mcp-server-kubernetes
MCP Server Kubernetes is a TypeScript-based bridge that lets AI tools (Claude, Cursor, VS Code) manage Kubernetes clusters via kubectl commands. It supports resource operations, Helm chart management, and includes optional OpenTelemetry tracing for observability.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | Flux159/mcp-server-kubernetes |
| Owner | Flux159 |
| Primary language | TypeScript |
| License | MIT — OSI-approved |
| Stars | 1.5k |
| Forks | 255 |
| Open issues | 11 |
| Latest release | v3.9.3 (2026-07-06) |
| Last updated | 2026-07-06 |
| Source | https://github.com/Flux159/mcp-server-kubernetes |
What mcp-server-kubernetes is
A Model Context Protocol (MCP) server that exposes kubectl functionality through a standardized tool interface, supporting kubeconfig authentication, namespace-scoped operations, non-destructive modes, and distributed tracing via OTLP. Runs on Node.js/Bun runtime.
Get the mcp-server-kubernetes source
Clone the repository and explore it locally.
git clone https://github.com/Flux159/mcp-server-kubernetes.gitcd mcp-server-kubernetes# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Verify kubectl and Helm v3 are in PATH before deployment; kubeconfig discovery supports `~/.kube/config` by default but requires explicit paths or environment variables for non-standard locations.
- Deploy MCP server process with least-privilege service account (RBAC) in cluster or use read-only kubeconfig for initial pilot to limit blast radius.
- Enable OpenTelemetry only if observability backend is available and network-accessible; configure sampling strategy to avoid high cardinality span explosion in high-frequency operations.
- Test non-destructive mode with AI tools first to understand command restrictions before granting write access to resources.
- Validate secrets masking behavior in logs and AI chat history; consider additional redaction layers upstream (e.g., log aggregator rules).
When to avoid it — and what to weigh
- Production Clusters Without Isolation — The server runs with the permissions of the kubeconfig user. Deploying in shared environments without RBAC-scoped service accounts risks privilege escalation if the MCP process is compromised.
- Air-Gapped Networks Requiring No External Calls — OpenTelemetry telemetry exports require network egress to OTLP backends. If compliance mandates zero external calls, disable telemetry but acknowledge potential operational blind spots.
- Clusters Requiring Deterministic, Audit-Locked Changes — AI-driven kubectl operations lack built-in approval workflows. Use only on dev/test clusters or implement external policy enforcement (e.g., OPA/Kyverno) before production adoption.
- Multi-Tenancy Without Network Policies or Secrets Masking Verification — Secrets masking applies only to `kubectl get secrets` output; logs and other sensitive data exposure depend on proper kubectl output filtering and network isolation.
License & commercial use
MIT License. Permits commercial use, modification, and distribution with no restrictions, provided original license notice is retained.
MIT is a permissive OSI-approved license. Commercial use is explicitly allowed. However, as with any third-party OSS, ensure your organization's legal/procurement team reviews liability and warranty disclaimers (software provided 'as is'). No commercial support SLA visible in repository.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Strong |
| Assessment confidence | High |
Server inherits permissions from kubeconfig user; no built-in RBAC enforcement. Secrets masking applies only to `kubectl get secrets` output—logs, pod exec, and other channels may leak sensitive data. Kubeconfig stored locally; protect with file permissions. OpenTelemetry exports may expose cluster metadata to external backends; configure sampling and redaction as needed. No visible security audit or vulnerability disclosure policy in repository.
Alternatives to consider
kubectl CLI + manual API interaction
Direct, no MCP overhead, but requires manual AI prompt engineering and lacks built-in observability/masking; suitable for one-off operations.
Kyverno + ArgoCD + AI policy engine
Policy-first approach with GitOps workflow; higher setup cost but provides audit trails, approval gates, and deterministic deployments for regulated environments.
Custom API server wrapping kubectl
Offers fine-grained auth, logging, and multi-tenancy control, but requires in-house development and maintenance compared to this MCP integration.
Build on mcp-server-kubernetes with DEV.co software developers
Integrate MCP Server Kubernetes with Claude, Cursor, or VS Code to automate cluster troubleshooting, deployments, and observability. Start with read-only mode to test safely.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
mcp-server-kubernetes FAQ
Can I use this in production clusters?
Does it support multi-cluster management?
What happens if the kubeconfig is invalid or expires?
Can I use this with non-kubectl authentication (e.g., direct API calls)?
Software developers & web developers for hire
DEV.co helps companies turn open-source tools like mcp-server-kubernetes into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your mcp servers stack.
Ready to AI-Assist Your Kubernetes Operations?
Integrate MCP Server Kubernetes with Claude, Cursor, or VS Code to automate cluster troubleshooting, deployments, and observability. Start with read-only mode to test safely.