Command Palette

Search for a command to run...

UnylyUnyly
Browse all

K8s Server

FreeNot checked

An MCP server that lets AI assistants safely inspect and operate on Kubernetes clusters through natural conversation.

GitHubEmbed

About

An MCP server that lets AI assistants safely inspect and operate on Kubernetes clusters through natural conversation.

README

An MCP server that lets AI assistants — Claude Desktop, Cursor, Claude Code — safely inspect and operate on Kubernetes clusters through natural conversation.

CI Python 3.13+ License: MIT MCP PyPI

What it does

k8s-mcp-server gives Claude (and any other MCP-compatible AI assistant) safe, read-only access to Kubernetes clusters by default — list pods, tail logs, inspect deployments, view metrics, and describe any resource through natural conversation. Optional write operations (scale, restart, delete) live behind an --enable-writes flag and default to dry-run, so the LLM can't accidentally change cluster state.

Built with 528 unit tests against mocked K8s APIs plus a kind-cluster integration smoke test on every CI run — 100% library coverage.

Demo

Demo coming: a 30-second loop of Claude Desktop diagnosing a crashing pod — the model calls list_pods, spots CrashLoopBackOff, fetches get_pod_logs with previous=True, reads the stack trace, and suggests the fix.

Features

Read operations (13 tools)

Tool What it does
list_namespaces List all namespaces with status and age.
list_pods List pods, filterable by namespace, labels, or field selectors.
get_pod Single pod's full state — container statuses, conditions, recent events.
get_pod_logs Pod logs with tail_lines, since_seconds, and previous (post-crash).
list_deployments List deployments with replica counts and primary container image.
get_deployment Full deployment state plus the last 5 ReplicaSets (rollout history).
list_services List services with ports and LoadBalancer external IPs.
list_nodes List nodes with health, roles, kubelet version, capacity.
get_node Full node detail with conditions, taints, and pods-on-node count.
list_events Cluster events filtered by kind/name/type/since, most recent first.
describe_resource Structured describe view across 7 kinds (Secret values redacted).
top_pods Pod CPU/memory usage (requires metrics-server).
top_nodes Node CPU/memory usage with percent against allocatable.

Write operations (3 tools — require --enable-writes)

Tool What it does
scale_deployment Set the replica count of a deployment via the /scale sub-resource.
restart_deployment Trigger a rollout restart (kubectl-compatible annotation).
delete_pod Delete a pod, optionally with force=True for immediate kill.

Every write tool defaults to dry_run=True. Full input/output specs in docs/TOOLS_SPEC.md.

Installation

Option A — try without installing (recommended for first run):

uvx --from kubernetes-mcp k8s-mcp-server --help

Option B — install for daily use:

pip install kubernetes-mcp

You'll need a working ~/.kube/config pointing at the cluster you want to inspect.

Quick Start (Claude Desktop)

Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%/Claude/claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "kubernetes": {
      "command": "uvx",
      "args": ["k8s-mcp-server"]
    }
  }
}

Restart Claude Desktop. You should now be able to ask:

"List all pods in the staging namespace that aren't running."

"Why is pod api-7d4f9 crashing? Check its logs and recent events."

Examples

Ready-to-paste config snippets (read-only and writes-enabled variants) live in examples/ — see examples/README.md for setup notes.

Security Model

All write operations are off by default. The --enable-writes flag at server start is required to register them at all (Layer 1 + 2 of defense-in-depth). Once enabled, every write tool re-checks the flag at handler entry (Layer 3) and defaults to dry_run=True (Layer 4) — the LLM must explicitly pass dry_run=False to apply. The optional --namespaces dev,staging allowlist limits the blast radius for both reads and writes regardless of the flag. Every write attempt is audited at INFO level on the k8s_mcp_server.audit logger with the tool name, target, dry_run value, and tool-specific deltas (Layer 5).

Secret values are never returned — even via describe_resource(kind="secret"), only key names surface. The kubectl.kubernetes.io/last-applied-configuration annotation is stripped from Secret responses to prevent annotation-based leaks.

Read docs/SECURITY.md for the full threat model and the layered defense table.

Configuration

Flag Default Description
--enable-writes off Register write tools
--namespaces ns1,ns2 all Restrict to specific namespaces
--kubeconfig PATH ~/.kube/config Override kubeconfig path
--context NAME current Override kubeconfig context
--log-level LEVEL INFO DEBUG / INFO / WARNING / ERROR

Architecture

Tools are registered via a small dataclass-based registry; each tool is a single async function that returns a structured ToolResult(success, data, error, audit) envelope and never raises into the MCP layer. Read tools defer to a shared namespace allowlist resolver (resolve_read_namespaces) and per-kind formatters in tools/. Write tools follow a strict three-layer defense pattern (CLI flag → server-level registry filter → in-handler assert_writes_enabled) on top of dry-run-by-default and audit logging. The polymorphic describe_resource tool dispatches via a per-kind table covering pod / deployment / service / node / configmap / secret / ingress.

See CLAUDE.md §6.1 for the Write Tool Contract.

Development

git clone https://github.com/sarah-salah/k8s-mcp-server
cd k8s-mcp-server
uv sync
uv run pytest
uv run ruff check
uv run mypy src/

Project conventions and workflow in CLAUDE.md. Integration tests against a real kind cluster are documented in docs/INTEGRATION_TESTING.md.

Roadmap (v2)

See docs/PROJECT_PLAN.md. Highlights for v2:

  • HTTP / SSE transport
  • In-cluster deployment with Helm chart
  • ServiceAccount + RBAC
  • Persistent audit log

License & Acknowledgments

MIT — see LICENSE.

Built on top of:

from github.com/Sarah-Salah/k8s-mcp-server

Install K8s Server in Claude Desktop, Claude Code & Cursor

Recommended · one command, every IDE
unyly install k8s-mcp-server

Installs into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.

First time? Get the CLI: curl -fsSL https://unyly.org/install | sh

Or configure manually

Run in your terminal:

claude mcp add k8s-mcp-server -- uvx kubernetes-mcp

FAQ

Is K8s Server MCP free?

Yes, K8s Server MCP is free — one-click install via Unyly at no cost.

Does K8s Server need an API key?

No, K8s Server runs without API keys or environment variables.

Is K8s Server hosted or self-hosted?

Self-hosted: the server runs locally on your machine via the install command above.

How do I install K8s Server in Claude Desktop, Claude Code or Cursor?

Open K8s Server on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare K8s Server with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All development MCPs