Cert Manager MCP Server

The cert‑manager MCP server bridges the gap between AI assistants and Kubernetes environments that rely on cert‑manager for TLS certificate lifecycle management. By exposing a suite of high‑level tools, it allows an assistant such as Claude to query, inspect, and manipulate certificates, issuers, and cluster contexts without requiring direct command‑line access or manual kubectl sessions. This capability is especially valuable for teams that want to automate compliance checks, certificate renewal workflows, or cluster diagnostics through conversational interfaces.

At its core, the server provides tools that map directly to common cert‑manager operations. list_certificates returns a paginated view of certificates, optionally filtering by expiration or including domain names to give a quick health snapshot. get_certificate offers detailed status and configuration for any specific certificate, while renew_certificate triggers a manual renewal—useful when automatic renewals fail or need to be expedited. Issuer management is covered by list_issuers, which enumerates both namespaced and cluster‑wide issuers, presenting their current status and configuration for audit or troubleshooting.

Beyond certificate handling, the server includes Kubernetes context management tools: list_namespaces, list_contexts, get_current_context, and switch_context. These allow an assistant to pivot between different clusters or namespaces on the fly, enabling multi‑cluster support and context‑aware queries. Because the switch operation updates only in‑memory configuration, it is safe for transient sessions and does not alter the user’s persistent kubeconfig.

In practice, developers can embed this MCP server into a workflow where an AI assistant answers questions like “Which certificates are about to expire in the production namespace?” or “Show me all issuers that have failed health checks.” The assistant can then execute the relevant tool, parse the JSON response, and present a concise summary. For operations teams, this translates to faster incident response times, automated renewal pipelines, and a single conversational entry point for certificate governance across complex Kubernetes deployments.

What sets this server apart is its tight integration with the cert‑manager ecosystem and its lightweight Docker deployment, which abstracts away kubeconfig management while still exposing all necessary context switches. It delivers a focused, read‑write API that respects the idempotent nature of certificate operations, making it a reliable companion for AI‑driven DevOps and security automation.