Installing AKS MCP Server from VSCode Extensions has Invalid Docker Run Arguments in VSCode mcp.json Configย #1702
Description
Installing AKS MCP Server from VSCode Extensions has Invalid Docker Run Arguments in VSCode mcp.json Config.
Issues
There are two high level issues being discussed here:
- Duplicated
run -i --rmarguments in themcp.jsonthat comes with the AKS MCP Server installed from VSCode Extensions. - Unrecognized
-eargument in themcp.jsonthat comes with the AKS MCP Server installed from VSCode Extensions, which is a parameter that theaks-mcpexecutable does not recognize.
Environment Details
I am running Ubuntu 24.04 LTS natively on my machine (not through WSL, but directly on the machine).
johnsonshi@js-laptop-01 ~ $ cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04.3 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debianI am running this version of VSCode, which is from the latest stable Ubuntu 24.04 Noble deb package in https://packages.microsoft.com/repos/code stable InRelease
johnsonshi@js-laptop-01 ~ $ code --version
1.105.1
7d842fb85a0275a4a8e4d7e040d2625abbf7f084
x64Docker Desktop is running fine on my Ubuntu 24.04 computer and is running fine (can perform docker pull, docker run, and a bunch of other docker commands).
Steps to Reproduce Issue 1 - Duplicated Arguments
Open VSCode and go to the VSCode Extensions pane to search for the AKS MCP Server, which is installable as a VSCode Extension. Hit install.
After install, open up the user's mcp.json file by selecting Ctrl/Cmd + Shift + P and entering > MCP: Open User Configuration, then hit enter.
Inspect the mcp.json. You will see that there are is a flag run -i --rm that is duplicated twice:
"azure/aks-mcp": {
"type": "stdio",
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"run",
"-i",
"--rm",
"ghcr.io/azure/aks-mcp:latest",
"-e",
"AZURE_TENANT_ID",
"-e",
"AZURE_CLIENT_ID",
"-e",
"AZURE_CLIENT_SECRET",
"-e",
"AZURE_FEDERATED_TOKEN_FILE",
"-e",
"AZURE_SUBSCRIPTION_ID",
"-e",
"AZURE_MANAGED_IDENTITY",
"ghcr.io/azure/aks-mcp:latest",
"--transport",
"stdio"
],
"env": {
"AZURE_TENANT_ID": "${input:azure_tenant_id}",
"AZURE_CLIENT_ID": "${input:azure_client_id}",
"AZURE_CLIENT_SECRET": "${input:azure_client_secret}",
"AZURE_FEDERATED_TOKEN_FILE": "${input:azure_federated_token_file}",
"AZURE_SUBSCRIPTION_ID": "${input:azure_subscription_id}",
"AZURE_MANAGED_IDENTITY": "${input:azure_managed_identity}"
},
"gallery": "https://api.mcp.github.com/2025-09-15/v0/servers/52720d16-d942-4f99-8599-3af03cb1b4a0",
"version": "1.0.0"
}See the corresponding screenshot:
When the MCP Server is started, there will be an error due to the duplicated flag:
When I remove the duplicated run -i --rm flag, the AKS MCP server starts pulling the image:
"azure/aks-mcp": {
"type": "stdio",
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"ghcr.io/azure/aks-mcp:latest",
"-e",
"AZURE_TENANT_ID",
"-e",
"AZURE_CLIENT_ID",
"-e",
"AZURE_CLIENT_SECRET",
"-e",
"AZURE_FEDERATED_TOKEN_FILE",
"-e",
"AZURE_SUBSCRIPTION_ID",
"-e",
"AZURE_MANAGED_IDENTITY",
"ghcr.io/azure/aks-mcp:latest",
"--transport",
"stdio"
],
"env": {
"AZURE_TENANT_ID": "${input:azure_tenant_id}",
"AZURE_CLIENT_ID": "${input:azure_client_id}",
"AZURE_CLIENT_SECRET": "${input:azure_client_secret}",
"AZURE_FEDERATED_TOKEN_FILE": "${input:azure_federated_token_file}",
"AZURE_SUBSCRIPTION_ID": "${input:azure_subscription_id}",
"AZURE_MANAGED_IDENTITY": "${input:azure_managed_identity}"
},
"gallery": "https://api.mcp.github.com/2025-09-15/v0/servers/52720d16-d942-4f99-8599-3af03cb1b4a0",
"version": "1.0.0"
}
Steps to Reproduce Issue 2 - Invalid Argument
After the AKS MCP Server starts up and invokes the docker ... command, it will begin pulling images, after which it will run the ghcr.io/azure/aks-mcp:latest image and pass in the arguments and run the MCP server.
However, the -e flag that comes packaged with the mcp.json configuration in the AKS MCP Server VSCode Extension is not recognized:
2025-10-29 16:09:37.543 [warning] [server stderr] Digest: sha256:30dc011296e6f8ccc3969d305fd709a6553f4022b04cda656e44651489a96be8
2025-10-29 16:09:37.545 [warning] [server stderr] Status: Downloaded newer image for ghcr.io/azure/aks-mcp:latest
2025-10-29 16:09:39.469 [warning] [server stderr] Usage of /usr/local/bin/aks-mcp:
2025-10-29 16:09:39.469 [warning] [server stderr] --access-level string Access level (readonly, readwrite, admin) (default "readonly")
2025-10-29 16:09:39.470 [warning] [server stderr] --additional-tools string Comma-separated list of additional Kubernetes tools to support (kubectl is always enabled). Available: helm,cilium,hubble
2025-10-29 16:09:39.471 [warning] [server stderr] --allow-namespaces string Comma-separated list of allowed Kubernetes namespaces (empty means all namespaces)
2025-10-29 16:09:39.471 [warning] [server stderr] -h, --help Show help message
2025-10-29 16:09:39.472 [warning] [server stderr] --host string Host to listen for the server (only used with transport sse or streamable-http) (default "127.0.0.1")
2025-10-29 16:09:39.473 [warning] [server stderr] --log-level string Log level (debug, info, warn, error) (default "info")
2025-10-29 16:09:39.474 [warning] [server stderr] --oauth-client-id string Azure AD client ID for OAuth (fallback to AZURE_CLIENT_ID env var)
2025-10-29 16:09:39.474 [warning] [server stderr] --oauth-cors-origins string Comma-separated list of allowed CORS origins for OAuth endpoints (e.g. http://localhost:6274). If empty, no cross-origin requests are allowed for security
2025-10-29 16:09:39.474 [warning] [server stderr] --oauth-enabled Enable OAuth authentication
2025-10-29 16:09:39.475 [warning] [server stderr] --oauth-redirects string Comma-separated list of additional OAuth redirect URIs (e.g. http://localhost:8000/oauth/callback,http://localhost:6274/oauth/callback)
2025-10-29 16:09:39.475 [warning] [server stderr] --oauth-tenant-id string Azure AD tenant ID for OAuth (fallback to AZURE_TENANT_ID env var)
2025-10-29 16:09:39.475 [warning] [server stderr] --otlp-endpoint string OTLP endpoint for OpenTelemetry traces (e.g. localhost:4317)
2025-10-29 16:09:39.476 [warning] [server stderr] --port int Port to listen for the server (only used with transport sse or streamable-http) (default 8000)
2025-10-29 16:09:39.476 [warning] [server stderr] --timeout int Timeout for command execution in seconds, default is 600s (default 600)
2025-10-29 16:09:39.477 [warning] [server stderr] --transport string Transport mechanism to use (stdio, sse or streamable-http) (default "stdio")
2025-10-29 16:09:39.477 [warning] [server stderr] --version Show version information and exit
2025-10-29 16:09:39.477 [warning] [server stderr] unknown shorthand flag: 'e' in -e
2025-10-29 16:09:39.693 [info] Connection state: Error Process exited with code 2
Notes
When I uninstall the AKS MCP Server (via the VSCode Extension) and reinstall (via the VSCode Extension as well), the invalid flags are back. As such, this rules out the possibility that invalid flags are caused by my local VSCode editor cache or something like that. The invalid flags are definitely being populated during the VSCode Extension install.