Kubernetes MCP Server

Go-native MCP server for Kubernetes and OpenShift — manage pods, resources, Helm, Tekton, and more.

Unverified

stdio (local)

No auth

View repo 1.7k npm

Add to your client

Copy the config for your MCP client and paste it into its config file.

Install / run

npx -y kubernetes-mcp-server@latest

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "kubernetes-mcp-server": {
      "command": "npx",
      "args": [
        "-y",
        "kubernetes-mcp-server@latest"
      ]
    }
  }
}

Step-by-step guides: Add to Claude Desktop · Add to Cursor · Add to Windsurf

Before you start

Access to a Kubernetes cluster
A kubeconfig file or in-cluster configuration
npm/Node.js (only if running via npx) or uv/Python (only if running via uvx); not required when using the native binary

About Kubernetes MCP Server

A Go-native MCP server for Kubernetes and OpenShift that talks directly to the Kubernetes API server rather than wrapping kubectl or helm. It exposes pod operations (list, get, delete, logs, top, exec, run), generic CRUD on any Kubernetes/OpenShift resource, namespaces, events, OpenShift projects, Helm release management, and Tekton pipeline operations. Tools are grouped into toolsets (config, core, helm, kcp, kiali, kubevirt, tekton) that can be enabled or disabled to control the surface area exposed to the LLM. It is multi-cluster aware, cross-platform (native binary, npm, PyPI, Docker), and supports read-only and non-destructive modes for safer operation.

Tools & capabilities (46)

configuration_contexts_list

List all available context names and associated server URLs from the kubeconfig file.

targets_list

List all available targets.

configuration_view

Get the current Kubernetes configuration content as a kubeconfig YAML (minified by default).

events_list

List Kubernetes events (warnings, errors, state changes) for debugging and troubleshooting across all namespaces or a specific namespace.

namespaces_list

List all the Kubernetes namespaces in the current cluster.

projects_list

List all the OpenShift projects in the current cluster.

nodes_log

Get logs from a Kubernetes node (kubelet, kube-proxy, or other system logs) through the Kubernetes API proxy to the kubelet.

nodes_stats_summary

Get detailed resource usage statistics from a node via the kubelet's Summary API (CPU, memory, filesystem, network, and PSI metrics where available).

nodes_top

List CPU and memory consumption for specified nodes or all nodes, as recorded by the Kubernetes Metrics Server.

pods_list

List all the Kubernetes pods in the current cluster across all namespaces, with optional field and label selectors.

pods_list_in_namespace

List all the Kubernetes pods in the specified namespace, with optional field and label selectors.

pods_get

Get a Kubernetes Pod in the current or provided namespace by name.

pods_delete

Delete a Kubernetes Pod in the current or provided namespace by name.

pods_top

List CPU and memory consumption for pods in all namespaces, a provided namespace, or the current namespace, as recorded by the Metrics Server.

pods_exec

Execute a command in a Kubernetes Pod container (shell access).

pods_log

Get the logs of a Kubernetes Pod in the current or provided namespace, with optional container, previous, and tail options.

pods_run

Run a Kubernetes Pod with the provided container image and optional name, optionally exposing a port.

resources_list

List Kubernetes resources by apiVersion and kind, optionally filtered by namespace and label selector.

resources_get

Get a Kubernetes resource by apiVersion, kind, optional namespace, and name.

resources_create_or_update

Create or update a Kubernetes resource from a YAML or JSON representation.

resources_delete

Delete a Kubernetes resource by apiVersion, kind, optional namespace, and name.

resources_scale

Get or update the scale of a Kubernetes resource (e.g. Deployment, StatefulSet); always returns the current scale.

helm_install

Install (deploy) a Helm chart to create a release in the current or provided namespace.

helm_list

List all Helm releases in the current or provided namespace, or in all namespaces.

helm_uninstall

Uninstall a Helm release in the current or provided namespace.

kcp_workspaces_list

List all available kcp workspaces in the current cluster.

kcp_workspace_describe

Get detailed information about a specific kcp workspace.

kiali_get_mesh_traffic_graph

Return service-to-service traffic topology, dependencies, and network metrics (throughput, response time, mTLS) for specified namespaces.

kiali_get_mesh_status

Retrieve high-level health, topology, and environment details of the Istio service mesh (control plane, data plane, observability stack).

kiali_manage_istio_config_read

Read-only Istio config: list or get objects.

kiali_manage_istio_config

Create, patch, or delete Istio config.

kiali_get_resource_details

Fetch a list of resources or retrieve detailed data for a specific resource in the mesh.

kiali_list_traces

List distributed traces for a service in a namespace, with a summary and per-trace details.

kiali_get_trace_details

Fetch a single distributed trace by trace ID and return its call hierarchy.

kiali_get_pod_performance

Return a human-readable summary of current Pod CPU/memory usage compared to Kubernetes requests/limits.

kiali_get_logs

Get the logs of a Pod (or workload resolved to a pod) in a namespace, with optional severity filtering.

kiali_get_metrics

Return a compact JSON summary of Istio metrics (latency quantiles, traffic trends, throughput, payload sizes) for a resource.

vm_clone

Clone a KubeVirt VirtualMachine by creating a VirtualMachineClone resource.

vm_create

Create a KubeVirt VirtualMachine, automatically resolving instance types, preferences, and container disk images.

vm_guest_info

Get guest OS information from a VirtualMachine's QEMU guest agent (OS, filesystems, network, users).

vm_lifecycle

Manage KubeVirt VirtualMachine lifecycle: start, stop, or restart a VM.

tekton_pipeline_start

Start a Tekton Pipeline by creating a PipelineRun that references it.

tekton_pipelinerun_restart

Restart a Tekton PipelineRun by creating a new PipelineRun with the same spec.

tekton_task_start

Start a Tekton Task by creating a TaskRun that references it.

tekton_taskrun_restart

Restart a Tekton TaskRun by creating a new TaskRun with the same spec.

tekton_taskrun_logs

Get the logs from a Tekton TaskRun by resolving its underlying pod.

What this server can do

Kubernetes MCP Server provides tools for these capabilities — tap one to see every MCP server that does the same:

Deploy & manage cloud infra

When to use it

Diagnose and automatically fix a failing Deployment in Kubernetes or OpenShift via an AI assistant
Inspect cluster state safely in read-only mode — list pods, view events, and read logs for troubleshooting
Deploy and manage applications, including installing and uninstalling Helm charts
Run comprehensive cluster health checks across namespaces using the built-in cluster-health-check prompt
Operate Tekton CI/CD pipelines and KubeVirt virtual machines through natural-language requests
Manage multiple clusters simultaneously by switching context per tool call

Security notes

Has full access to your Kubernetes cluster via your kubeconfig credentials. Supports `--read-only` mode (blocks all write operations) and `--disable-destructive` mode (blocks delete/update). For HTTP mode, OAuth/OIDC authentication is supported (Keycloak, Microsoft Entra ID). TOML config can restrict access to sensitive resources via `denied_resources` (e.g. Secrets). Sensitive data (tokens, keys, passwords, cloud credentials) is automatically redacted before being sent to clients. For production, the docs recommend a dedicated ServiceAccount with read-only access.

Kubernetes MCP Server FAQ

Is this just a wrapper around kubectl or helm?

No. It is a Go-based native implementation that interacts directly with the Kubernetes API server, so there is no need for external CLIs or for Node/Python to be installed when using the native binaries.

How do I limit what the server can do?

Use --read-only to block all write operations, or --disable-destructive to block delete/update operations. You can also use a TOML config with denied_resources to restrict access to sensitive resource types like Secrets, and enable only the toolsets you need via --toolsets.

Does it support OpenShift?

Yes. It supports both Kubernetes and OpenShift, including OpenShift-specific operations such as listing Projects and Routes.

Can it talk to multiple clusters?

Yes. Multi-cluster support is enabled by default; when you have access to multiple clusters, applicable tools accept a context argument to select the cluster. You can disable this with --disable-multi-cluster.

How do I run it in HTTP/SSE mode instead of stdio?

Pass the --port flag, which starts the MCP server in Streamable HTTP mode (path /mcp) and Server-Sent Event mode (path /sse) on the specified port. OAuth/OIDC authentication is supported in HTTP mode.

#kubernetes #openshift #helm #tekton #devops #containers #kubevirt #kiali

Alternatives to Kubernetes MCP Server

Compare all alternatives →

GitHub MCP Server

DevOps & Cloud

31k

GitHub's official server for repos, issues, PRs, and Actions — local Docker or hosted remote.

Featured

Verified

stdio (local)

API key

7 tools

Updated 7 days agoRepo

AWS API MCP Server

DevOps & Cloud

9.3k

Official AWS Labs server that lets agents call any AWS API via the AWS CLI surface.

Verified

stdio (local)

API key

Python

3 tools

Updated 9 days agoRepo

kubefwd

DevOps & Cloud

4.1k

Bulk Kubernetes port forwarding with an MCP server that lets AI assistants forward services, inspect pods, and monitor traffic.

Unverified

stdio (local)

No auth

28 tools

Updated 1 day agoRepo

Compare Kubernetes MCP Server with:

vs GitHub MCP Server vs AWS API MCP Server vs kubefwd vs Radar