How to add kubectl-mcp-server to Claude Desktop
Control your entire Kubernetes infrastructure through natural language conversations with AI. Paste the config into ~/Library/Application Support/Claude/claude_desktop_config.json and restart Claude Desktop.
Last updated June 14, 2026 ยท 913โ ยท stdio ยท no auth
Claude Desktop config for kubectl-mcp-server
npx -y kubectl-mcp-server{
"mcpServers": {
"kubectl-mcp-server": {
"command": "npx",
"args": [
"-y",
"kubectl-mcp-server"
]
}
}
}Setup steps
- 1Open Claude Desktop โ Settings โ Developer โ Edit Config (this opens ~/Library/Application Support/Claude/claude_desktop_config.json).
- 2Paste the kubectl-mcp-server config below under the top-level "mcpServers" key.
- 3Fill in any placeholder secrets (API keys, paths) in the snippet.
- 4Save the file, then fully quit and reopen Claude Desktop.
- 5Open a chat and confirm kubectl-mcp-server's tools appear under the ๐ tools menu.
Before you start
- Python 3.9+ (for pip installation)
- Node.js 14+ (for npx installation)
- kubectl installed and configured
- Access to a Kubernetes cluster
What kubectl-mcp-server can do in Claude Desktop
get_podsList pods in a namespace (accepts namespace and optional context).
get_logsRetrieve logs from a pod.
diagnose_pod_crashAI-powered crash diagnosis with logs, events, and resource analysis.
get_deploymentsList deployments in the cluster.
create_deploymentCreate a deployment with best-practice defaults.
scale_deploymentScale a deployment to a target replica count.
kubectl_rolloutManage deployment rollouts (status, undo, restart).
diagnose_network_connectivityDiagnose network connectivity issues including DNS resolution and service chain tracing.
Security
Mounts your kubeconfig and operates against live clusters. Use --disable-destructive (or --non-destructive) to allow create/update but block delete, or --read-only to block all writes. Secrets are masked in output (e.g. manifest://secrets data is masked). Optional OAuth 2.1 authentication (RFC 9728) can be enabled via MCP_AUTH_ENABLED for multi-tenant/compliance environments.
kubectl-mcp-server + Claude Desktop FAQ
Where is the Claude Desktop config file?
Claude Desktop reads MCP servers from ~/Library/Application Support/Claude/claude_desktop_config.json. Paste the kubectl-mcp-server config there under the "mcpServers" key and restart the client.
Is kubectl-mcp-server safe to use with Claude Desktop?
Mounts your kubeconfig and operates against live clusters. Use --disable-destructive (or --non-destructive) to allow create/update but block delete, or --read-only to block all writes. Secrets are masked in output (e.g. manifest://secrets data is masked). Optional OAuth 2.1 authentication (RFC 9728) can be enabled via MCP_AUTH_ENABLED for multi-tenant/compliance environments.
How do I install and run it?
Run it with no install via `npx -y kubectl-mcp-server`, or install globally with `npm install -g kubectl-mcp-server`. A Python distribution is also available via `pip install kubectl-mcp-server` (add the `[ui]` extra for interactive dashboards), plus Docker images on Docker Hub and GHCR.
Which AI assistants does it work with?
It works with any MCP-compatible client, with documented native configs for Claude Desktop, Claude Code, Cursor, Windsurf, GitHub Copilot, Gemini CLI, Goose, Roo Code, Kilo Code, and others.
Is it safe to run against production clusters?
It supports safety modes: `--disable-destructive` allows create/update but blocks delete, and `--read-only` blocks all write operations. Secrets are masked in output, and OAuth 2.1 authentication can be enabled for enterprise/multi-tenant use.