Get Started with Kubernetes
Set up with Kubernetesโ
You can install Lunar MCPX into your Kubernetes cluster using our official Helm chart.
- The following are required to get started:
- A running Kubernetes cluster
- Helm installed
- Install the Helm Chart using the default settings:
helm repo add lunar https://helm.lunar.dev
helm repo update
helm install my-mcpx lunar/lunar-mcpx
Supplying Configurationโ
This will deploy Lunar MCPX into your cluster with a default configuration. You can override values as needed using a override-values.yaml
where you can configure your Target MCP Servers and Access Control List.
For example, given the following override-values.yaml
:
config:
appYaml: |
auth:
enabled: false
permissions:
base: "block"
We could install using
helm install my-mcpx lunar/lunar-mcpx -f ./override-values.yaml
Supplying Secretsโ
You may pass the optional value secretRef
in order to refer to an existing K8s secret:
secretRef:
name: my-mcpx-secret
keys:
- API_KEY # Used when `auth.enabled` is set to true
- SOME_3RD_PARTY_API_KEY # Any secret required by a target MCP server as env var
MCPX will inject this environment variables from the referenced secret automatically.
For more details about using Kubernetes and Helm, make sure to check out our ArtifactHub Documentation
Advanced Featuresโ
If your deployment requires Docker-in-Docker (DinD) or iptables
access, youโll need to grant extra permissions to your Kubernetes Pods via securityContext.
- For Docker-in-Docker, use
privileged: true
- Use
capabilities.add: ["NET_ADMIN"]
to manipulate network settings likeiptables
.
These flags grant additional Linux capabilities to the container:
privileged: true
gives the container full access to host devices and all capabilities. This is required for DinD since it needs access to low-level kernel features.
capabilities.add: ["NET_ADMIN"]
is more restrictive and grants only the ability to configure networking, for example, to add firewall rules using iptables.
For example, when running Docker-in-Docker:
apiVersion: apps/v1
kind: Prod
metadata:
name: lunar-mcpx
spec:
spec:
containers:
- name: mcpx
image: us-central1-docker.pkg.dev/prj-common-442813/mcpx/mcpx:latest
securityContext:
privileged: true
Or if you want to use capabilities.add: ["NET_ADMIN"]
:
apiVersion: apps/v1
kind: Prod
metadata:
name: lunar-mcpx
spec:
spec:
containers:
- name: mcpx
image: us-central1-docker.pkg.dev/prj-common-442813/mcpx/mcpx:latest
securityContext:
capabilities:
add: ["NET_ADMIN"]
Always prefer fine-grained access like capabilities.add: ["NET_ADMIN"]
over privileged
unless absolutely necessary, as the latter significantly broadens the containerโs access to the host. For more on Docker security and capabilities, see the Docker documentation on runtime privileges and capabilities and the Linux manual pages on capabilities.
Control Planeโ
You can access the MCPX Control Plane local installation instructions here.
Once you have an instance running you can navigate to http://localhost:5173/ in your preferred browser.