# Traefik Hub MCP

> Traefik Hub MCP provides advanced API management and gateway control for cloud-native environments running on Kubernetes. It lets your agent monitor traffic latency, list all internal APIs, check service health across agents, and enforce access limits by managing subscriptions directly through the Traefik SaaS platform.

## Overview
- **Category:** ship-it
- **Price:** Free
- **Tags:** api-management, kubernetes, ingress-proxy, traffic-monitoring, gateway, observability

## Description

Managing API routes in a large Kubernetes cluster is complicated. You need to know which services are live, what they cost in terms of traffic, and who actually has permission to talk to them—all without running manual YAML updates. This MCP lets you govern that entire layer of infrastructure through your AI client. Instead of wrestling with complex configuration files, you simply ask for the data or action you need. For example, you can check if a specific agent is healthy or see exactly which APIs are published across all your namespaces. Because this connectivity lives on Vinkius, you connect once from any MCP-compatible client and get access to these deep infrastructure controls alongside thousands of other services.

## Tools

### traefik_approve_subscription
Manually accepts a bridging logic token, which grants the user access permission through the API gateway.

### traefik_get_agent_health
Tests if an ingress hub is operational by checking its live status probes across the cluster.

### traefik_get_api_metrics
Collects structured reports showing API latencies and detailed error traces for performance review.

### traefik_list_active_agents
Finds all running Traefik Ingress deployment pods that are currently mapped onto the service hub.

### traefik_list_apis
Lists every published internal and external HTTP API route managed across the gateway.

### traefik_list_subscriptions
Maps all tracked outside identities that are attempting to access resources via proxy portals.

### traefik_list_workspaces
Enumerate the different logical scopes or namespaces used within the Traefik Hub.

### traefik_revoke_subscription
Immediately and completely disables an active API consumer token, blocking all access.

## Prompt Examples

**Prompt:** 
```
Scan explicitly active logic bounds listing all deployed Kubernetes Traefik Agents across our namespace hubs completely.
```

**Response:** 
```
Processing trace limits targeting agents natively (`list_active_agents`). Hub mapped boundaries extracting safely explicitly online cluster instances running optimally effectively isolating 3 pods successfully.
```

**Prompt:** 
```
Deny active third party application logic limits explicitly mapping the execution onto subscription ID 'uuid-abc-123' natively.
```

**Response:** 
```
Triggering restriction execution limits targeting identity explicitly naturally via `revoke_subscription`. Traefik Gateway SaaS successfully completely suspended logical mapping isolating external connections efficiently natively.
```

**Prompt:** 
```
Dump explicit gateway latencies bounding logic usage limits across the deployed API instance mapping.
```

**Response:** 
```
Routing exact native query limitations securely onto `get_api_metrics`. Execution trace exposed logical distribution bounds verifying active successful requests gracefully isolating error clusters naturally.
```

## Capabilities

### Monitor API performance
Review structured data that aggregates error counts and precise latencies for all incoming API calls.

### Check service status
Run diagnostics to evaluate the operational health of every ingress agent deployed across your cluster hubs.

### Govern access permissions
Approve or block external user tokens and subscriptions, immediately severing unwanted traffic flow.

### Map infrastructure scope
List all active service scopes, internal APIs, and deployed agents to understand the full architecture.

## Use Cases

### Debugging a sudden traffic spike
A user notices high error rates. They ask their agent to run `traefik_get_api_metrics` and instantly get structured telemetries showing which specific API route is failing and why, instead of sifting through raw logs.

### Onboarding a new service
A team needs to expose a new microservice. They use `traefik_list_apis` to confirm the naming conventions and then work with their manager to approve access using `traefik_approve_subscription`, keeping governance centralized.

### Handling departed users
A contractor leaves the company. The Platform Admin uses `traefik_revoke_subscription` immediately, ensuring zero chance of unauthorized API calls while they are still connected to the network.

### Scaling a cluster audit
Before a major deployment, an operator runs `traefik_list_active_agents` and `traefik_get_agent_health`. This confirms that every single Kubernetes agent is online and ready to handle the increased load.

## Benefits

- Real-time performance checks: Stop guessing about service health. Running `traefik_get_api_metrics` gives you detailed error traces and latency reports, telling you exactly where the bottleneck is.
- Immediate access control: If a third party misbehaves, don't wait for manual intervention. Use `traefik_revoke_subscription` to instantly cut off their API token and restore security.
- Full visibility into scope: You can use `traefik_list_workspaces` or `traefik_list_apis` to map out every single service endpoint, making it easy for new team members to understand the entire architecture.
- Operational verification: Never question if your deployment is fully up. Run `traefik_get_agent_health` to check all ingress agents across the cluster and confirm they are running optimally.
- Streamlined discovery: Instead of checking multiple dashboards, use `traefik_list_active_agents` to get a single list of every deployed pod mapped to the hub, saving hours of manual investigation.

## How It Works

The bottom line is that you gain immediate visibility into complex routing decisions without needing to manually interact with Kubernetes resource definitions.

1. First, your agent obtains necessary credentials by fetching your Platform Tokens directly from the Hub configuration.
2. Next, it safely orchestrates API traffic flow against the SaaS endpoints, evaluating the current logic bounds of your network.
3. Finally, you get back comprehensive telemetry reports detailing latencies and service health matrices for auditing.

## Frequently Asked Questions

**How does traefik_get_api_metrics work?**
This tool gathers structured data on API performance. It reports specific metrics like error counts and latency measurements, allowing you to pinpoint exactly where traffic is slow or failing.

**What can I use traefik_list_workspaces for?**
You use this tool to see all the distinct logical scopes defined in your Traefik Hub. It helps map out the different operational areas and namespaces running within the platform.

**Is traefik_get_agent_health better than checking Kubernetes status?**
Yes, because it evaluates the agent's *operational* health specifically for ingress traffic. It goes beyond just confirming the pod is running and checks if it’s actually ready to route traffic.

**Can I use traefik_revoke_subscription to block a user?**
Absolutely. This tool immediately revokes a consumer token, effectively banning an external identity from accessing your APIs through the gateway.