Add K8s client connectivity guide

[danbarr]

Description

Adds a guide detailing options for connecting clients to MCP servers running in Kubernetes:

• External clients via Ingress
• External clients via Gateway API
• Clients within the same cluster

Related issues/PRs

Closes #307

Merge checklist

Content

• New pages include a frontmatter section with title and description at a minimum
• Sidebar navigation (sidebars.ts) updated for added, deleted, reordered, or renamed files
• (N/A) Redirects added to vercel.json for moved, renamed, or deleted pages (i.e., if the URL slug changed)

Reviews

• Content has been reviewed for technical accuracy
• Content has been reviewed for spelling, grammar, and style

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
docs-website	Ready	Preview	Comment	Dec 3, 2025 10:33pm

[Copilot]

Pull Request Overview

This PR adds a comprehensive guide for connecting clients to MCP servers running in Kubernetes, covering both external connectivity via Ingress/Gateway API and internal cluster connectivity. The guide helps users expose MCP servers securely and establish proper connection patterns for different scenarios.

• Adds detailed documentation on connecting external and internal clients to Kubernetes-hosted MCP servers
• Provides practical examples for Ingress, Gateway API, and in-cluster service discovery patterns
• Includes extensive troubleshooting section covering common connectivity issues

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
docs/toolhive/guides-k8s/connect-clients.mdx	New comprehensive guide explaining client connectivity options for MCP servers in Kubernetes, including external access via Ingress/Gateway API and internal cluster access patterns
sidebars.ts	Adds the new connect-clients guide to the Kubernetes guides section in the appropriate position between run-mcp-k8s and remote-mcp-proxy
docs/toolhive/guides-k8s/intro.mdx	Adds reference to the new connectivity guide explaining how to expose MCP servers and connect clients
docs/toolhive/guides-k8s/run-mcp-k8s.mdx	Updates "Next steps" section to reference the new connectivity guide with more detailed context about connection options
docs/toolhive/tutorials/k8s-ingress-ngrok.mdx	Adds tip box referencing the new general connectivity guide for broader context beyond the ngrok-specific tutorial

[danbarr]

Setting to draft for now while I validate auth interoperability (esp. with rewrites)

[jhrozek]

Thanks for this comprehensive guide! I have a few questions about some details.

[jhrozek]

Question about Gateway API version: The latest Gateway API version is v1.4.1, but line 88 references v1.3.0. Is that intentional for compatibility reasons, or should we update to the latest version?

[danbarr]

Question about Gateway API version: The latest Gateway API version is v1.4.1, but line 88 references v1.3.0. Is that intentional for compatibility reasons, or should we update to the latest version?

That was copied from ngrok's operator install docs. I'm inclined to leave it in the tutorial for now since they still reference that version.

Eventually I want to explore some Renovate customization to look into the docs and potentially identify/bump versioned references like these.

[jhrozek]

Documentation Verification Complete

I tested the documentation in a live Kubernetes cluster with the ToolHive operator and ngrok Gateway API. All test scenarios passed.

Test Environment

• Kubernetes cluster with ToolHive operator
• ngrok Gateway API controller
• MCP servers: fetch, osv, mkp (with OAuth)
• Okta as OIDC provider

Tests Performed

Gateway API (External Connectivity)

• Host-based routing (single MCP server) - PASS
• Path-based routing with URL rewrite (multiple MCP servers) - PASS
• Path-based routing with OAuth (.well-known endpoint discovery) - PASS

Internal Connectivity

• Service DNS resolution (same namespace - short name) - PASS
• Service DNS resolution (cross-namespace - full FQDN) - PASS
• Port-forward local testing - PASS

CLI/API Testing

• thv mcp list tools command - PASS
• curl JSON-RPC requests - PASS
• OAuth token authentication flow - PASS

Troubleshooting Commands

• kubectl get httproute status verification - PASS
• DNS resolution test from pod (nslookup) - PASS
• Connectivity test from pod (curl) - PASS

Notes

• All YAML examples are syntactically correct and work as documented
• The ngrok-specific replacePrefixMatch: '' behavior is correctly documented in the ngrok tutorial
• OAuth .well-known endpoint routing works correctly with path-based routing