Skip to main content
Version: Next

Get Started with Kubernetes

Set up with Kubernetesโ€‹

You can install Lunar MCPX into your Kubernetes cluster using our official Helm chart.

  1. The following are required to get started:
  • A running Kubernetes cluster
  • Helm installed
  1. Install the Helm Chart using the default settings:
helm repo add lunar https://helm.lunar.dev
helm repo update

helm install my-mcpx lunar/lunar-mcpx

Supplying Configurationโ€‹

This will deploy Lunar MCPX into your cluster with a default configuration. You can override values as needed using a override-values.yaml where you can configure your Target MCP Servers and Access Control List.

For example, given the following override-values.yaml:

config:
appYaml: |
auth:
enabled: false
permissions:
base: "block"

We could install using

helm install my-mcpx lunar/lunar-mcpx -f ./override-values.yaml

Supplying Secretsโ€‹

You may pass the optional value secretRef in order to refer to an existing K8s secret:

secretRef:
name: my-mcpx-secret
keys:
- API_KEY # Used when `auth.enabled` is set to true
- SOME_3RD_PARTY_API_KEY # Any secret required by a target MCP server as env var

MCPX will inject this environment variables from the referenced secret automatically.

tip

For more details about using Kubernetes and Helm, make sure to check out our ArtifactHub Documentation

Advanced Featuresโ€‹

If your deployment requires Docker-in-Docker (DinD) or iptables access, youโ€™ll need to grant extra permissions to your Kubernetes Pods via securityContext.

  • For Docker-in-Docker, use privileged: true
  • Use capabilities.add: ["NET_ADMIN"] to manipulate network settings like iptables.

These flags grant additional Linux capabilities to the container:

privileged: true gives the container full access to host devices and all capabilities. This is required for DinD since it needs access to low-level kernel features.

capabilities.add: ["NET_ADMIN"] is more restrictive and grants only the ability to configure networking, for example, to add firewall rules using iptables.

For example, when running Docker-in-Docker:

apiVersion: apps/v1
kind: Prod
metadata:
name: lunar-mcpx
spec:
spec:
containers:
- name: mcpx
image: us-central1-docker.pkg.dev/prj-common-442813/mcpx/mcpx:latest
securityContext:
privileged: true

Or if you want to use capabilities.add: ["NET_ADMIN"]:

apiVersion: apps/v1
kind: Prod
metadata:
name: lunar-mcpx
spec:
spec:
containers:
- name: mcpx
image: us-central1-docker.pkg.dev/prj-common-442813/mcpx/mcpx:latest
securityContext:
capabilities:
add: ["NET_ADMIN"]

note

Always prefer fine-grained access like capabilities.add: ["NET_ADMIN"] over privileged unless absolutely necessary, as the latter significantly broadens the containerโ€™s access to the host. For more on Docker security and capabilities, see the Docker documentation on runtime privileges and capabilities and the Linux manual pages on capabilities.

Control Planeโ€‹

You can access the MCPX Control Plane local installation instructions here.

Once you have an instance running you can navigate to http://localhost:5173/ in your preferred browser.