DEV.co
MCP Servers · Flux159

mcp-server-kubernetes

MCP Server Kubernetes is a TypeScript-based bridge that lets AI tools (Claude, Cursor, VS Code) manage Kubernetes clusters via kubectl commands. It supports resource operations, Helm chart management, and includes optional OpenTelemetry tracing for observability.

Source: GitHub — github.com/Flux159/mcp-server-kubernetes
1.5k
GitHub stars
255
Forks
TypeScript
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryFlux159/mcp-server-kubernetes
OwnerFlux159
Primary languageTypeScript
LicenseMIT — OSI-approved
Stars1.5k
Forks255
Open issues11
Latest releasev3.9.3 (2026-07-06)
Last updated2026-07-06
Sourcehttps://github.com/Flux159/mcp-server-kubernetes

What mcp-server-kubernetes is

A Model Context Protocol (MCP) server that exposes kubectl functionality through a standardized tool interface, supporting kubeconfig authentication, namespace-scoped operations, non-destructive modes, and distributed tracing via OTLP. Runs on Node.js/Bun runtime.

Quickstart

Get the mcp-server-kubernetes source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/Flux159/mcp-server-kubernetes.gitcd mcp-server-kubernetes# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

AI-Assisted Kubernetes Troubleshooting & Diagnosis

Use Claude or Cursor to systematically troubleshoot cluster issues via the built-in `k8s-diagnose` prompt, guiding through pod states, events, and logs without manual kubectl context switching.

Infrastructure-as-Code Deployment Automation

Integrate with Claude Code or VS Code for AI-driven YAML manifest generation and direct application to clusters, including Helm chart templating for parameterized deployments.

Observability & Compliance Auditing

Combine with OpenTelemetry backends (Jaeger, Grafana Tempo) to trace all kubectl operations performed by AI agents, enabling compliance logging and performance analysis of cluster management tasks.

Implementation considerations

  • Verify kubectl and Helm v3 are in PATH before deployment; kubeconfig discovery supports `~/.kube/config` by default but requires explicit paths or environment variables for non-standard locations.
  • Deploy MCP server process with least-privilege service account (RBAC) in cluster or use read-only kubeconfig for initial pilot to limit blast radius.
  • Enable OpenTelemetry only if observability backend is available and network-accessible; configure sampling strategy to avoid high cardinality span explosion in high-frequency operations.
  • Test non-destructive mode with AI tools first to understand command restrictions before granting write access to resources.
  • Validate secrets masking behavior in logs and AI chat history; consider additional redaction layers upstream (e.g., log aggregator rules).

When to avoid it — and what to weigh

  • Production Clusters Without Isolation — The server runs with the permissions of the kubeconfig user. Deploying in shared environments without RBAC-scoped service accounts risks privilege escalation if the MCP process is compromised.
  • Air-Gapped Networks Requiring No External Calls — OpenTelemetry telemetry exports require network egress to OTLP backends. If compliance mandates zero external calls, disable telemetry but acknowledge potential operational blind spots.
  • Clusters Requiring Deterministic, Audit-Locked Changes — AI-driven kubectl operations lack built-in approval workflows. Use only on dev/test clusters or implement external policy enforcement (e.g., OPA/Kyverno) before production adoption.
  • Multi-Tenancy Without Network Policies or Secrets Masking Verification — Secrets masking applies only to `kubectl get secrets` output; logs and other sensitive data exposure depend on proper kubectl output filtering and network isolation.

License & commercial use

MIT License. Permits commercial use, modification, and distribution with no restrictions, provided original license notice is retained.

MIT is a permissive OSI-approved license. Commercial use is explicitly allowed. However, as with any third-party OSS, ensure your organization's legal/procurement team reviews liability and warranty disclaimers (software provided 'as is'). No commercial support SLA visible in repository.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

Server inherits permissions from kubeconfig user; no built-in RBAC enforcement. Secrets masking applies only to `kubectl get secrets` output—logs, pod exec, and other channels may leak sensitive data. Kubeconfig stored locally; protect with file permissions. OpenTelemetry exports may expose cluster metadata to external backends; configure sampling and redaction as needed. No visible security audit or vulnerability disclosure policy in repository.

Alternatives to consider

kubectl CLI + manual API interaction

Direct, no MCP overhead, but requires manual AI prompt engineering and lacks built-in observability/masking; suitable for one-off operations.

Kyverno + ArgoCD + AI policy engine

Policy-first approach with GitOps workflow; higher setup cost but provides audit trails, approval gates, and deterministic deployments for regulated environments.

Custom API server wrapping kubectl

Offers fine-grained auth, logging, and multi-tenancy control, but requires in-house development and maintenance compared to this MCP integration.

Software development agency

Build on mcp-server-kubernetes with DEV.co software developers

Integrate MCP Server Kubernetes with Claude, Cursor, or VS Code to automate cluster troubleshooting, deployments, and observability. Start with read-only mode to test safely.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

mcp-server-kubernetes FAQ

Can I use this in production clusters?
Possible but requires caution. Use read-only mode for monitoring, implement RBAC-scoped service accounts, enable audit logging, and avoid giving AI agents write access to critical namespaces. Test thoroughly in staging first.
Does it support multi-cluster management?
Not explicitly. The server connects to a single kubectl context at runtime. Multi-cluster scenarios require separate MCP instances per cluster or context-switching logic in the AI client.
What happens if the kubeconfig is invalid or expires?
The `ping` tool returns connection status. Invalid credentials or token expiry will cause kubectl commands to fail; the server does not auto-refresh tokens. Ensure kubeconfig is kept fresh and credentials are rotated.
Can I use this with non-kubectl authentication (e.g., direct API calls)?
No. The server is kubectl-centric and relies on kubeconfig for all auth. If kubectl doesn't work, the server won't either. For non-standard auth, update kubeconfig or use a different integration.

Software developers & web developers for hire

DEV.co helps companies turn open-source tools like mcp-server-kubernetes into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your mcp servers stack.

Ready to AI-Assist Your Kubernetes Operations?

Integrate MCP Server Kubernetes with Claude, Cursor, or VS Code to automate cluster troubleshooting, deployments, and observability. Start with read-only mode to test safely.