kubectl-mcp-server
kubectl-mcp-server is a Python-based MCP server that enables natural language control of Kubernetes clusters through AI assistants like Claude and Cursor. It exposes 253 tools for pod debugging, deployment, cost analysis, security audits, and cluster management without requiring kubectl CLI expertise.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | rohitg00/kubectl-mcp-server |
| Owner | rohitg00 |
| Primary language | Python |
| License | MIT — OSI-approved |
| Stars | 920 |
| Forks | 176 |
| Open issues | 4 |
| Latest release | v1.24.0 (2026-02-20) |
| Last updated | 2026-04-08 |
| Source | https://github.com/rohitg00/kubectl-mcp-server |
What kubectl-mcp-server is
A Model Context Protocol (MCP) server written in Python 3.9+ that translates natural language queries into Kubernetes API operations via kubectl. Deployed as an npm/pip package or Docker container, it provides structured access to cluster diagnostics, resource management, RBAC analysis, and optional interactive dashboards with browser automation capabilities.
Get the kubectl-mcp-server source
Clone the repository and explore it locally.
git clone https://github.com/rohitg00/kubectl-mcp-server.gitcd kubectl-mcp-server# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires kubectl CLI installed and pre-configured kubeconfig; cluster access scope depends entirely on the kubeconfig user's RBAC permissions.
- Optional 'ui' extra dependencies (interactive dashboards, browser automation) add size and complexity; base installation is lightweight for stdio transport.
- Non-destructive mode and secret masking are opt-in features; default behavior executes all requested operations without guardrails beyond RBAC.
- Multi-cluster support documented but not verified in this data; test 'multi-cluster' features against actual target topology before production deployment.
- Testing surface is broad (234 passing tests claimed) but specific test coverage for failure modes, AI edge cases, and production-scale workloads not detailed.
When to avoid it — and what to weigh
- Requires cluster-wide write operations at scale — While the server supports deployments and modifications, teams needing automated infrastructure-as-code workflows may benefit more from dedicated GitOps tools (ArgoCD, Flux) paired with appropriate policy enforcement.
- Air-gapped or restricted network environments — Server requires network access to Kubernetes API and container registries. Offline-first or heavily restricted networks need custom deployment patterns not documented in the standard README.
- Multi-cloud or non-kubectl cluster access — Purpose-built for kubectl-configured clusters. Teams managing AWS EKS, GCP GKE, or Azure AKS through vendor-specific APIs may find specialized tools more appropriate.
- Strict separation of AI agent permissions from cluster RBAC — Server inherits the kubeconfig user's permissions entirely. Fine-grained per-query authorization or token-per-AI-request patterns require additional proxy/gateway infrastructure.
License & commercial use
Licensed under MIT (MIT License), a permissive OSI-approved license. Permits commercial use, modification, and distribution with attribution and no warranty.
MIT license permits commercial use and derivative works. However, verify internal policies regarding AI-assisted cluster management and any customer data exposure through AI assistant contexts before deploying in regulated industries (finance, healthcare, government). No formal SLA, warranty, or commercial support terms are stated in the provided data.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Strong |
| Assessment confidence | High |
Server inherits all permissions of the kubeconfig user—no additional authorization layer enforced. Supports secret masking and non-destructive mode (opt-in), but defaults permit unrestricted operations. AI assistant receives full stdout/stderr; sensitive data (keys, tokens, IPs) may leak into LLM context. In-cluster deployment exposes pod-level kubeconfig or service account—ensure network policies and RBAC lock-down. Browser automation (optional UI) adds attack surface for XSS/injection. No audit logging, rate limiting, or request signing documented. Evaluate threat model and apply least-privilege RBAC before exposing to untrusted AI agents.
Alternatives to consider
ArgoCD + standard LLM integration
Provides declarative, version-controlled Kubernetes deployments with GitOps; can be queried by an LLM via custom API. Better for teams prioritizing policy enforcement and change auditing over conversational ease.
Kubernetes Operator + AI agent framework
Build custom operators and expose via OpenAPI with LLM-friendly schema generation. Offers tighter control over which operations are safe and auditable but requires more engineering.
Claude Projects, Cursor rules, or Windsurf compose can directly call kubectl in a shell context with LLM assistance. Simpler, no MCP dependency, but less structured and no built-in diagnostics.
Build on kubectl-mcp-server with DEV.co software developers
Install kubectl-mcp-server via npm/pip today. Test with your AI assistant in minutes, then evaluate security posture and RBAC configuration for your environment.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
kubectl-mcp-server FAQ
Can I use kubectl-mcp-server without deploying it in-cluster?
What happens if the AI assistant generates a destructive kubectl command?
Is there an audit log of AI-requested changes?
How does multi-cluster support work?
Software developers & web developers for hire
Need help beyond evaluating kubectl-mcp-server? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source devops integrations — and maintain them long-term.
Ready to unlock AI-assisted cluster management?
Install kubectl-mcp-server via npm/pip today. Test with your AI assistant in minutes, then evaluate security posture and RBAC configuration for your environment.