MCP Directory

How to add Radar to Claude Desktop

Built-in MCP server for the open-source Kubernetes UI — lets AI assistants query and operate your cluster. Paste the config into ~/Library/Application Support/Claude/claude_desktop_config.json and restart Claude Desktop.

Last updated June 14, 2026 · 2.4k · http · no auth · official

Claude Desktop config for Radar

curl -fsSL https://get.radarhq.io | sh
{
  "mcpServers": {
    "radar": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "http://localhost:9280/mcp"
      ]
    }
  }
}

Claude Desktop connects to remote servers through the `mcp-remote` proxy (installed on first run via npx). Restart Claude Desktop after saving.

Setup steps

  1. 1Open Claude Desktop → Settings → Developer → Edit Config (this opens ~/Library/Application Support/Claude/claude_desktop_config.json).
  2. 2Paste the Radar config below under the top-level "mcpServers" key.
  3. 3Fill in any placeholder secrets (API keys, paths) in the snippet.
  4. 4Save the file, then fully quit and reopen Claude Desktop.
  5. 5Open a chat and confirm Radar's tools appear under the 🔌 tools menu.

Before you start

  • A running Radar instance (radar or kubectl radar) — the MCP server is enabled by default on http://localhost:9280/mcp
  • Access to a Kubernetes cluster via kubeconfig (GKE, EKS, AKS, minikube, kind, k3s, or any conformant cluster)
  • An MCP-compatible AI client (Claude Code, Claude Desktop, Cursor, Windsurf, VS Code Copilot, Cline, JetBrains AI, OpenAI Codex, or Gemini CLI)

What Radar can do in Claude Desktop

issues

Ranked, curated stream of live operational failures (failing workloads/pods, dangling references, pod-startup blockers, False CRD conditions). Each row carries a source label sliceable via filter.

diagnose

Root-cause one workload or GitOps reconciler in a single call — minified resource + resourceContext + current and previous container logs + filtered events + startupBlockers (workloads), or reconciler status + parsed issues (Application/Kustomization/HelmRelease).

get_dashboard

Cluster/namespace health overview — resource counts, failing pods, unhealthy workloads, warning events, Helm status. Inventory-style triage before drilling in.

top_resources

Live metrics ranked like `kubectl top | sort`, joined with K8s context (status, restarts, owner, requests/limits). For CPU/memory/OOM/load symptoms.

list_resources

List resources of a kind with minified summaries plus per-row summaryContext (managedBy / health / issueCount).

search

Find resources by content/term match (config keys, env refs, images, label values, CRD fields, status messages). Supports kind:/ns:/label:/image: modifiers and CEL filter; secret values never indexed.

get_resource

Detailed view of a single resource — minified spec + status + metadata + default-on resourceContext, with optional supplemental events/metrics.

get_topology

Whole-namespace/cluster topology graph (nodes + edges). Supports a summary format for LLM-friendly text chains.

Security

Read tools are strictly read-only (readOnlyHint); write tools are RBAC-enforced and annotated destructiveHint. Some are genuinely destructive — apply_resource force=true can take field ownership from Helm/Flux, manage_node drain evicts pods, and rollback/terminate overwrite or abort desired state. RBAC-aware: the local binary uses your kubeconfig identity, so MCP can only see what kubectl can see for that user. Secret .data/.stringData are never exposed (key names only); env var values and pod logs are scrubbed for known secret patterns. With in-cluster no-auth deployment every MCP caller shares the pod ServiceAccount's view — only deploy this way behind a trusted boundary.

Radar + Claude Desktop FAQ

Where is the Claude Desktop config file?

Claude Desktop reads MCP servers from ~/Library/Application Support/Claude/claude_desktop_config.json. Paste the Radar config there under the "mcpServers" key and restart the client.

Is Radar safe to use with Claude Desktop?

Read tools are strictly read-only (readOnlyHint); write tools are RBAC-enforced and annotated destructiveHint. Some are genuinely destructive — apply_resource force=true can take field ownership from Helm/Flux, manage_node drain evicts pods, and rollback/terminate overwrite or abort desired state. RBAC-aware: the local binary uses your kubeconfig identity, so MCP can only see what kubectl can see for that user. Secret .data/.stringData are never exposed (key names only); env var values and pod logs are scrubbed for known secret patterns. With in-cluster no-auth deployment every MCP caller shares the pod ServiceAccount's view — only deploy this way behind a trusted boundary.

What transport and endpoint does the MCP server use?

HTTP transport with JSON-RPC at http://localhost:9280/mcp. The port matches Radar's --port flag (default 9280). Clients configure it as an http/streamableHttp server pointing at that URL.

Do I need an API key or other auth?

No. For local use there is no auth — the MCP server uses your kubeconfig identity, so it can only see what kubectl can see for that user. Shared in-cluster deployments can add proxy or OIDC auth with per-user Kubernetes RBAC.

How do I connect Claude Code?

With Radar running, run: claude mcp add radar --transport http http://localhost:9280/mcp

View repo Full Radar page