kubectl-go

kubectl-go-mcp-server exposes an MCP-compatible interface that allows clients (such as VS Code with Copilot) to execute kubectl commands against a Kubernetes cluster through a safe, validated layer. The server enforces protection against interactive commands, detects resource-modifying operations, and supports configurable kubeconfig paths so you can target different clusters without exposing credentials directly to the client. Tools registered under this MCP server provide a kubectl tool that validates and runs commands, returning structured execution results that can be consumed by MCP clients for display or further processing.

To use it, run the server (for example via Docker as configured above) and connect your MCP client to the server's stdio or JSON-RPC interface as configured in your environment. You can then issue kubectl commands through the kubectl tool, specifying the full kubectl command and whether the command modifies resources. The server will validate inputs, prevent interactive or unsafe commands, and return results including stdout, stderr, and exit codes. This enables tooling such as code assistants or editors to perform cluster queries, fetch pod lists, view deployments, or inspect resources without exposing direct shell access to the cluster.

Prerequisites:

• Docker installed and running, or a container runtime compatible with the chosen deployment method
• Kubernetes cluster access (kubectl configured) if testing against a real cluster
• Access to build tools if using a local build approach

Installation (Docker-based deployment):

1. Pull or build the image for kubectl-go-mcp-server:
   • If an image is published: docker pull joelayo/kubectl-go-mcp-server:latest
   • If building locally: docker build -t joelayo/kubectl-go-mcp-server:latest .
2. Run the server container (example):
   • docker run -i --rm -e KUBECONFIG=/path/to/kubeconfig -v /path/to/kubeconfig:/path/to/kubeconfig joelayo/kubectl-go-mcp-server:latest
3. Verify the server is responding by connecting your MCP client to the configured endpoint (stdout/stdio or JSON-RPC as your environment provides).

If you prefer a source install (Go):

1. Ensure Go 1.23+ is installed and GOPATH/bin is in your PATH.
2. Clone the repository: git clone https://github.com/Joelayo/kubectl-go-mcp-server.git cd kubectl-go-mcp-server
3. Build the binary: make build
4. Run the binary directly (adjust kubeconfig path as needed): ./kubectl-go-mcp-server --kubeconfig /path/to/kubeconfig
5. Verify the server is reachable via your MCP client as described above.

Tips and common issues:

• Ensure kubectl is installed and access to the target cluster is configured via kubeconfig.
• If you encounter interactive command prevention, review the security documentation and use non-interactive alternatives provided by the kubectl tool (e.g., avoid kubectl edit, kubectl exec -it).
• Configure a custom kubeconfig path if you manage multiple clusters; the server supports reading an alternate kubeconfig through its configuration.
• When using Docker, make sure to expose any necessary environment variables or mount kubeconfig files into the container so kubectl can authenticate against the cluster.
• For troubleshooting, the server logs tool calls, validation results, and errors to aid debugging.