Skip to main content

Setting Up Cursor MCP for Kubernetes Access

· 3 min read
Max Kaido
Max Kaido
Architect

Cursor's Mission Control Panel (MCP) provides a powerful way to give AI assistants direct access to your Kubernetes clusters. This guide outlines the step-by-step process for setting up MCP to enable secure, controlled access to your Kubernetes environment.

What is Cursor MCP?

Cursor MCP (Mission Control Panel) is a secure gateway that allows AI assistants to interact with your infrastructure through controlled access points. For Kubernetes, this means the AI can:

  • View cluster resources and their status
  • Check logs and events
  • Help troubleshoot issues with direct visibility
  • Assist with configuration and deployment tasks
  • Provide more accurate and targeted assistance

Prerequisites

Before setting up MCP for Kubernetes access, ensure you have:

  1. Cursor Desktop App: Latest version installed
  2. Kubernetes Cluster: A running cluster with kubectl access
  3. kubeconfig file: Valid configuration with appropriate permissions
  4. Network Access: Ability to expose the MCP server to Cursor's services

Setup Process

Step 1: Install the MCP Server

The MCP server acts as a secure bridge between Cursor and your Kubernetes cluster.

# Download the MCP server
curl -L https://github.com/cursor-ai/cursor-mcp/releases/latest/download/cursor-mcp-linux-amd64 -o cursor-mcp

# Make it executable
chmod +x cursor-mcp

# Move to a system path (optional)
sudo mv cursor-mcp /usr/local/bin/

Step 2: Configure MCP for Kubernetes

Create a configuration file for MCP that defines the Kubernetes access:

mkdir -p ~/.cursor/mcp
cat > ~/.cursor/mcp/config.yaml << EOF
version: 1
services:
  kubernetes:
    type: kubernetes
    config:
      kubeconfig: ~/.kube/config  # Path to your kubeconfig file
      namespace: default  # Default namespace to use
      allowed_namespaces:  # Namespaces the AI can access
        - default
        - kube-system
      allowed_resources:  # Resource types the AI can access
        - pods
        - services
        - deployments
        - statefulsets
        - daemonsets
        - configmaps
        - secrets
        - ingresses
        - nodes
EOF

Step 3: Start the MCP Server

Run the MCP server with your configuration:

cursor-mcp --config ~/.cursor/mcp/config.yaml

For production use, you might want to run it as a service:

cat > /etc/systemd/system/cursor-mcp.service << EOF
[Unit]
Description=Cursor Mission Control Panel
After=network.target

[Service]
ExecStart=/usr/local/bin/cursor-mcp --config /home/dev/.cursor/mcp/config.yaml
Restart=always
User=dev
Group=dev

[Install]
WantedBy=multi-user.target
EOF

sudo systemctl daemon-reload
sudo systemctl enable cursor-mcp
sudo systemctl start cursor-mcp

Step 4: Connect Cursor to MCP

  1. Open the Cursor desktop app
  2. Go to Settings > Integrations > MCP
  3. Enter the connection details:
    • MCP Server URL: http://your-server-ip:8080
    • Authentication Token: (if configured)
  4. Click "Connect"

Step 5: Verify the Connection

In a Cursor chat, test the connection by asking about your Kubernetes cluster:

Can you list the pods in the default namespace?

The AI should be able to execute the equivalent of kubectl get pods and show you the results.

Security Considerations

When setting up MCP for Kubernetes access, consider these security best practices:

  1. Least Privilege: Create a dedicated service account with only the permissions needed
  2. Network Security: Use TLS and consider running behind a reverse proxy
  3. Access Control: Configure allowed namespaces and resources carefully
  4. Audit Logging: Enable logging to track all actions performed via MCP
  5. Regular Review: Periodically review access and permissions

Example: Restricted Service Account Setup

For production environments, it's recommended to use a dedicated service account:

# Create a service account for Cursor MCP
kubectl create serviceaccount cursor-mcp -n kube-system

# Create a role with limited permissions
kubectl create role cursor-mcp-role --verb=get,list,watch --resource=pods,services,deployments,configmaps -n default

# Bind the role to the service account
kubectl create rolebinding cursor-mcp-binding --role=cursor-mcp-role --serviceaccount=kube-system:cursor-mcp -n default

# Generate a kubeconfig for this service account
# (This requires additional steps to get the token and create the kubeconfig file)

Troubleshooting

If you encounter issues with the MCP setup:

  1. Connection Problems:

    • Check if the MCP server is running: systemctl status cursor-mcp
    • Verify network connectivity: curl http://localhost:8080/health

  2. Permission Issues:

    • Check the service account permissions: kubectl auth can-i --as=system:serviceaccount:kube-system:cursor-mcp list pods
    • Review the MCP server logs: journalctl -u cursor-mcp

  3. Configuration Problems:

    • Validate your config.yaml syntax
    • Ensure the kubeconfig path is correct and accessible

Conclusion

Setting up Cursor MCP for Kubernetes access provides a powerful way to leverage AI assistance for your infrastructure management. With proper configuration and security considerations, you can safely give Cursor the visibility it needs to provide more effective help with your Kubernetes environment.

The direct access to your cluster's state and resources allows for more accurate troubleshooting, better configuration advice, and overall more efficient collaboration between you and the AI assistant.

Next Steps

After setting up MCP, consider:

  1. Creating custom dashboards in Cursor for your most important resources
  2. Setting up automated health checks that Cursor can monitor
  3. Developing playbooks for common troubleshooting scenarios
  4. Expanding access to other services like databases or monitoring systems