MCP Directory

mcp-k8s

Kubernetes MCP server: manage cluster resources and Helm releases through MCP tools, with fine-grained write controls.

Unverified
stdio (local)
No auth
Go
View repo 146 Website

Add to your client

Copy the config for your MCP client and paste it into its config file.

Install / run
go install github.com/silenceper/mcp-k8s/cmd/mcp-k8s@latest

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mcp-k8s": {
      "command": "/path/to/mcp-k8s",
      "args": [
        "--kubeconfig",
        "/path/to/kubeconfig",
        "--enable-create",
        "--enable-delete",
        "--enable-update",
        "--enable-list",
        "--enable-helm-install",
        "--enable-helm-upgrade"
      ]
    }
  }
}

Step-by-step guides: Add to Claude Desktop · Add to Cursor · Add to Windsurf

Before you start

  • Access to a Kubernetes cluster
  • A kubeconfig file (uses the default config if --kubeconfig is not specified)
  • Go (only if building from source or using `go install`); otherwise a prebuilt binary or the Docker image
  • Helm v3 (for Helm-related tools)

About mcp-k8s

mcp-k8s is a Go-based, stdio MCP server that connects to Kubernetes clusters via kubeconfig and exposes cluster operations as MCP tools. It lets an LLM client query resource types (including CRDs), perform CRUD operations on any Kubernetes resource, and manage Helm releases and repositories. Read operations are available by default; write operations (resource create/update/delete and Helm install/upgrade/uninstall, repo add/remove) are each gated behind independent enable flags. Besides stdio, it can also run in SSE or Streamable HTTP transport modes and ships as a Docker image (ghcr.io/silenceper/mcp-k8s).

Tools & capabilities (14)

get_api_resources

Get all supported API resource types in the cluster (built-in resources and CRDs).

get_resource

Get detailed information about a specific resource.

list_resources

List all instances of a resource type, with filtering options.

create_resource

Create new resources. Disabled by default; enabled with --enable-create.

update_resource

Update existing resources. Disabled by default; enabled with --enable-update.

delete_resource

Delete resources. Disabled by default; enabled with --enable-delete.

list_helm_releases

List all Helm releases in the cluster.

get_helm_release

Get detailed information about a specific Helm release.

install_helm_chart

Install a Helm chart. Disabled by default; enabled with --enable-helm-install.

upgrade_helm_chart

Upgrade a Helm release. Disabled by default; enabled with --enable-helm-upgrade.

uninstall_helm_chart

Uninstall a Helm release. Disabled by default; enabled with --enable-helm-uninstall.

list_helm_repositories

List configured Helm repositories.

add_helm_repository

Add a new Helm repository. Disabled by default; enabled with --enable-helm-repo-add.

remove_helm_repository

Remove a Helm repository. Disabled by default; enabled with --enable-helm-repo-remove.

What this server can do

mcp-k8s provides tools for these capabilities — tap one to see every MCP server that does the same:

Manage Git reposDeploy & manage cloud infra

When to use it

  • Manage Kubernetes resources through natural language instead of memorizing kubectl commands
  • Query cluster resource status and get easy-to-understand responses
  • Assist with cluster problem diagnosis and configuration review
  • Quickly create and validate resource configurations during development and testing
  • Install, upgrade, and manage Helm releases and repositories via an LLM
  • Interactive learning of Kubernetes concepts for newcomers

Security notes

Write operations are disabled by default and must be explicitly enabled via flags (--enable-create, --enable-update, --enable-delete, and the --enable-helm-* equivalents). Helm read operations are enabled by default while Helm write operations are disabled by default. The server validates all user inputs to prevent injection attacks and relies on Kubernetes RBAC to ensure the client has only the necessary permissions. In SSE/HTTP mode the server exposes an HTTP endpoint; deploy it on a remote server with caution.

mcp-k8s FAQ

How does mcp-k8s connect to my cluster?

It connects using a kubeconfig file. Pass --kubeconfig /path/to/kubeconfig, or omit it to use the default kubeconfig.

Are write operations safe by default?

Yes. Resource write operations (create/update/delete) and Helm write operations (install/upgrade/uninstall, repo add/remove) are all disabled by default and must be explicitly enabled with their respective --enable-* flags. Read and list operations are enabled by default.

What transport modes are supported?

stdio (default), SSE, and Streamable HTTP. Use --transport=sse or --transport=streamable-http along with --host/--port (and --endpoint-path for streamable-http) to run over HTTP.

Can I run it without building from source?

Yes. Download a prebuilt binary from the GitHub releases page, run `go install github.com/silenceper/mcp-k8s/cmd/mcp-k8s@latest`, or use the Docker image ghcr.io/silenceper/mcp-k8s:latest.

#kubernetes#k8s#helm#devops#kubeconfig#crd#go

Alternatives to mcp-k8s

Compare all alternatives →
GitHub MCP Server
DevOps & Cloud
31k

GitHub's official server for repos, issues, PRs, and Actions — local Docker or hosted remote.

Featured
Verified
stdio (local)
API key
Go
7 tools
Updated 7 days agoRepo
AWS API MCP Server
DevOps & Cloud
9.3k

Official AWS Labs server that lets agents call any AWS API via the AWS CLI surface.

Verified
stdio (local)
API key
Python
3 tools
Updated 9 days agoRepo
kubefwd
DevOps & Cloud
4.1k

Bulk Kubernetes port forwarding with an MCP server that lets AI assistants forward services, inspect pods, and monitor traffic.

Unverified
stdio (local)
No auth
Go
28 tools
Updated 1 day agoRepo

Compare mcp-k8s with:

vs GitHub MCP Servervs AWS API MCP Servervs kubefwdvs Radar