Skip to main content

Develop with AI

Upbound provides Model Context Protocol (MCP) servers that give AI tools direct access to Upbound resources. Use them to connect your AI coding assistant or Kubernetes CLI to the Upbound Marketplace, or deploy them inside your control plane to give AI operations access to cluster data at runtime.

Marketplace MCP server

The marketplace MCP server lets your AI coding assistant search and explore the Upbound Marketplace. Use it to find packages, browse provider repositories, and retrieve package metadata including CRDs and usage examples.

The server requires UP CLI authentication. Log in before starting:

up login
info

For kubectl-ai, you also need an LLM API key configured. kubectl-ai uses Gemini by default. Set GEMINI_API_KEY before running any commands. See the kubectl-ai docs for other supported providers.

  1. Start the marketplace MCP server:

    docker run --name mcp-marketplace --rm -d -p 8765:8765 \
      -v "$HOME/.up:/mcp/.up:ro" \
      xpkg.upbound.io/upbound/marketplace-mcp-server-http:v0.1.0
    tip

    The image is built for linux/amd64. On Apple Silicon or other ARM64 hosts, add --platform linux/amd64 to the docker run command to avoid a platform mismatch warning.

  2. Register the server with your MCP client:

claude mcp add --scope user --transport http marketplace http://localhost:8765/mcp
  1. Restart your AI tool to pick up the new server.
tip

Call the reload_auth tool in your AI session to refresh marketplace credentials after running up login or switching profiles, without restarting the server.

Available tools

ToolDescription
search_packagesSearch the marketplace with filters for family, type, account, tier, and visibility
get_package_metadataRetrieve metadata for a specific package
get_package_assetsAccess documentation, icons, and release notes for a package
get_repositoriesBrowse organization repositories
get_package_version_resourcesGet resources for a specific package version
get_package_version_composition_resourcesRetrieve Crossplane composition resources
get_package_version_groupkind_resourcesAccess resources filtered by group and kind
get_package_version_examplesGet usage examples for package resources
reload_authRefresh UP CLI authentication without restarting the server

Control plane AI operations

The control plane MCP server runs as a sidecar inside your control plane and gives AI functions access to pod logs and events at runtime. It's not a tool you configure in your local AI coding assistant — it's deployed as part of the function pipeline that powers intelligent control plane operations.

Available tools

ToolDescription
get_pod_logsRetrieve container logs for a pod
get_pod_eventsRetrieve events associated with a pod

Configure the control plane MCP server

Before starting, make sure you have:

  • A Kubernetes cluster with Crossplane installed and kubectl configured to reach it
  • Cluster-admin permissions or equivalent to create ClusterRole, ClusterRoleBinding, and DeploymentRuntimeConfig resources
  • The crossplane-system namespace present on the cluster

The control plane MCP server runs as a sidecar container alongside function-claude. Configuring it requires RBAC permissions and a DeploymentRuntimeConfig that injects the sidecar into the function's pod.

  1. Create the RBAC resources. Save the following as permissions.yaml:

    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      name: log-and-event-reader
    rules:
    - apiGroups:
      - ""
      resources:
      - events
      - pods
      - pods/log
      verbs:
      - get
      - list
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      name: log-and-event-reader
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: log-and-event-reader
    subjects:
    - kind: ServiceAccount
      name: function-pod-analyzer
      namespace: crossplane-system

    Apply it to your cluster:

    kubectl apply -f permissions.yaml

  2. Create a DeploymentRuntimeConfig that deploys the MCP server as a sidecar and points function-claude to it. Save the following as deploymentruntimeconfig.yaml:

    apiVersion: pkg.crossplane.io/v1beta1
    kind: DeploymentRuntimeConfig
    metadata:
      name: ctp-mcp
    spec:
      serviceAccountTemplate:
        metadata:
          name: function-pod-analyzer
      deploymentTemplate:
        spec:
          selector: {}
          template:
            spec:
              containers:
              - name: package-runtime
                env:
                - name: MCP_SERVER_TOOL_CTP1_TRANSPORT
                  value: http-stream
                - name: MCP_SERVER_TOOL_CTP1_BASEURL
                  value: http://localhost:8080/mcp
              - name: controlplane-mcp-server
                image: xpkg.upbound.io/upbound/controlplane-mcp-server:{version}

    Apply it to your cluster:

    kubectl apply -f deploymentruntimeconfig.yaml

  3. Reference the DeploymentRuntimeConfig in your function-claude Function resource:

    apiVersion: pkg.crossplane.io/v1
    kind: Function
    metadata:
      name: upbound-function-claude
    spec:
      package: xpkg.upbound.io/upbound/function-claude:v0.2.0
      runtimeConfigRef:
        name: ctp-mcp

    MCP_SERVER_TOOL_CTP1_BASEURL tells function-claude where to reach the sidecar. The ClusterRoleBinding grants the function-pod-analyzer service account permission to read pod logs and events.