home / mcp / portainer mcp server
Portainer MCP server
Configuration
View docs{
"mcpServers": {
"portainer-portainer-mcp": {
"command": "/path/to/portainer-mcp",
"args": [
"-server",
"[IP]:[PORT]",
"-token",
"[TOKEN]",
"-tools",
"/tmp/tools.yaml"
]
}
}
}Portainer MCP connects your AI assistant directly to Portainer environments, enabling you to inspect resources like users and environments and to execute Docker or Kubernetes commands through AI interactions in a standardized, secure way.
Install and run the Portainer MCP local proxy, then point your MCP client to the local process. Your AI assistant can list environments, groups, users, and other Portainer resources, update access policies, and proxy Docker and Kubernetes API calls through the MCP bridge. Use the provided configuration to enable read-only or full tool access as needed, and customize which tools you expose to your AI models.
Prerequisites: a Portainer instance with administrator API access, a compatible host to run the MCP binary, and basic command-line tools (curl and tar) available on your system.
# Step 1: Download the appropriate MCP binary for your OS and architecture from the release page
# Example for macOS (ARM64), version v0.2.0
curl -Lo portainer-mcp-v0.2.0-darwin-arm64.tar.gz https://github.com/portainer/portainer-mcp/releases/download/v0.2.0/portainer-mcp-v0.2.0-darwin-arm64.tar.gz
# Step 2: (Optional) Verify the checksum if you downloaded a checksum file
curl -Lo portainer-mcp-v0.2.0-darwin-arm64.tar.gz.md5 https://github.com/portainer/portainer-mcp/releases/download/v0.2.0/portainer-mcp-v0.2.0-darwin-arm64.tar.gz.md5
if [ "$(md5 -q portainer-mcp-v0.2.0-darwin-arm64.tar.gz)" = "$(cat portainer-mcp-v0.2.0-darwin-arm64.tar.gz.md5)" ]; then echo OK; else echo FAILED; fi
# Step 3: Extract the archive
tar -xzf portainer-mcp-v0.2.0-darwin-arm64.tar.gz
# Step 4: Move the executable to a directory in your PATH
sudo mv portainer-mcp /usr/local/bin/
``nConfigure your MCP client to connect to the Portainer MCP server by providing the path to the portainer-mcp binary and the required flags. The configuration below uses a local (stdio) setup. You can adjust the server IP, port, token, and the location for tools definitions as needed.
{
"mcpServers": {
"portainer": {
"command": "/path/to/portainer-mcp",
"args": [
"-server",
"[IP]:[PORT]",
"-token",
"[TOKEN]",
"-tools",
"/tmp/tools.yaml"
]
}
}
}You can enable a read-only mode to restrict actions to listing and getting resources. In read-only mode, write operations are disabled, and certain proxy tools are not loaded. This helps protect your Portainer environment when running AI-assisted workflows.
{
"mcpServers": {
"portainer": {
"command": "/path/to/portainer-mcp",
"args": [
"-server",
"[IP]:[PORT]",
"-token",
"[TOKEN]",
"-read-only"
]
}
}
}This tool validates the Portainer server version at startup to ensure compatibility. If your Portainer version is not directly supported, you can bypass version checks with a dedicated flag, but be aware of potential API incompatibilities and incomplete functionality.
The MCP server exposes a comprehensive set of capabilities to manage Portainer resources and to proxy Docker and Kubernetes API requests. These include listing environments, managing access groups, stacks, users, and teams, and providing proxies for Docker and Kubernetes APIs.
If you encounter startup failures, verify that the Portainer server URL, token, and version are correct. Ensure the MCP binary has the correct execute permissions and that the tools file path exists or will be created by the system when needed.
List all available environments in Portainer.
Update tags associated with an environment.
Update user access policies for an environment.
Update team access policies for an environment.
List all available environment groups.
Create a new environment group.
Update the name of an environment group.
Update environments associated with a group.
Update tags associated with a group.
List all available access groups.
Create a new access group.
Update the name of an access group.
Update user accesses for an access group.
Update team accesses for an access group.
Add an environment to an access group.
Remove an environment from an access group.
List all available stacks.
Get the compose file for a specific stack.
Create a new Docker stack.
Update an existing Docker stack.
List all available environment tags.
Create a new environment tag.
List all available teams.
Create a new team.
Update the name of a team.
Update the members of a team.
List all available users.
Update an existing user.
Get the settings of the Portainer instance.
Proxy ANY Docker API requests.
Proxy ANY Kubernetes API requests.
Proxy GET Kubernetes API requests and automatically strip verbose metadata fields.