6.6 KiB
Claude MCP Demo Scenarios
This repository contains demo scenarios showcasing Claude's operational capabilities with OpenShift through MCP (Model Context Protocol) integration.
Demo Scenarios
1. Cluster Health Check & Diagnostics
Scenario: "Claude, can you check if my cluster is healthy?"
What Claude Does:
- Lists nodes and checks their status
- Examines critical workloads (control plane, operators)
- Reviews recent events for errors or warnings
- Checks resource consumption (CPU, memory) via metrics server
- Identifies pods in CrashLoopBackOff or other problematic states
- Provides a structured health summary with actionable insights
Key Value: Comprehensive cluster assessment in seconds vs. manual kubectl/oc commands across multiple resources.
2. Security Review & Hardening
Scenario: "Review the security posture of my Calibre deployment and help me lock it down."
What Claude Does:
- Examines pod security context and SCC assignments
- Identifies overly permissive configurations (privileged, anyuid, root user)
- Proposes custom SCCs with minimum viable privileges
- Guides through incremental security hardening
- Documents failure modes and appropriate fixes
- Creates declarative GitOps manifests for security policies
Key Value: Expert security review without needing deep SCC knowledge. Learns the boundaries through experimentation.
Real Example: Successfully hardened Calibre from anyuid to restricted-s6 SCC, discovering s6-overlay compatibility issues and documenting workarounds.
3. Agentic Problem Solving
Scenario: User mentions NFS performance concerns in passing.
What Claude Does (without being asked):
- Creates a test pod with appropriate tools
- Mounts the NFS volume
- Runs performance benchmarks (dd, fio)
- Analyzes results and compares to expected performance
- Cleans up test resources
- Reports findings with context
Key Value: Proactive investigation and validation. Claude doesn't wait for explicit instructions—it understands the implied need and takes action.
4. Subtle Error Detection
Scenario: "Claude, I removed the SCC from the service account and added the new one, but the pod is still using the old SCC. What did I miss?"
What Claude Does:
- Retrieves actual pod spec to see what SA it's using
- Compares to the SA name in the user's command
- Spots the typo:
peantuflix-savspeanutflix-sa - Identifies the root cause immediately
Key Value: Catches typos, wrong namespaces, label selector errors, and other "stupid mistakes" that eat 30+ minutes of senior engineer time. Machines don't autocorrect what humans read.
Other Examples:
- Off-by-one errors in array indices
- Copy-paste artifacts (wrong resource names)
- Namespace mismatches
- Label selectors that silently match nothing
5. Multi-Tool Orchestration
Scenario: "Find all applications using the old Gitea URL and help me migrate them."
What Claude Does:
- Uses ArgoCD MCP to list all applications
- Uses OCP MCP to examine each app's manifests
- Uses Gitea MCP to search repo contents for the old URL
- Proposes a migration plan with git operations
- Can execute the migration if approved
Key Value: Coordinates across multiple systems (ArgoCD, Kubernetes, Git) in a single workflow. Human would need to context-switch between tools.
6. GitOps Workflow Automation
Scenario: "Create a custom SCC for GPU workloads and apply it through GitOps."
What Claude Does:
- Analyzes requirements (hostPath for /dev/dri, but no privilege escalation)
- Creates SCC manifest with appropriate constraints
- Generates ClusterRoleBinding for service account
- Commits both to the okd-platform repo
- ArgoCD picks up changes and applies them
- Validates the pod starts with correct SCC
Key Value: Full GitOps workflow from requirements to validation. Everything is declarative and version-controlled.
7. Root Cause Analysis
Scenario: "My pod won't start. Help me debug it."
What Claude Does:
- Retrieves pod status and events
- Identifies SCC admission errors
- Examines the deployment manifest
- Traces through which SCCs are available to the service account
- Finds the specific constraint violation
- Proposes the minimal fix (not just "use privileged")
Key Value: Systematic debugging following the admission chain. Explains why something failed, not just what failed.
Real Example: Diagnosed that Plex required allowPrivilegeEscalation: true due to s6-overlay's setuid behavior, despite already having hostPath access working.
8. Documentation & Knowledge Capture
Scenario: Throughout any complex task.
What Claude Does:
- Suggests creating documentation as issues are discovered
- Proposes README updates with workarounds
- Generates example manifests with inline comments
- Creates decision records (why we chose X over Y)
- Documents failure modes for future reference
Key Value: Operational knowledge is captured in git, not lost in someone's head. Future engineers (or future-you) benefit.
Demo Structure
Each scenario should demonstrate:
- Natural language input - No YAML required from the user
- Autonomous tool use - Claude picks the right tools
- Iterative problem solving - When Plan A fails, try Plan B
- GitOps-first approach - Everything through version control
- Explanation of reasoning - Not just "do this," but "here's why"
Technical Foundation
MCP Servers Used:
openshift-mcp-server- Kubernetes/OpenShift API operationsgitea-mcp-server- Git repository operationsargocd-mcp-server- ArgoCD application managementminio-mcp-server- Object storage operations
Key Capabilities:
- Direct API access (no kubectl wrapper scripts)
- Multi-step workflows with validation
- Failure recovery and alternative approaches
- Context retention across long conversations
- Integration with existing GitOps workflows
Notes for Demo Day
- Start simple: Cluster health check is impressive but approachable
- Build complexity: Show multi-tool orchestration after basics
- Highlight autonomy: The agentic scenarios (NFS testing) are most impressive
- Show failure handling: Claude debugging its own mistakes is powerful
- Emphasize GitOps: Everything is declarative and auditable
Future Scenarios to Develop
- Disaster recovery: "My cluster is down, help me restore from backup"
- Capacity planning: "Will my cluster handle 10x traffic?"
- Security audit: "Find all workloads running as root"
- Cost optimization: "Which pods are using the most resources?"
- Compliance checking: "Do all our apps meet PSS restricted standards?"