How to add K8M to Windsurf
AI-driven mini Kubernetes dashboard with a built-in MCP server exposing 49 cluster operation tools Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.
Last updated June 14, 2026 · 849★ · sse · apikey
Windsurf config for K8M
{
"mcpServers": {
"k8m": {
"serverUrl": "http://localhost:3618/mcp/k8m/sse",
"headers": {
"Authorization": "<token-from-k8m-个人中心-开放MCP>"
}
}
}
}Remote server — no local install needed. Restart the client after saving the config.
Setup steps
- 1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
- 2Paste the K8M config below.
- 3Fill in placeholder secrets, then save.
- 4Click Refresh in the MCP panel.
- 5K8M's tools become available to Cascade.
Before you start
- A running, self-hosted K8M instance (single binary or docker-compose; default port 3618)
- One or more Kubernetes clusters registered/managed in K8M
- The built-in 'k8m' MCP server enabled under 平台设置-MCP管理
- An MCP access link and Authorization Token created under 个人中心-开放MCP (the Token is bound to the creating user's cluster permissions)
What K8M can do in Windsurf
list_clustersList all registered Kubernetes clusters
scale_deploymentScale a Deployment up or down
restart_deploymentRestart a Deployment
stop_deploymentStop a Deployment
restore_deploymentRestore a stopped Deployment
update_tag_deploymentUpdate a Deployment's image tag
rollout_history_deploymentQuery a Deployment's rollout history
rollout_undo_deploymentRoll back a Deployment
Security
The MCP server is only reachable after you self-host K8M and create an access link under 个人中心-开放MCP; the URL http://localhost:3618/mcp/k8m/sse is a per-user template — replace localhost with your server IP and use your own generated link. External clients must authenticate by passing the Token (created under 个人中心-开放MCP) in the Authorization header. MCP permissions are bound to the creating user's cluster authorization (read-only / exec / cluster-admin), so scope that user carefully — cluster-admin links can apply YAML, delete resources, drain nodes, and exec into Pods. Change the default k8m/k8m credentials and enable 2FA before exposing the dashboard.
K8M + Windsurf FAQ
Where is the Windsurf config file?
Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the K8M config there under the "mcpServers" key and restart the client.
Is K8M safe to use with Windsurf?
The MCP server is only reachable after you self-host K8M and create an access link under 个人中心-开放MCP; the URL http://localhost:3618/mcp/k8m/sse is a per-user template — replace localhost with your server IP and use your own generated link. External clients must authenticate by passing the Token (created under 个人中心-开放MCP) in the Authorization header. MCP permissions are bound to the creating user's cluster authorization (read-only / exec / cluster-admin), so scope that user carefully — cluster-admin links can apply YAML, delete resources, drain nodes, and exec into Pods. Change the default k8m/k8m credentials and enable 2FA before exposing the dashboard.
What transport does the MCP server use?
SSE only. The docs state the built-in MCP server supports the SSE protocol exclusively; the endpoint is http://<server-ip>:3618/mcp/k8m/sse.
How does authentication work?
Create an access link/Token under 个人中心-开放MCP in the K8M UI, then pass it in the Authorization header from your MCP client. The link inherits the creating user's cluster permissions (read-only, exec, or cluster-admin).
Do I need to install a package?
No npm/pip package. You self-host the K8M binary (or docker-compose), enable the built-in k8m MCP server in admin settings, and connect your client to the SSE URL.