Inspektor Gadget MCP Server
Debug Kubernetes & container workloads with eBPF kernel telemetry through an AI interface.
Add to your client
Copy the config for your MCP client and paste it into its config file.
docker run -i --mount type=bind,src=${HOME}/.kube/config,dst=/kubeconfig ghcr.io/inspektor-gadget/ig-mcp-server:latest -gadget-discoverer=artifacthubPaste into ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"inspektor-gadget-mcp-server": {
"command": "docker",
"args": [
"run",
"-i",
"--mount",
"type=bind,src=${env:HOME}/.kube/config,dst=/kubeconfig",
"ghcr.io/inspektor-gadget/ig-mcp-server:latest",
"-gadget-discoverer=artifacthub"
]
}
}
}Requires Docker to be installed and running.
Step-by-step guides: Add to Claude Desktop · Add to Cursor · Add to Windsurf
Before you start
- A valid kubeconfig file with access to your Kubernetes cluster
- Docker (for the Docker-based installation) or a compatible binary for your platform
- An MCP-compatible client (VS Code, GitHub Copilot CLI, Claude Code, etc.)
- Either -gadget-discoverer or -gadget-images must be specified or the server will not start
About Inspektor Gadget MCP Server
Inspektor Gadget MCP Server exposes eBPF-powered kernel observability to LLMs via the Model Context Protocol. Inspektor Gadget runs modular eBPF programs ('gadgets') that hook into the Linux kernel to collect low-level telemetry — DNS queries, TCP connections, process executions, file opens, signals, OOM kills, syscalls, and more — enriched with Kubernetes metadata (pod, namespace, container, node). The MCP server lets an AI agent autonomously pick the right gadgets for a problem, run them, correlate their output, and produce confident, evidence-grounded root cause analysis. Each gadget becomes its own MCP tool (prefixed gadget_), with foreground/background run modes and field-level output filtering, producing structured JSON the LLM summarizes. It can be deployed as a local stdio binary, a Docker container, or in-cluster over HTTP transport.
Tools & capabilities (14)
ig_deployDeploy, upgrade, undeploy, or check the status of Inspektor Gadget on your cluster.
ig_gadgetsList running gadgets, retrieve results from background runs, or stop gadgets.
gadget_trace_dnsDynamically registered tracing gadget tool that captures real-time DNS queries and responses.
gadget_trace_tcpDynamically registered tracing gadget tool that captures real-time TCP connection events.
gadget_trace_execDynamically registered tracing gadget tool that captures real-time process executions.
gadget_trace_openDynamically registered tracing gadget tool that captures real-time file open events.
gadget_snapshot_processDynamically registered snapshot gadget tool that returns a point-in-time snapshot of running processes.
gadget_snapshot_socketDynamically registered snapshot gadget tool that returns a point-in-time snapshot of open sockets.
gadget_top_fileDynamically registered top gadget tool that periodically reports the top file I/O consumers.
gadget_top_tcpDynamically registered top gadget tool that periodically reports the top TCP traffic consumers.
gadget_profile_blockioDynamically registered profiling gadget tool that profiles block I/O latency.
gadget_trace_capabilitiesDynamically registered security gadget tool that traces Linux capability checks.
gadget_traceloopDynamically registered advanced gadget tool acting as a syscall flight recorder for record/replay debugging.
gadget_trace_oomkillDynamically registered advanced gadget tool that traces OOM (out-of-memory) kill events.
What this server can do
Inspektor Gadget MCP Server provides tools for these capabilities — tap one to see every MCP server that does the same:
When to use it
- AI-powered root cause analysis of Kubernetes networking and kernel-level issues
- Troubleshooting DNS resolution failures by tracing queries, detecting failures, and analyzing latency
- Detecting failed/refused TCP connections and correlating them with pod/container metadata
- Security observability — monitoring process executions and file access for suspicious activity
- Recording and replaying syscall sequences (traceloop) for deep pod-behavior debugging
- Observing real-time cluster activity during deployments using multiple gadgets in background mode
Security notes
Requires read-only access to your kubeconfig file and network access for Artifact Hub discovery. The server does not implement built-in authentication; for HTTP/in-cluster deployments, place it behind a reverse proxy with auth + TLS and restrict access with network policies. Use -read-only mode to limit the server to non-destructive operations. Every registered gadget tool consumes LLM context window, so prefer -gadget-images to load only the gadgets you need on smaller-context models.
Inspektor Gadget MCP Server FAQ
Does the server require Kubernetes?
Yes. The environment currently supported is 'kubernetes', and you need a valid kubeconfig with cluster access. Inspektor Gadget itself must be deployable on the cluster (the ig_deploy tool can deploy/upgrade/undeploy it).
How are gadget tools chosen and registered?
Each gadget becomes its own MCP tool prefixed with gadget_. You either discover gadgets automatically from Artifact Hub (-gadget-discoverer=artifacthub) or specify exact images (-gadget-images=trace_dns:latest,trace_tcp:latest). You must supply one of the two or the server won't start.
Why might I limit which gadgets are loaded?
Every registered MCP tool consumes part of the LLM's context window (its schema and field descriptions). On smaller-context models, use -gadget-images to register only the gadgets you need (e.g. two tools instead of 30+) to leave more room for gadget output and analysis.
Is it safe for production?
Use -read-only mode to restrict to non-destructive operations. The server has no built-in authentication, so for HTTP/in-cluster deployments place it behind a reverse proxy with auth and TLS, avoid exposing it to the internet, and restrict access via network policies.
What transports are supported?
stdio (default, for local binary/Docker use in IDEs), plus sse and streamable-http. In-cluster deployments expose an HTTP endpoint (e.g. http://localhost:8080/mcp after port-forwarding).
Alternatives to Inspektor Gadget MCP Server
Compare all alternatives →
Official Elastic server: list indices, read mappings, and search with Query DSL.
Official PostHog server: product analytics, feature flags, experiments, error tracking and SQL.
Run PromQL queries and analyze Prometheus metrics from any MCP client.
Compare Inspektor Gadget MCP Server with: