Managed Control Platform (MCP) is a Kubernetes governance and assurance platform.
This starter monorepo contains:
control-plane: central service that tracks clusters and certification resultsagent: cluster-side service that performs validations and policy checksweb: demo frontend for platform overview and certification status
The repo now supports two agent modes:
demo: seeded in-memory clusters for presentation and local UI worklive: real cluster inventory collected fromkubectl
The live mode reads actual cluster state such as nodes, storage classes, PVCs, pods, and VolumeSnapshots when available. The resulting certification report is therefore based on real inventory, but the checks are still heuristic inventory checks rather than destructive runtime fault-injection tests.
The control plane now supports a more realistic cluster registration path:
- agents discover cluster inventory locally
- agents send heartbeat registrations to the control plane
- the control plane persists discovered clusters and certification reports in Postgres
If DATABASE_URL is not set, the control plane falls back to the in-memory store.
go run ./control-plane/cmd/server
go run ./agent/cmd/agentcd web
npm run devThe demo surfaces three seeded clusters:
prod-bank-1: healthy and fully certifieduat-bank-1: mixed posture with warning-level findingsdev-bank-1: intentionally noisy baseline for demo contrast
Open http://localhost:5173 and run certification against any cluster to generate a report.
If kubectl is installed and your kube context is configured, you can expose a real cluster in the UI alongside the demo clusters.
$env:AGENT_ENABLE_LIVE_CLUSTER="true"
$env:AGENT_CLUSTER_ID="live-cluster"
$env:AGENT_CLUSTER_ENVIRONMENT="LAB"
$env:AGENT_APPROVED_NAMESPACES="regulated-payments,regulated-identity,regulated-ops"
go run .\agent\cmd\agentOptional:
- set
KUBECONFIGif you want a non-default kubeconfig path - set
KUBECTL_BINifkubectlis not onPATH - set
AGENT_KUBECTL_TIMEOUTsuch as20s
$env:LIVE_CLUSTER_ID="live-cluster"
$env:LIVE_CLUSTER_ENVIRONMENT="LAB"
go run .\control-plane\cmd\servercd web
npm run devThen open http://localhost:5173, choose live-cluster, and run certification.
curl "http://localhost:8081/api/v1/inventory?clusterId=live-cluster"
curl -Method POST "http://localhost:8081/api/v1/certify" -Body '{"clusterId":"live-cluster"}' -ContentType "application/json"The compose stack now includes:
postgres: persistence for registered clusters and certification reportscontrol-plane: API and persistence layeragent: cluster inventory and heartbeat senderweb: UI
Start the stack with live discovery enabled:
cd d:\go-workspace\src\github.com\mcp-platform
$env:AGENT_ENABLE_LIVE_CLUSTER="true"
docker compose up --buildImportant environment variables:
DATABASE_URL: Postgres connection string for the control planeCONTROL_PLANE_BASE_URL: where the agent sends heartbeat registrationsAGENT_HEARTBEAT_INTERVAL: how often the agent re-registersCONTROL_PLANE_SEED_DEMO_CLUSTERS: keep demo clusters enabled or disable them for live-only mode
For easy installs, the repo now includes single-file Kubernetes deployment bundles:
- deploy/releases/all-in-one.yaml
- deploy/releases/v0.2.0/mcp-agent.yaml
- deploy/releases/latest/mcp-agent.yaml
Apply one file directly:
kubectl apply -f deploy/releases/v0.2.0/mcp-agent.yamlTo regenerate release bundles from the source manifests:
.\scripts\build-release-manifest.ps1 -Version v0.2.0To seed a cluster with realistic namespaces, PVCs, and workloads for MCP to inspect:
kubectl apply -f deploy/samples/cluster-demo/all-in-one.yamlThis sample creates:
regulated-paymentswith a PVC-backed 2-replica appregulated-identitywith a PVC-backed appfintech-labwith a PVC-backed sandbox app
Files:
- deploy/samples/cluster-demo/all-in-one.yaml
- deploy/samples/cluster-demo/README.md