kubectl-mcp-server

Control your entire Kubernetes infrastructure through natural language conversations with AI.

Unverified

stdio (local)

No auth

Python

View repo 913 Website npm

Add to your client

Copy the config for your MCP client and paste it into its config file.

Install / run

npx -y kubectl-mcp-server

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "kubectl-mcp-server": {
      "command": "npx",
      "args": [
        "-y",
        "kubectl-mcp-server"
      ]
    }
  }
}

Step-by-step guides: Add to Claude Desktop · Add to Cursor · Add to Windsurf

Before you start

Python 3.9+ (for pip installation)
Node.js 14+ (for npx installation)
kubectl installed and configured
Access to a Kubernetes cluster

About kubectl-mcp-server

An MCP server for managing Kubernetes through natural language. It translates AI assistant requests into kubectl/Helm operations across 253 tools, 8 workflow prompts, and 8 resources, with multi-cluster support via a per-tool context parameter, multiple transports, safety modes, secret masking, and optional OAuth 2.1 auth. Works with Claude Desktop, Claude Code, Cursor, Windsurf, GitHub Copilot, and 15+ other MCP clients.

Tools & capabilities (20)

get_pods

List pods in a namespace (accepts namespace and optional context).

get_logs

Retrieve logs from a pod.

diagnose_pod_crash

AI-powered crash diagnosis with logs, events, and resource analysis.

get_deployments

List deployments in the cluster.

create_deployment

Create a deployment with best-practice defaults.

scale_deployment

Scale a deployment to a target replica count.

kubectl_rollout

Manage deployment rollouts (status, undo, restart).

diagnose_network_connectivity

Diagnose network connectivity issues including DNS resolution and service chain tracing.

audit_rbac_permissions

Audit RBAC permissions across namespaces.

check_secrets_security

Scan for insecure secrets and configurations.

get_resource_recommendations

Generate resource recommendations for cost optimization.

get_idle_resources

Identify idle resources that are wasting money.

get_cost_analysis

Analyze cost optimization opportunities in a namespace.

install_helm_chart

Install a Helm chart into the cluster.

helm_list

List Helm releases in the cluster.

switch_context

Switch the active kubectl context.

list_contexts

List all available kubectl contexts.

kubectl_apply

Apply a manifest to the cluster.

show_cluster_overview_ui

Render an interactive HTML cluster overview dashboard (requires [ui] extra).

kubectl_generic

Run a generic kubectl command for operations not covered by dedicated tools.

What this server can do

kubectl-mcp-server provides tools for these capabilities — tap one to see every MCP server that does the same:

Deploy & manage cloud infra

When to use it

Diagnose why a pod is crashing using logs, events, and resource analysis
Deploy and scale applications (e.g. a Redis cluster with replicas) via natural language
Identify wasted/idle resources and get cost-optimization recommendations
Audit RBAC permissions and scan for insecure secrets across namespaces
Manage the full Helm v3 chart lifecycle (install, upgrade, rollback, repos)
Operate across multiple clusters by passing a context parameter without switching contexts

Security notes

Mounts your kubeconfig and operates against live clusters. Use --disable-destructive (or --non-destructive) to allow create/update but block delete, or --read-only to block all writes. Secrets are masked in output (e.g. manifest://secrets data is masked). Optional OAuth 2.1 authentication (RFC 9728) can be enabled via MCP_AUTH_ENABLED for multi-tenant/compliance environments.

kubectl-mcp-server FAQ

How do I install and run it?

Run it with no install via `npx -y kubectl-mcp-server`, or install globally with `npm install -g kubectl-mcp-server`. A Python distribution is also available via `pip install kubectl-mcp-server` (add the `[ui]` extra for interactive dashboards), plus Docker images on Docker Hub and GHCR.

Which AI assistants does it work with?

It works with any MCP-compatible client, with documented native configs for Claude Desktop, Claude Code, Cursor, Windsurf, GitHub Copilot, Gemini CLI, Goose, Roo Code, Kilo Code, and others.

Is it safe to run against production clusters?

It supports safety modes: `--disable-destructive` allows create/update but blocks delete, and `--read-only` blocks all write operations. Secrets are masked in output, and OAuth 2.1 authentication can be enabled for enterprise/multi-tenant use.

Can it manage more than one cluster?

Yes. Most kubectl-backed tools accept an optional `context` parameter to target a specific cluster directly; if omitted, the current kubectl context is used. (vCluster and kind tools run via their local CLIs and do not accept the context parameter.)

#kubernetes #kubectl #devops #helm #gitops #cost-optimization #cncf

Alternatives to kubectl-mcp-server

Compare all alternatives →

GitHub MCP Server

DevOps & Cloud

31k

GitHub's official server for repos, issues, PRs, and Actions — local Docker or hosted remote.

Featured

Verified

stdio (local)

API key

7 tools

Updated 7 days agoRepo

AWS API MCP Server

DevOps & Cloud

9.3k

Official AWS Labs server that lets agents call any AWS API via the AWS CLI surface.

Verified

stdio (local)

API key

Python

3 tools

Updated 9 days agoRepo

kubefwd

DevOps & Cloud

4.1k

Bulk Kubernetes port forwarding with an MCP server that lets AI assistants forward services, inspect pods, and monitor traffic.

Unverified

stdio (local)

No auth

28 tools

Updated 1 day agoRepo

Compare kubectl-mcp-server with:

vs GitHub MCP Server vs AWS API MCP Server vs kubefwd vs Radar