MCP Servers

MCP (Model Context Protocol) Servers provide external integrations and capabilities for agents through a standardized protocol. They enable agents to interact with external systems, APIs, and services in a consistent way.

MCP Servers act as bridges between agents and external systems, providing tools and resources that agents can use during their execution. They follow the Model Context Protocol specification for consistent integration.

Example YAML


apiVersion: ark.mckinsey.com/v1alpha1
kind: MCPServer
metadata:
  name: github-mcp
  namespace: default
spec:
  address:
    valueFrom:
      serviceRef:
        name: github-mcp-server
        namespace: default
        port: http
        path: mcp
  transport: http
  description: "GitHub repository operations via MCP protocol"

Usage with Agents

MCP servers are accessed through Tool resources, which agents then reference:

MCPServer → Tool → Agent


# Agent references MCP tools
apiVersion: ark.mckinsey.com/v1alpha1
kind: Agent
metadata:
  name: github-agent
spec:
  prompt: You are a GitHub assistant with access to repository operations.
  modelRef:
    name: gpt-4-model
  tools:
    - type: mcp
      name: github-get-repo  # References Tool that connects to MCP server

See Tools for creating Tool resources that connect to MCP servers.

OAuth-Protected Servers

Remote MCP servers that require OAuth (e.g. https://mcp.notion.com/mcp, GitHub Copilot MCP) respond to unauthenticated requests with HTTP 401 and a WWW-Authenticate: Bearer challenge per RFC 9728 and the MCP 2025-06-18 authorization spec .

When Ark detects this, it performs OAuth metadata discovery and populates status.authorization:


kubectl get mcpserver notion -o yaml


status:
  authorization:
    state: Required                    # Required | DiscoveryFailed
    resource: https://mcp.notion.com/mcp
    resourceName: Notion MCP (Beta)
    authorizationServers: [https://mcp.notion.com]
    authorizationEndpoint: https://mcp.notion.com/authorize
    tokenEndpoint: https://mcp.notion.com/token
    registrationEndpoint: https://mcp.notion.com/register
    grantTypesSupported: [authorization_code, refresh_token]
  conditions:
  - type: Available
    status: "False"
    reason: AuthorizationRequired
    message: "OAuth authorization required for Notion MCP (Beta)..."

kubectl get mcpservers shows the state in the AUTH column:


NAME     AVAILABLE   TOOLS   AUTH
notion   False               Required
github   False               Required
shell    True        1

`state` value	Meaning
(empty)	Server does not require OAuth.
`Required`	Server returned 401 and metadata discovery succeeded. Ready for an authorize flow.
`DiscoveryFailed`	Server returned 401 but no usable RFC 9728 metadata was found. Dashboard/CLI cannot drive an OAuth flow against this server.

The end-to-end OAuth flow (dynamic client registration, PKCE, token exchange, dashboard “Authorize” button, fark mcp auth CLI) ships in follow-up changes. This phase surfaces the state on the CRD so downstream consumers have a stable contract to act on.

Key Features

Standardized Model Context Protocol implementation
HTTP and stdio transport support
Service reference integration with Kubernetes
Secure credential management
Tool and resource discovery
OAuth authorization state detection (RFC 9728)

Sample Resources

See the samples/mcp directory for additional examples including:

GitHub MCP server integration
Local MCP server setup
External MCP server configuration
MCP server with authentication

Next: Learn about Tools for creating custom agent capabilities.