kubectl
Execute kubectl commands or apply YAML configurations securely across Kubernetes clusters using the OCM MCP Server, enabling efficient cluster management and resource deployment.
Instructions
Securely run a kubectl command or apply YAML. Provide either 'command' or 'yaml'.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| cluster | No | The cluster name in a multi-cluster environment. Defaults to the hub cluster. | default |
| command | Yes | The full kubectl command to execute. Must start with 'kubectl'. | |
| yaml | Yes | YAML configuration to apply, provided as a string. |
Implementation Reference
- src/tools/kubectl.ts:34-86 (handler)Main execution logic for the kubectl tool: validates inputs, handles command execution or YAML apply using child_process.exec, integrates kubeconfig for clusters, returns structured CallToolResult.export async function kubectl({ command, cluster, yaml, }: { command?: string; yaml?: string; cluster?: string; }): Promise<CallToolResult> { try { if (!command && !yaml) { throw new Error("Either 'command' or 'yaml' must be provided."); } if (command && yaml) { throw new Error("Provide only one of 'command' or 'yaml', not both."); } const kubeConfigFile = await getKubeconfigFile(cluster); let stdout = ""; let stderr = ""; if (command) { if (typeof command !== "string" || !isValidKubectlCommand(command)) { throw new Error("Invalid command: Only 'kubectl' commands are allowed."); } const finalCommand = kubeConfigFile ? `${command} --kubeconfig=${kubeConfigFile}` : command; const result = await execPromise(finalCommand); stdout = result.stdout; stderr = result.stderr; } else if (yaml) { stdout = await applyYaml(yaml, kubeConfigFile) } return { content: [{ type: "text", text: stdout?.trim() || stderr?.trim() || "Run kubectl successfully, but no output returned.", }], }; } catch (err: any) { return { content: [{ type: "text", text: `Error running kubectl: ${err.message || String(err)}`, }], }; } }
- src/tools/kubectl.ts:20-32 (schema)Zod schema definitions (kubectlArgs) and description (kubectlDesc) for input validation of the kubectl tool.export const kubectlDesc = "Securely run a kubectl command or apply YAML. Provide either 'command' or 'yaml'."; export const kubectlArgs = { command: z .string() .describe("The full kubectl command to execute. Must start with 'kubectl'."), yaml: z .string() .describe("YAML configuration to apply, provided as a string."), cluster: z .string() .describe("The cluster name in a multi-cluster environment. Defaults to the hub cluster.") .default("default"), };
- src/index.ts:37-42 (registration)Registration of the 'kubectl' tool on the MCP server using McpServer.tool(), linking to handler, schema, and description.server.tool( "kubectl", kubectlDesc, kubectlArgs, async (args, extra) => kubectl(args) // ensure connectCluster matches (args, extra) => ... )
- src/tools/kubectl.ts:103-123 (helper)Helper to retrieve or connect and setup kubeconfig file for a specific cluster, used in the handler.export async function getKubeconfigFile(cluster?: string): Promise<string | undefined> { const targetCluster = cluster && cluster !== "default" ? cluster : undefined; let kubeConfigFile: string | undefined; if (targetCluster) { kubeConfigFile = getKubeconfigPath(targetCluster); if (!validateKubeConfig(kubeConfigFile)) { const connectResult = await connectCluster({ cluster: targetCluster }); if (!connectResult || connectResult.isError) { throw new Error( `Failed to connect to cluster '${cluster}': ${connectResult?.error || "KUBECONFIG file does not exist." }` ); } } } return kubeConfigFile }
- src/tools/kubectl.ts:11-14 (helper)Validation helper to ensure commands start with 'kubectl '.// Validate that the command starts with "kubectl" export function isValidKubectlCommand(command: string): boolean { return command.trim().startsWith("kubectl "); }