Ever wished you could just ask Portainer what's going on? Now you can! Portainer MCP connects your AI assistant directly to your Portainer environments. Manage Portainer resources such as users and environments, or dive deeper by executing any Docker or Kubernetes command directly through the AI. Portainer MCP is a work in progress implementation of the Model Context Protocol (MCP) for Portainer e
Add this skill
npx mdskills install portainer/portainer-mcpComprehensive MCP server enabling AI-driven Portainer and Docker/Kubernetes management with robust tool coverage
1# Portainer MCP2[](https://goreportcard.com/report/github.com/portainer/portainer-mcp)345Ever wished you could just ask Portainer what's going on?67Now you can! Portainer MCP connects your AI assistant directly to your Portainer environments. Manage Portainer resources such as users and environments, or dive deeper by executing any Docker or Kubernetes command directly through the AI.891011## Overview1213Portainer MCP is a work in progress implementation of the [Model Context Protocol (MCP)](https://modelcontextprotocol.io/introduction) for Portainer environments. This project aims to provide a standardized way to connect Portainer's container management capabilities with AI models and other services.1415MCP (Model Context Protocol) is an open protocol that standardizes how applications provide context to LLMs (Large Language Models). Similar to how USB-C provides a standardized way to connect devices to peripherals, MCP provides a standardized way to connect AI models to different data sources and tools.1617This implementation focuses on exposing Portainer environment data through the MCP protocol, allowing AI assistants and other tools to interact with your containerized infrastructure in a secure and standardized way.1819> [!NOTE]20> This tool is designed to work with specific Portainer versions. If your Portainer version doesn't match the supported version, you can use the `--disable-version-check` flag to attempt connection anyway. See [Portainer Version Support](#portainer-version-support) for compatible versions and [Disable Version Check](#disable-version-check) for bypass instructions.2122See the [Supported Capabilities](#supported-capabilities) sections for more details on compatibility and available features.2324*Note: This project is currently under development.*2526It is currently designed to work with a Portainer administrator API token.2728## Installation2930You can download pre-built binaries for Linux (amd64, arm64) and macOS (arm64) from the [**Latest Release Page**](https://github.com/portainer/portainer-mcp/releases/latest). Find the appropriate archive for your operating system and architecture under the "Assets" section.3132**Download the archive:**33You can usually download this directly from the release page. Alternatively, you can use `curl`. Here's an example for macOS (ARM64) version `v0.2.0`:3435```bash36# Example for macOS (ARM64) - adjust version and architecture as needed37curl -Lo portainer-mcp-v0.2.0-darwin-arm64.tar.gz https://github.com/portainer/portainer-mcp/releases/download/v0.2.0/portainer-mcp-v0.2.0-darwin-arm64.tar.gz38```3940(Linux AMD64 binaries are also available on the release page.)4142**(Optional but recommended) Verify the checksum:**43First, download the corresponding `.md5` checksum file from the release page.44Example for macOS (ARM64) `v0.2.0`:4546```bash47# Download the checksum file (adjust version/arch)48curl -Lo portainer-mcp-v0.2.0-darwin-arm64.tar.gz.md5 https://github.com/portainer/portainer-mcp/releases/download/v0.2.0/portainer-mcp-v0.2.0-darwin-arm64.tar.gz.md549# Now verify (output should match the content of the .md5 file)50if [ "$(md5 -q portainer-mcp-v0.2.0-darwin-arm64.tar.gz)" = "$(cat portainer-mcp-v0.2.0-darwin-arm64.tar.gz.md5)" ]; then echo "OK"; else echo "FAILED"; fi51```5253(For Linux, you can use `md5sum -c <checksum_file_name>.md5`)54If the verification command outputs "OK", the file is intact.5556**Extract the archive:**5758```bash59# Adjust the filename based on the downloaded version/OS/architecture60tar -xzf portainer-mcp-v0.2.0-darwin-arm64.tar.gz61```6263This will extract the `portainer-mcp` executable.6465**Move the executable:**66Move the executable to a location in your `$PATH` (e.g., `/usr/local/bin`) or note its location for the configuration step below.6768# Usage6970With Claude Desktop, configure it like so:7172```73{74 "mcpServers": {75 "portainer": {76 "command": "/path/to/portainer-mcp",77 "args": [78 "-server",79 "[IP]:[PORT]",80 "-token",81 "[TOKEN]",82 "-tools",83 "/tmp/tools.yaml"84 ]85 }86 }87}88```8990Replace `[IP]`, `[PORT]` and `[TOKEN]` with the IP, port and API access token associated with your Portainer instance.9192> [!NOTE]93> By default, the tool looks for "tools.yaml" in the same directory as the binary. If the file does not exist, it will be created there with the default tool definitions. You may need to modify this path as described above, particularly when using AI assistants like Claude that have restricted write permissions to the working directory.9495## Disable Version Check9697By default, the application validates that your Portainer server version matches the supported version and will fail to start if there's a mismatch. If you have a Portainer server version that doesn't have a corresponding Portainer MCP version available, you can disable this version check to attempt connection anyway.9899To disable the version check, add the `-disable-version-check` flag to your command arguments:100101```102{103 "mcpServers": {104 "portainer": {105 "command": "/path/to/portainer-mcp",106 "args": [107 "-server",108 "[IP]:[PORT]",109 "-token",110 "[TOKEN]",111 "-disable-version-check"112 ]113 }114 }115}116```117118> [!WARNING]119> Disabling the version check may result in unexpected behavior or API incompatibilities if your Portainer server version differs significantly from the supported version. The tool may work partially or not at all with unsupported versions.120121When using this flag:122- The application will skip Portainer server version validation at startup123- Some features may not work correctly due to API differences between versions124- Newer Portainer versions may have API changes that cause errors125- Older Portainer versions may be missing APIs that the tool expects126127This flag is useful when:128- You're running a newer Portainer version that doesn't have MCP support yet129- You're running an older Portainer version and want to try the tool anyway130131## Tool Customization132133By default, the tool definitions are embedded in the binary. The application will create a tools file at the default location if one doesn't already exist.134135You can customize the tool definitions by specifying a custom tools file path using the `-tools` flag:136137```138{139 "mcpServers": {140 "portainer": {141 "command": "/path/to/portainer-mcp",142 "args": [143 "-server",144 "[IP]:[PORT]",145 "-token",146 "[TOKEN]",147 "-tools",148 "/path/to/custom/tools.yaml"149 ]150 }151 }152}153```154155The default tools file is available for reference at `internal/tooldef/tools.yaml` in the source code. You can modify the descriptions of the tools and their parameters to alter how AI models interpret and decide to use them. You can even decide to remove some tools if you don't wish to use them.156157> [!WARNING]158> Do not change the tool names or parameter definitions (other than descriptions), as this will prevent the tools from being properly registered and functioning correctly.159160## Read-Only Mode161162For security-conscious users, the application can be run in read-only mode. This mode ensures that only read operations are available, completely preventing any modifications to your Portainer resources.163164To enable read-only mode, add the `-read-only` flag to your command arguments:165166```167{168 "mcpServers": {169 "portainer": {170 "command": "/path/to/portainer-mcp",171 "args": [172 "-server",173 "[IP]:[PORT]",174 "-token",175 "[TOKEN]",176 "-read-only"177 ]178 }179 }180}181```182183When using read-only mode:184- Only read tools (list, get) will be available to the AI model185- All write tools (create, update, delete) are not loaded186- The Docker proxy requests tool is not loaded187- The Kubernetes proxy requests tool is not loaded188189# Portainer Version Support190191This tool is pinned to support a specific version of Portainer. The application will validate the Portainer server version at startup and fail if it doesn't match the required version.192193| Portainer MCP Version | Supported Portainer Version |194|--------------|----------------------------|195| 0.1.0 | 2.28.1 |196| 0.2.0 | 2.28.1 |197| 0.3.0 | 2.28.1 |198| 0.4.0 | 2.29.2 |199| 0.4.1 | 2.29.2 |200| 0.5.0 | 2.30.0 |201| 0.6.0 | 2.31.2 |202203> [!NOTE]204> If you need to connect to an unsupported Portainer version, you can use the `-disable-version-check` flag to bypass version validation. See the [Disable Version Check](#disable-version-check) section for more details and important warnings about using this feature.205206# Supported Capabilities207208The following table lists the currently (latest version) supported operations through MCP tools:209210| Resource | Operation | Description | Supported In Version |211|----------|-----------|-------------|----------------------|212| **Environments** | | | |213| | ListEnvironments | List all available environments | 0.1.0 |214| | UpdateEnvironmentTags | Update tags associated with an environment | 0.1.0 |215| | UpdateEnvironmentUserAccesses | Update user access policies for an environment | 0.1.0 |216| | UpdateEnvironmentTeamAccesses | Update team access policies for an environment | 0.1.0 |217| **Environment Groups (Edge Groups)** | | | |218| | ListEnvironmentGroups | List all available environment groups | 0.1.0 |219| | CreateEnvironmentGroup | Create a new environment group | 0.1.0 |220| | UpdateEnvironmentGroupName | Update the name of an environment group | 0.1.0 |221| | UpdateEnvironmentGroupEnvironments | Update environments associated with a group | 0.1.0 |222| | UpdateEnvironmentGroupTags | Update tags associated with a group | 0.1.0 |223| **Access Groups (Endpoint Groups)** | | | |224| | ListAccessGroups | List all available access groups | 0.1.0 |225| | CreateAccessGroup | Create a new access group | 0.1.0 |226| | UpdateAccessGroupName | Update the name of an access group | 0.1.0 |227| | UpdateAccessGroupUserAccesses | Update user accesses for an access group | 0.1.0 |228| | UpdateAccessGroupTeamAccesses | Update team accesses for an access group | 0.1.0 |229| | AddEnvironmentToAccessGroup | Add an environment to an access group | 0.1.0 |230| | RemoveEnvironmentFromAccessGroup | Remove an environment from an access group | 0.1.0 |231| **Stacks (Edge Stacks)** | | | |232| | ListStacks | List all available stacks | 0.1.0 |233| | GetStackFile | Get the compose file for a specific stack | 0.1.0 |234| | CreateStack | Create a new Docker stack | 0.1.0 |235| | UpdateStack | Update an existing Docker stack | 0.1.0 |236| **Tags** | | | |237| | ListEnvironmentTags | List all available environment tags | 0.1.0 |238| | CreateEnvironmentTag | Create a new environment tag | 0.1.0 |239| **Teams** | | | |240| | ListTeams | List all available teams | 0.1.0 |241| | CreateTeam | Create a new team | 0.1.0 |242| | UpdateTeamName | Update the name of a team | 0.1.0 |243| | UpdateTeamMembers | Update the members of a team | 0.1.0 |244| **Users** | | | |245| | ListUsers | List all available users | 0.1.0 |246| | UpdateUser | Update an existing user | 0.1.0 |247| | GetSettings | Get the settings of the Portainer instance | 0.1.0 |248| **Docker** | | | |249| | DockerProxy | Proxy ANY Docker API requests | 0.2.0 |250| **Kubernetes** | | | |251| | KubernetesProxy | Proxy ANY Kubernetes API requests | 0.3.0 |252| | getKubernetesResourceStripped | Proxy GET Kubernetes API requests and automatically strip verbose metadata fields | 0.6.0 |253254# Development255256## Code Statistics257258The repository includes a helper script `cloc.sh` to calculate lines of code and other metrics for the Go source files using the `cloc` tool. You might need to install `cloc` first (e.g., `sudo apt install cloc` or `brew install cloc`).259260Run the script from the repository root to see the default summary output:261262```bash263./cloc.sh264```265266Refer to the comment header within the `cloc.sh` script for details on available flags to retrieve specific metrics.267268## Token Counting269270To get an estimate of how many tokens your current tool definitions consume in prompts, you can use the provided Go program and shell script to query the Anthropic API's token counting endpoint.271272**1. Generate the Tools JSON:**273274First, use the `token-count` Go program to convert your YAML tool definitions into the JSON format required by the Anthropic API. Run this from the repository root:275276```bash277# Replace internal/tooldef/tools.yaml with your YAML file if different278# Replace .tmp/tools.json with your desired output path279go run ./cmd/token-count -input internal/tooldef/tools.yaml -output .tmp/tools.json280```281282This command reads the tool definitions from the specified input YAML file and writes a JSON array of tools (containing `name`, `description`, and `input_schema`) to the specified output file.283284**2. Query the Anthropic API:**285286Next, use the `token.sh` script to send these tool definitions along with a sample message to the Anthropic API. You will need an Anthropic API key for this step.287288```bash289# Ensure you have jq installed290# Replace sk-ant-xxxxxxxx with your actual Anthropic API key291# Replace .tmp/tools.json with the path to the file generated in step 1292./token.sh -k sk-ant-xxxxxxxx -i .tmp/tools.json293```294295The script will output the JSON response from the Anthropic API, which includes the estimated token count for the provided tools and sample message under the `usage.input_tokens` field.296297This process helps in understanding the token cost associated with the toolset provided to the language model.298
Full transparency — inspect the skill content before installing.