)

helm install openshift-mcp-server openshift-mcp/openshift-mcp-server \
  --namespace openshift-lightspeed \
  --set namespace=openshift-lightspeed \
  --set serviceAccount.create=true

Developer Sandbox Install (Qwen3 8B, namespace-scoped)

helm install openshift-mcp-server openshift-mcp/openshift-mcp-server \
  --namespace $NAMESPACE \
  -f values-developer-sandbox.yaml
Developer Sandbox: The ServiceAccount uses a namespace-scoped Role instead of ClusterRoleBinding. Only tools compatible with namespace-level permissions are functional.

Configure with an existing RHOAI model

helm install openshift-mcp-server openshift-mcp/openshift-mcp-server \
  --namespace openshift-lightspeed \
  --set namespace=openshift-lightspeed \
  --set litellm.model.name=qwen3 \
  --set litellm.model.modelId=isvc-qwen3-8b \
  --set litellm.model.apiBase=http://isvc-qwen3-8b-predictor.qwen3-model.svc.cluster.local:8080/v1

Custom Tools (Quarkus Server)

Monitoring (9 tools)

ToolDescriptionScope
checkClusterHealthOverall cluster health, node/pod status, critical issuescluster-admin
getPerformanceMetricsNode and pod CPU/memory metricscluster-admin
detectResourceIssuesPods with high CPU/memory or excessive restartsnamespace
analyzePodDisruptionsEvictions, OOM kills, restart patternsnamespace
checkNodeConditionsNode conditions, taints, allocatable resourcescluster-admin
monitorDeploymentsDeployment rollout health and replica statusnamespace
checkKubeletStatusKubelet service status and journal logscluster-admin
checkCrioStatusCRI-O container runtime statuscluster-admin
analyzeJournalctlPodErrorsJournal log analysis with filterscluster-admin

Deployment (5 tools)

ToolDescriptionScope
createDeploymentCreate deployments with custom confignamespace
deployDatabaseDeploy PostgreSQL/MySQL/MongoDB/Redis (RHEL images)namespace
createHpaConfigure horizontal pod autoscalersnamespace
createServiceCreate ClusterIP/NodePort/LoadBalancer servicesnamespace
createNetworkPolicyCreate network policiesnamespace

Performance Testing (5 tools)

ToolDescriptionScope
runKubeBurnerCluster density testingcluster-admin
runStorageBenchmarkStorage I/O benchmarks with FIOnamespace
runNetworkTestNetwork throughput with iperf3namespace
runCpuStressTestCPU/memory stress testingnamespace
runDatabaseBenchmarkDatabase benchmarksnamespace

Kubernetes MCP Tools (Official Server)

ToolsetTools
Configconfiguration_contexts_list, targets_list, configuration_view
Coreresources_list, resources_get, resources_create_or_update, resources_delete, resources_scale, pods_list, pods_get, pods_delete, pods_top, pods_exec, pods_log, pods_run, namespaces_list, projects_list, events_list, nodes_top, nodes_log
Helmhelm_install, helm_list, helm_uninstall

Screenshots

OpenShift Topology View

OpenShift Topology View

MCP Server pods running in the openshift-lightspeed namespace with OpenShift logos

Lightspeed Tool Calling

Lightspeed Tool Response

Qwen3 8B model reasoning about which MCP tool to call (checkClusterHealth)

Cluster Health Analysis

Cluster Health Analysis

Lightspeed analyzing failed pods and high-restart containers using checkClusterHealth tool results

List Pods (pods_list)

List Pods

Listing pods in openshift-lightspeed namespace using the pods_list_in_namespace tool

Detect Resource Issues

Detect Resource Issues

detectResourceIssues tool identifying pods with excessive restarts and high resource consumption

Deploy Redis Database

Deploy Redis

deployDatabase tool deploying a Redis instance using official RHEL catalog image

Create HPA (Horizontal Pod Autoscaler)

Create HPA

createHpa tool configuring auto-scaling with CPU/memory targets

Helm List Releases

Helm List

helm_list tool showing all Helm releases across namespaces

Helm Chart in OpenShift Catalog

Helm Chart Catalog

OpenShift MCP Server Helm Chart available in the OpenShift Developer Catalog via HelmChartRepository

MCP Inspector - 19 Tools Connected

MCP Inspector

MCP Inspector connected to the OpenShift MCP Server showing all 19 available tools

LiteLLM - Model Management (Qwen3 8B)

LiteLLM Models

LiteLLM dashboard showing Qwen3 8B model configured as the AI backend

LiteLLM - MCP Servers Configuration

LiteLLM MCP Servers

LiteLLM MCP Servers page showing both MCP servers connected via HTTP transport

OLSConfig Integration

Register MCP servers with OpenShift Lightspeed via the OLSConfig custom resource. Requires the MCPServer feature gate enabled.

apiVersion: ols.openshift.io/v1alpha1
kind: OLSConfig
metadata:
  name: cluster
spec:
  featureGates:
    - MCPServer
  mcpServers:
    - name: openshift-mcp-server
      timeout: 30
      url: 'http://openshift-mcp-server.openshift-lightspeed.svc.cluster.local:8080/mcp'
    - name: kubernetes-mcp-server
      timeout: 30
      url: 'http://openshift-mcp-server-k8s-mcp.openshift-lightspeed.svc.cluster.local:8085/mcp'

Technology Stack

ComponentTechnology
Custom MCP ServerQuarkus 3.27.3 + Fabric8 Kubernetes Client
Official MCP ServerGo (openshift/openshift-mcp-server)
MCP ProtocolStreamable HTTP (POST /mcp)
Model ServingOpenShift AI (RHOAI) + vLLM with hermes tool-call parser
LLM ModelsQwen3 8B, Granite 3 8B Instruct (configurable)
LLM GatewayLiteLLM Proxy (OpenAI-compatible API)
Container RuntimeUBI9 OpenJDK 21 Runtime
Helm Chartv2 with 5 deployments, namespace & cluster-admin modes

Helm Chart Components

ComponentImagePortDescription
openshift-mcp-serverquay.io/maximilianopizarro/openshift-mcp-server8080Custom Quarkus MCP
kubernetes-mcp-serverquay.io/redhat-user-workloads/.../openshift-mcp-server8085Official K8s MCP
mcp-inspectormcpuse/inspector8080MCP testing UI
litellmlitellm/litellm-non_root4000OpenAI-compatible proxy
litellm-dbregistry.redhat.io/rhel9/postgresql-155432PostgreSQL backend