K8s Server
FreeNot checkedAn MCP server that lets AI assistants safely inspect and operate on Kubernetes clusters through natural conversation.
About
An MCP server that lets AI assistants safely inspect and operate on Kubernetes clusters through natural conversation.
README
An MCP server that lets AI assistants — Claude Desktop, Cursor, Claude Code — safely inspect and operate on Kubernetes clusters through natural conversation.
What it does
k8s-mcp-server gives Claude (and any other MCP-compatible AI assistant) safe, read-only access to Kubernetes clusters by default — list pods, tail logs, inspect deployments, view metrics, and describe any resource through natural conversation. Optional write operations (scale, restart, delete) live behind an --enable-writes flag and default to dry-run, so the LLM can't accidentally change cluster state.
Built with 528 unit tests against mocked K8s APIs plus a kind-cluster integration smoke test on every CI run — 100% library coverage.
Demo
Demo coming: a 30-second loop of Claude Desktop diagnosing a crashing pod — the model calls list_pods, spots CrashLoopBackOff, fetches get_pod_logs with previous=True, reads the stack trace, and suggests the fix.
Features
Read operations (13 tools)
| Tool | What it does |
|---|---|
list_namespaces |
List all namespaces with status and age. |
list_pods |
List pods, filterable by namespace, labels, or field selectors. |
get_pod |
Single pod's full state — container statuses, conditions, recent events. |
get_pod_logs |
Pod logs with tail_lines, since_seconds, and previous (post-crash). |
list_deployments |
List deployments with replica counts and primary container image. |
get_deployment |
Full deployment state plus the last 5 ReplicaSets (rollout history). |
list_services |
List services with ports and LoadBalancer external IPs. |
list_nodes |
List nodes with health, roles, kubelet version, capacity. |
get_node |
Full node detail with conditions, taints, and pods-on-node count. |
list_events |
Cluster events filtered by kind/name/type/since, most recent first. |
describe_resource |
Structured describe view across 7 kinds (Secret values redacted). |
top_pods |
Pod CPU/memory usage (requires metrics-server). |
top_nodes |
Node CPU/memory usage with percent against allocatable. |
Write operations (3 tools — require --enable-writes)
| Tool | What it does |
|---|---|
scale_deployment |
Set the replica count of a deployment via the /scale sub-resource. |
restart_deployment |
Trigger a rollout restart (kubectl-compatible annotation). |
delete_pod |
Delete a pod, optionally with force=True for immediate kill. |
Every write tool defaults to dry_run=True. Full input/output specs in docs/TOOLS_SPEC.md.
Installation
Option A — try without installing (recommended for first run):
uvx --from kubernetes-mcp k8s-mcp-server --help
Option B — install for daily use:
pip install kubernetes-mcp
You'll need a working ~/.kube/config pointing at the cluster you want to inspect.
Quick Start (Claude Desktop)
Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%/Claude/claude_desktop_config.json (Windows):
{
"mcpServers": {
"kubernetes": {
"command": "uvx",
"args": ["k8s-mcp-server"]
}
}
}
Restart Claude Desktop. You should now be able to ask:
"List all pods in the staging namespace that aren't running."
"Why is pod
api-7d4f9crashing? Check its logs and recent events."
Examples
Ready-to-paste config snippets (read-only and writes-enabled variants) live in examples/ — see examples/README.md for setup notes.
Security Model
All write operations are off by default. The --enable-writes flag at server start is required to register them at all (Layer 1 + 2 of defense-in-depth). Once enabled, every write tool re-checks the flag at handler entry (Layer 3) and defaults to dry_run=True (Layer 4) — the LLM must explicitly pass dry_run=False to apply. The optional --namespaces dev,staging allowlist limits the blast radius for both reads and writes regardless of the flag. Every write attempt is audited at INFO level on the k8s_mcp_server.audit logger with the tool name, target, dry_run value, and tool-specific deltas (Layer 5).
Secret values are never returned — even via describe_resource(kind="secret"), only key names surface. The kubectl.kubernetes.io/last-applied-configuration annotation is stripped from Secret responses to prevent annotation-based leaks.
Read docs/SECURITY.md for the full threat model and the layered defense table.
Configuration
| Flag | Default | Description |
|---|---|---|
--enable-writes |
off | Register write tools |
--namespaces ns1,ns2 |
all | Restrict to specific namespaces |
--kubeconfig PATH |
~/.kube/config |
Override kubeconfig path |
--context NAME |
current | Override kubeconfig context |
--log-level LEVEL |
INFO |
DEBUG / INFO / WARNING / ERROR |
Architecture
Tools are registered via a small dataclass-based registry; each tool is a single async function that returns a structured ToolResult(success, data, error, audit) envelope and never raises into the MCP layer. Read tools defer to a shared namespace allowlist resolver (resolve_read_namespaces) and per-kind formatters in tools/. Write tools follow a strict three-layer defense pattern (CLI flag → server-level registry filter → in-handler assert_writes_enabled) on top of dry-run-by-default and audit logging. The polymorphic describe_resource tool dispatches via a per-kind table covering pod / deployment / service / node / configmap / secret / ingress.
See CLAUDE.md §6.1 for the Write Tool Contract.
Development
git clone https://github.com/sarah-salah/k8s-mcp-server
cd k8s-mcp-server
uv sync
uv run pytest
uv run ruff check
uv run mypy src/
Project conventions and workflow in CLAUDE.md. Integration tests against a real kind cluster are documented in docs/INTEGRATION_TESTING.md.
Roadmap (v2)
See docs/PROJECT_PLAN.md. Highlights for v2:
- HTTP / SSE transport
- In-cluster deployment with Helm chart
- ServiceAccount + RBAC
- Persistent audit log
License & Acknowledgments
MIT — see LICENSE.
Built on top of:
- Official MCP Python SDK — the protocol layer
- kubernetes-py client — the API client
- pydantic v2 — input validation and tool schema generation
Install K8s Server in Claude Desktop, Claude Code & Cursor
unyly install k8s-mcp-serverInstalls into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.
First time? Get the CLI: curl -fsSL https://unyly.org/install | sh
Or configure manually
Run in your terminal:
claude mcp add k8s-mcp-server -- uvx kubernetes-mcpFAQ
Is K8s Server MCP free?
Yes, K8s Server MCP is free — one-click install via Unyly at no cost.
Does K8s Server need an API key?
No, K8s Server runs without API keys or environment variables.
Is K8s Server hosted or self-hosted?
Self-hosted: the server runs locally on your machine via the install command above.
How do I install K8s Server in Claude Desktop, Claude Code or Cursor?
Open K8s Server on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
GitHub
PRs, issues, code search, CI status
by GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
by mcpdotdirectCompare K8s Server with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All development MCPs
