MCP (Model Context Protocol) Servers for GreenNode services. Provides AI assistants with tools to manage GreenNode infrastructure from natural language.
The Model Context Protocol lets AI assistants (Claude, Cursor, Gemini, etc.) interact with external tools and data sources. MCP servers expose tools that AI can call to perform actions on your behalf.
| Server | Description |
|---|---|
| VKS MCP Server | Manage VKS (VNG Kubernetes Service) clusters, node groups, and K8s resources |
- Python 3.10 or later
- uv package manager (recommended)
- GreenNode CLI (
grncli) — required for credential setup
pip install grncli
grn configureNote: All MCP servers read credentials from
~/.greenode/credentials, which is created bygrn configure. The servers cannot run without this file.
greennode-mcp/
├── src/
│ └── vks-mcp-server/ # VKS MCP Server
│ ├── README.md # VKS-specific docs, tools, security
│ ├── pyproject.toml # Package config + dependencies
│ ├── uv.lock # Lock file
│ ├── LICENSE # Apache 2.0
│ ├── NOTICE # Copyright notice
│ ├── CHANGELOG.md # Version history
│ ├── .gitignore
│ ├── .python-version # Python 3.10
│ ├── greennode/
│ │ └── vks_mcp_server/ # Source code
│ │ ├── server.py # Entry point
│ │ ├── cluster_handler.py
│ │ ├── nodegroup_handler.py
│ │ ├── k8s_handler.py
│ │ └── ...
│ └── tests/ # Test suite
├── scripts/ # Release scripts
├── docs/ # Development guide
├── CLAUDE.md # AI assistant conventions
└── pyproject.toml # Root tool config
Other product teams can add their MCP server:
- Create
src/<product>-mcp-server/directory - Add
pyproject.toml,LICENSE,NOTICE,CHANGELOG.md,.gitignore,.python-version - Create
greennode/<product>_mcp_server/for source code - Add
tests/directory - Add
README.mdwith tools, config, security docs - Update the Available MCP Servers table above
See VKS MCP Server as reference.
All GreenNode MCP servers share these security principles:
- Read-only by default — Write operations require explicit
--allow-writeflag - Sensitive data protection — Kubernetes Secrets require
--allow-sensitive-data-access - Credential security —
~/.greenode/credentialsstored with0600permissions - Input validation — All resource IDs validated to prevent path traversal
- Token handling — In memory only, never written to disk or logged
- Request safety — 30s timeout, retry with exponential backoff
- Open an issue — Bug reports and feature requests
- Search existing issues before opening a new one
- VKS MCP Server — VKS tools, configuration, and security details
- Development Guide — Contributing, CI/CD, release process
- GreenNode CLI — CLI companion tool
- MCP Protocol — Model Context Protocol specification
- VNG Cloud Console
Apache License 2.0 — see LICENSE.