Model Context Protocol moderate risk

K8s

A Kubernetes MCP server providing a standardized interface for interacting with Kubernetes clusters, offering resource management, monitoring, and control capabilities.

Connections & Capabilities

Connects To

GitHubRedisDockerKubernetesFilesystem

Capabilities

readwriteexec

Quickstart

Config

{
  "mcp.mcpServers": {
    "k8s-mcp-server": {
      "command": "k8s-mcp-server",
      "args": ["--mode", "stdio"],
      "env": {
        "KUBECONFIG": "${env:HOME}/.kube/config"
      }
    }
  }
}

Exposed MCP Tools (10)

safe

getAPIResources

Retrieves all available API resources in the Kubernetes cluster.

Read-only operation with no side effects.

safe

listResources

Lists resources of a specified type, with optional filtering by namespace and labels.

Read-only operation; only lists existing resources.

safe

getResource

Retrieves detailed information about a specific Kubernetes resource.

Read-only operation; retrieves existing resource data.

safe

describeResource

Provides a comprehensive description of a Kubernetes resource.

Read-only operation; provides information about a resource.

safe

getPodsLogs

Retrieves logs from a specified pod, optionally from a specific container.

Read-only operation; retrieves log data.

safe

getNodeMetrics

Retrieves resource usage metrics for a specific node.

Read-only operation; retrieves metrics data.

safe

getPodMetrics

Retrieves CPU and memory metrics for a specific pod.

Read-only operation; retrieves metrics data.

safe

getEvents

Lists events within a namespace or related to a specific resource.

Read-only operation; lists existing events.

high

createResource

Creates or updates Kubernetes resources from a YAML or JSON manifest.

Can modify cluster state; requires careful validation of input.

critical

deleteResource

Deletes a resource in the Kubernetes cluster based on the provided namespace and kind.

Destructive operation; can lead to data loss or service disruption.

Safety Assessment

The server's safety depends heavily on its configuration. Read-only mode and proper RBAC significantly reduce risk. However, the ability to create, update, and delete resources, combined with potential misconfigurations, introduces moderate risk.

Supports read-only mode to prevent accidental modifications.
Can be configured with RBAC when deployed within a Kubernetes cluster.
Authentication methods prioritize secure options like service accounts and kubeconfig data.
Runs as a non-root user in Docker containers.

Offers resource creation, update, and deletion capabilities.
Improperly configured RBAC can lead to privilege escalation.
Kubeconfig or token exposure could grant unauthorized cluster access.
Insecure TLS verification can be enabled via environment variable.