mcp-kubernetes-server
Provides tools for managing Kubernetes clusters, including listing and inspecting resources (pods, deployments, services, namespaces, nodes, ingresses), streaming logs, scaling deployments, rolling restarts, applying YAML/JSON manifests, and safe deletion with multi-layer guards.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-kubernetes-serverlist pods in default namespace"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP Kubernetes Server
Enterprise-grade Model Context Protocol (MCP) server for Kubernetes operations built with FastMCP.
Designed for two primary deployment scenarios:
Local development: Application engineers using their own kubeconfig (with team RBAC roles)
AWS EKS production: Deployed as a pod with IRSA (IAM Roles for Service Accounts)
Features
Read Operations (always safe)
List/inspect pods, deployments, services, namespaces, nodes, ingresses
Stream pod logs with filtering (tail lines, since, previous instance)
View ConfigMap keys (values optional), Secret metadata (values never exposed)
List jobs, cronjobs, events (with warning filters)
Cluster health summary and version info
Write Operations (with dry-run support)
Scale deployments up/down (with 0-replica warning)
Rolling restart of deployments
Create namespaces and configmaps
Apply YAML/JSON manifests (server-side apply)
Validate manifests (dry-run only)
Rollback deployments to previous revisions
Destructive Operations (multi-layer guards)
Delete pods, deployments, services, configmaps, namespaces
Rollback deployments
Every destructive operation requires:
MCP_K8S_ALLOW_DESTRUCTIVE=true(global kill switch)Protected namespaces (kube-system etc.) are always blocked
Confirmation token:
confirm_namemust match resource name exactlyFull audit trail
Resources (LLM context)
k8s://cluster/info— cluster version, identity, node/namespace countsk8s://cluster/namespaces— all namespace namesk8s://cluster/nodes— all nodes with statusk8s://cluster/health— health summary (not-ready pods, warning events)
Guided Prompts
diagnose_pod— systematic pod troubleshooting workflowdiagnose_deployment— deployment health investigationpre_deployment_checklist— pre-flight checks before deployingcluster_health_report— comprehensive cluster health reportsafe_delete_workflow— guided safe deletion with impact assessment
Related MCP server: Multi Cluster Kubernetes MCP Server
Architecture
mcp-kubernetes-server/
├── src/mcp_kubernetes/
│ ├── server.py # FastMCP server + tool registration
│ ├── config.py # Pydantic settings (env vars)
│ ├── k8s_client.py # Kubernetes client manager
│ ├── audit.py # Structured audit logging
│ ├── utils.py # Shared utilities
│ ├── auth/
│ │ ├── base.py # AuthProvider interface
│ │ ├── local.py # Kubeconfig auth (local engineers)
│ │ ├── aws.py # AWS EKS IAM auth (pre-signed STS token)
│ │ └── factory.py # Auto-detect env and create provider
│ ├── tools/
│ │ ├── pods.py # Pod list/get/logs/exec
│ │ ├── deployments.py # Deployment list/get/scale/restart/history
│ │ ├── namespaces.py # Namespace list/create
│ │ ├── services.py # Service/Ingress list/get
│ │ ├── nodes.py # Node list/get/pod-list
│ │ ├── configmaps_secrets.py # ConfigMap/Secret operations
│ │ ├── events.py # Events/Jobs/CronJobs
│ │ ├── apply.py # Manifest apply/validate
│ │ └── destructive.py # Delete operations with guards
│ ├── resources/
│ │ └── cluster.py # k8s:// URI resources
│ ├── prompts/
│ │ └── diagnose.py # Guided workflow prompts
│ └── models/
│ └── responses.py # Pydantic response models
├── tests/ # Pytest test suite
├── deploy/k8s/ # Kubernetes manifests + IAM policies
├── Dockerfile # Multi-stage production image
└── docker-compose.yaml # Local developmentAuthentication
Local Mode (Application Engineers)
Uses the standard kubeconfig file. Supports all authentication mechanisms:
Client certificates
Bearer tokens
OIDC / SSO via exec plugins
AWS EKS via
aws eks get-tokenexec plugin in kubeconfig
# Uses ~/.kube/config with current-context
MCP_K8S_ENV=local
# Or specify a context
MCP_K8S_ENV=local
MCP_K8S_DEFAULT_CONTEXT=my-team-staging
# Custom kubeconfig path
KUBECONFIG=/path/to/my-kubeconfigAWS Mode (Deployed in AWS)
Generates EKS authentication tokens via pre-signed AWS STS requests.
When deployed as an EKS pod (IRSA):
MCP_K8S_ENV=aws
MCP_K8S_EKS_CLUSTER_NAME=my-production-cluster
AWS_DEFAULT_REGION=us-east-1
# AWS credentials come automatically from IRSA (no explicit config needed)When running locally against AWS EKS (assume engineer role):
MCP_K8S_ENV=aws
MCP_K8S_EKS_CLUSTER_NAME=my-production-cluster
AWS_DEFAULT_REGION=us-east-1
# Assume a specific IAM role before generating the token:
MCP_K8S_AWS_ROLE_ARN=arn:aws:iam::123456789012:role/ApplicationEngineer
MCP_K8S_AWS_ROLE_SESSION_DURATION=3600Multi-cluster (AWS):
MCP_K8S_CLUSTER_MAP={"prod":"eks-prod-01","staging":"eks-staging-01","dev":"eks-dev-01"}
MCP_K8S_DEFAULT_CLUSTER=stagingInstallation
Requirements
Python 3.11+
uv(recommended) orpip
Local Development
# Clone and set up
git clone https://github.com/sthitaprajnas/mcp-kubernetes-server.git
cd mcp-kubernetes-server
# Install with uv
uv venv && source .venv/bin/activate
uv pip install -e ".[dev]"
# Or with pip
pip install -e ".[dev]"
# Configure (copy and edit .env)
cp .env.example .envClaude Desktop Configuration
Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"kubernetes": {
"command": "mcp-kubernetes",
"env": {
"MCP_K8S_ENV": "local",
"MCP_K8S_ALLOW_DESTRUCTIVE": "true",
"MCP_K8S_REQUIRE_DESTRUCTIVE_CONFIRMATION": "true"
}
}
}
}For AWS EKS:
{
"mcpServers": {
"kubernetes": {
"command": "mcp-kubernetes",
"env": {
"MCP_K8S_ENV": "aws",
"MCP_K8S_EKS_CLUSTER_NAME": "my-cluster",
"AWS_DEFAULT_REGION": "us-east-1",
"MCP_K8S_AWS_ROLE_ARN": "arn:aws:iam::123456789012:role/ApplicationEngineer",
"MCP_K8S_ALLOW_DESTRUCTIVE": "true"
}
}
}
}Claude Code (VS Code Extension)
Add to .claude/mcp.json in your project:
{
"servers": {
"kubernetes": {
"type": "stdio",
"command": "mcp-kubernetes",
"env": {
"MCP_K8S_ENV": "local"
}
}
}
}SSE Transport (for web-based MCP clients)
MCP_K8S_TRANSPORT=sse MCP_K8S_PORT=8080 mcp-kubernetesDocker Usage
Local development with Docker Compose
# Copy and configure
cp .env.example .env
# Edit .env with your settings
# Run with your local kubeconfig
docker-compose up
# MCP server available at http://localhost:8080Building the image
docker build -t mcp-kubernetes-server:latest .Running in read-only mode
docker run -p 8080:8080 \
-v ~/.kube/config:/home/mcpuser/.kube/config:ro \
-e MCP_K8S_ALLOW_DESTRUCTIVE=false \
-e MCP_K8S_TRANSPORT=sse \
mcp-kubernetes-server:latestDeploying to AWS EKS
1. Create namespace and RBAC
kubectl apply -f deploy/k8s/rbac.yaml2. Create IAM role for IRSA
# Get your OIDC provider URL
OIDC=$(aws eks describe-cluster --name my-cluster \
--query 'cluster.identity.oidc.issuer' --output text | sed 's|https://||')
# Edit the trust policy
sed -i "s/ACCOUNT_ID/$(aws sts get-caller-identity --query Account --output text)/" \
deploy/k8s/iam-role-trust-policy.json
sed -i "s/REGION/$(aws configure get region)/" \
deploy/k8s/iam-role-trust-policy.json
sed -i "s|OIDC_PROVIDER_ID|${OIDC}|g" \
deploy/k8s/iam-role-trust-policy.json
# Create the role
aws iam create-role \
--role-name mcp-kubernetes-server-role \
--assume-role-policy-document file://deploy/k8s/iam-role-trust-policy.json
aws iam put-role-policy \
--role-name mcp-kubernetes-server-role \
--policy-name eks-access \
--policy-document file://deploy/k8s/iam-role-inline-policy.json3. Create ServiceAccount with IRSA annotation
# Update ACCOUNT_ID in serviceaccount.yaml
sed -i "s/ACCOUNT_ID/$(aws sts get-caller-identity --query Account --output text)/" \
deploy/k8s/serviceaccount.yaml
kubectl apply -f deploy/k8s/serviceaccount.yaml4. Grant the IAM role access in aws-auth (or EKS access entries)
# For aws-auth ConfigMap approach:
kubectl edit configmap aws-auth -n kube-system
# Add:
# - rolearn: arn:aws:iam::ACCOUNT_ID:role/mcp-kubernetes-server-role
# username: mcp-kubernetes-server
# groups:
# - mcp-server # Create a dedicated group with appropriate RBAC5. Deploy the server
# Update the image registry in deployment.yaml
kubectl apply -f deploy/k8s/deployment.yamlConfiguration Reference
Variable | Default | Description |
|
| Environment mode: |
|
| Transport: |
|
| SSE server bind address |
|
| SSE server port |
|
| Log level |
|
| Structured JSON logging |
| `` | Path to audit log file |
|
| Kubeconfig path (local mode) |
| `` | Default kubeconfig context |
|
| AWS region |
| `` | AWS credential profile |
| `` | EKS cluster name (AWS mode) |
| `` | IAM role ARN to assume |
|
| Assumed role duration (seconds) |
|
| Enable delete operations |
|
| Protected namespaces |
|
| Require name confirmation |
|
| Max resources deleteable at once |
|
| Global dry-run mode |
|
| Mask secret values in responses |
|
| API rate limit |
|
| K8s API timeout (seconds) |
|
| JSON map of alias→cluster name |
| `` | Default cluster alias |
Security Considerations
Secret Handling
Secret values are never returned by any tool. list_secrets and get_secret_metadata return only key names and metadata. This is hardcoded and cannot be configured away.
Destructive Operations
Three independent gates must all pass:
Global flag:
MCP_K8S_ALLOW_DESTRUCTIVE=trueNamespace protection: namespace not in
MCP_K8S_PROTECTED_NAMESPACESConfirmation token:
confirm_namemust equal the resource name exactly
For namespace deletion, the system namespaces (default, kube-system, kube-public, kube-node-lease) are always blocked regardless of configuration.
Read-Only Mode
Set MCP_K8S_ALLOW_DESTRUCTIVE=false for a completely read-only server suitable for monitoring/observability use cases.
Audit Logging
Every operation (read and write) is audit-logged with:
ISO 8601 UTC timestamp
Operation type (READ/WRITE/DELETE/EXEC/SCALE/AUTH)
Tool name, resource kind/name/namespace
Identity (IAM ARN or kubeconfig user)
Cluster name
Success/failure
Dry-run flag
Configure MCP_K8S_AUDIT_LOG_FILE=/var/log/mcp-k8s-audit.json for persistent audit logs.
Network Security
When using SSE transport in production:
Deploy behind an API gateway or reverse proxy with mTLS
Use Kubernetes NetworkPolicy to restrict pod-to-pod access
Consider deploying as a sidecar to the Claude client
Development
# Run tests
pytest
# Run tests with coverage
pytest --cov=mcp_kubernetes --cov-report=html
# Lint
ruff check src/ tests/
# Type check
mypy src/Comparison to mcp-server-kubernetes
Inspired by Flux159/mcp-server-kubernetes.
Feature | This Server | Flux159 |
Language | Python (FastMCP) | TypeScript (Bun) |
AWS EKS auth | Native IRSA + role assumption | Via kubeconfig exec plugin |
Auto env detection | Yes (IMDS, IRSA, env vars) | No |
Destructive guards | 3-layer (flag + namespace + confirm) | Non-destructive mode flag |
Audit logging | Structured JSON, file+stdout | No |
Secret masking | Values never returned | Partial |
Multi-cluster | Via cluster_map + switch_cluster | No |
Helm support | Planned | Yes |
Port forwarding | Planned | Yes |
License
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/STHITAPRAJNAS/mcp-kubernetes-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server