DEV.co
Open-Source DevOps · rohitg00

kubectl-mcp-server

kubectl-mcp-server is a Python-based MCP server that enables natural language control of Kubernetes clusters through AI assistants like Claude and Cursor. It exposes 253 tools for pod debugging, deployment, cost analysis, security audits, and cluster management without requiring kubectl CLI expertise.

Source: GitHub — github.com/rohitg00/kubectl-mcp-server
920
GitHub stars
176
Forks
Python
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryrohitg00/kubectl-mcp-server
Ownerrohitg00
Primary languagePython
LicenseMIT — OSI-approved
Stars920
Forks176
Open issues4
Latest releasev1.24.0 (2026-02-20)
Last updated2026-04-08
Sourcehttps://github.com/rohitg00/kubectl-mcp-server

What kubectl-mcp-server is

A Model Context Protocol (MCP) server written in Python 3.9+ that translates natural language queries into Kubernetes API operations via kubectl. Deployed as an npm/pip package or Docker container, it provides structured access to cluster diagnostics, resource management, RBAC analysis, and optional interactive dashboards with browser automation capabilities.

Quickstart

Get the kubectl-mcp-server source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/rohitg00/kubectl-mcp-server.gitcd kubectl-mcp-server# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

AI-assisted cluster troubleshooting

Leverage AI to diagnose pod crashes, connectivity issues, and resource bottlenecks by analyzing logs, events, and metrics through natural language conversation rather than manual kubectl queries.

Cost optimization and resource efficiency

Ask AI to identify over-provisioned workloads, wasted resources, and cost reduction opportunities across namespaces with actionable recommendations backed by cluster data.

Security and compliance auditing

Conduct RBAC permission reviews, secret scanning, and pod security policy audits through conversational queries with structured findings and remediation guidance.

Implementation considerations

  • Requires kubectl CLI installed and pre-configured kubeconfig; cluster access scope depends entirely on the kubeconfig user's RBAC permissions.
  • Optional 'ui' extra dependencies (interactive dashboards, browser automation) add size and complexity; base installation is lightweight for stdio transport.
  • Non-destructive mode and secret masking are opt-in features; default behavior executes all requested operations without guardrails beyond RBAC.
  • Multi-cluster support documented but not verified in this data; test 'multi-cluster' features against actual target topology before production deployment.
  • Testing surface is broad (234 passing tests claimed) but specific test coverage for failure modes, AI edge cases, and production-scale workloads not detailed.

When to avoid it — and what to weigh

  • Requires cluster-wide write operations at scale — While the server supports deployments and modifications, teams needing automated infrastructure-as-code workflows may benefit more from dedicated GitOps tools (ArgoCD, Flux) paired with appropriate policy enforcement.
  • Air-gapped or restricted network environments — Server requires network access to Kubernetes API and container registries. Offline-first or heavily restricted networks need custom deployment patterns not documented in the standard README.
  • Multi-cloud or non-kubectl cluster access — Purpose-built for kubectl-configured clusters. Teams managing AWS EKS, GCP GKE, or Azure AKS through vendor-specific APIs may find specialized tools more appropriate.
  • Strict separation of AI agent permissions from cluster RBAC — Server inherits the kubeconfig user's permissions entirely. Fine-grained per-query authorization or token-per-AI-request patterns require additional proxy/gateway infrastructure.

License & commercial use

Licensed under MIT (MIT License), a permissive OSI-approved license. Permits commercial use, modification, and distribution with attribution and no warranty.

MIT license permits commercial use and derivative works. However, verify internal policies regarding AI-assisted cluster management and any customer data exposure through AI assistant contexts before deploying in regulated industries (finance, healthcare, government). No formal SLA, warranty, or commercial support terms are stated in the provided data.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

Server inherits all permissions of the kubeconfig user—no additional authorization layer enforced. Supports secret masking and non-destructive mode (opt-in), but defaults permit unrestricted operations. AI assistant receives full stdout/stderr; sensitive data (keys, tokens, IPs) may leak into LLM context. In-cluster deployment exposes pod-level kubeconfig or service account—ensure network policies and RBAC lock-down. Browser automation (optional UI) adds attack surface for XSS/injection. No audit logging, rate limiting, or request signing documented. Evaluate threat model and apply least-privilege RBAC before exposing to untrusted AI agents.

Alternatives to consider

ArgoCD + standard LLM integration

Provides declarative, version-controlled Kubernetes deployments with GitOps; can be queried by an LLM via custom API. Better for teams prioritizing policy enforcement and change auditing over conversational ease.

Kubernetes Operator + AI agent framework

Build custom operators and expose via OpenAPI with LLM-friendly schema generation. Offers tighter control over which operations are safe and auditable but requires more engineering.

Claude Projects, Cursor rules, or Windsurf compose can directly call kubectl in a shell context with LLM assistance. Simpler, no MCP dependency, but less structured and no built-in diagnostics.

Software development agency

Build on kubectl-mcp-server with DEV.co software developers

Install kubectl-mcp-server via npm/pip today. Test with your AI assistant in minutes, then evaluate security posture and RBAC configuration for your environment.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

kubectl-mcp-server FAQ

Can I use kubectl-mcp-server without deploying it in-cluster?
Yes. Local or remote installation (via pip, npm, Docker) using an external kubeconfig works for most use cases. In-cluster deployment (kMCP) is optional for pod-level operations and avoids kubeconfig exposure.
What happens if the AI assistant generates a destructive kubectl command?
By default, all operations execute as the kubeconfig user's RBAC permits. Enable 'non-destructive mode' to prevent deletions and modifications, but this must be configured explicitly. No automatic safety guardrails are enabled by default.
Is there an audit log of AI-requested changes?
Not mentioned in the provided data. Changes execute via kubectl and standard Kubernetes audit logs if enabled on the cluster, but no dedicated MCP-layer audit trail is documented.
How does multi-cluster support work?
Documented in README but not detailed. Likely uses kubeconfig context switching or separate server instances per cluster; verify against your topology before production deployment.

Software developers & web developers for hire

Need help beyond evaluating kubectl-mcp-server? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source devops integrations — and maintain them long-term.

Ready to unlock AI-assisted cluster management?

Install kubectl-mcp-server via npm/pip today. Test with your AI assistant in minutes, then evaluate security posture and RBAC configuration for your environment.