k8s
Manage Your Kubernetes Cluster with k8s mcp-server
claude mcp add --transport stdio reza-gholizade-k8s-mcp-server ./k8s-mcp-server \ --env READ_ONLY="Enable read-only mode (disables create/update/delete operations)." \ --env KUBECONFIG="Path to kubeconfig file (default: ~/.kube/config)." \ --env SERVER_MODE="Mode of operation (stdio, sse, or streamable-http). Default may be sse." \ --env SERVER_PORT="Port number for the server (e.g., 8080 or 9090)." \ --env KUBE_CONTEXT="Optional: Kubernetes context to use (if applicable)." \ --env KUBECONFIG_DATA="Optional: full kubeconfig content for in-memory auth." \ --env KUBERNETES_TOKEN="Bearer token for API server authentication." \ --env KUBERNETES_SERVER="Kubernetes API server URL for token-based auth." \ --env KUBERNETES_INSECURE=""true" to skip TLS verification (not recommended for prod)." \ --env KUBERNETES_CA_CERT_PATH="Path to CA certificate file for TLS (optional)."
How to use
This MCP server provides a standardized interface for interacting with Kubernetes clusters. It exposes capabilities such as API resource discovery, resource listing and details, resource creation or updates from YAML/JSON manifests, deletions, and observability features like pod logs and node/pod metrics. The server supports multiple transport modes via MCP: stdio for CLI integrations, SSE for web applications, and streamable-http for web clients, with an optional read-only mode to prevent writes. To get started, run the server in one of the supported modes and point it at your Kubernetes cluster using one of the authentication methods described in the deployment guide. Once running, you can query resources, watch events, fetch logs, and manage resources through the MCP interface in a consistent manner across modes.
How to install
Prerequisites:
- Go 1.23 or later
- Access to a Kubernetes cluster
- kubectl configured with appropriate cluster access
Installation steps:
- Clone the repository
git clone https://github.com/reza-gholizade/k8s-mcp-server.git
cd k8s-mcp-server
- Install dependencies
go mod download
- Build the server
go build -o k8s-mcp-server main.go
- Run the server (example)
./k8s-mcp-server --mode sse --port 8080
Optional: set environment variables to configure authentication and modes, for example:
export SERVER_MODE=sse
export SERVER_PORT=8080
export KUBECONFIG_DATA="$(cat ~/.kube/config)"
./k8s-mcp-server
Additional notes
Tips and notes:
- The server supports multiple authentication methods with a priority order: kubeconfig data, API server URL + token, in-cluster service account, and kubeconfig file path. If you deploy inside Kubernetes, prefer the in-cluster ServiceAccount approach for seamless access.
- In read-only mode, createResource and related Helm management operations are disabled. Use this for safe exploration.
- If you encounter TLS issues, you can provide KUBERNETES_CA_CERT_PATH or set KUBERNETES_INSECURE=true for testing, but avoid insecure settings in production.
- Ensure the service account (if used) has the necessary RBAC permissions for the resources you plan to manage (get/list/watch/create/update/patch/delete).
- The server can operate in stdio, SSE, or streamable-http modes; pick the mode that best fits your integration (CLI tools vs web apps).
- When wiring to Kubernetes clusters with restricted networks, ensure API server accessibility from the MCP server host and proper network policies.
Related MCP Servers
yokai
Simple, modular, and observable Go framework for backend applications.
jetski
Authentication, analytics, and prompt visibility for MCP servers with zero code changes. Supports OAuth2.1, DCR, real-time logs, and client onboarding out of the box
tempo
An MCP ( Model Context Protocol ) Server for Grafana Tempo
kai
An MCP Server for Kubernetes
chromedp
MCP server for browser automation using chromedp
timebound-iam
An MCP Server that sits between your agent and AWS STS and issues temporary credentials scoped to specific AWS Services
