/ Directory / Playground / Kubernetes MCP Server
← All servers ↗ GitHub
● Community containers 🔑 Needs your key

Kubernetes MCP Server

by containers · containers/kubernetes-mcp-server

kubectl, but driven by Claude — uses your kubeconfig + RBAC, supports any cluster (vanilla k8s, OpenShift, EKS, GKE, AKS, k3s).

kubernetes-mcp-server (containers org) is a single Go binary that talks to any Kubernetes API server using your existing kubeconfig. It exposes the standard verbs (list/get/apply/delete/log/exec) as MCP tools while respecting your RBAC — so the principle of least privilege still works. Supports OpenShift extensions too.

▶ Watch demo 📦 Install 💡 Use Cases

Why use it

Key features

Live Demo

What it looks like in practice

kubernetes-mcp-containers.replay ▶ ready
0/0

Install

Pick your client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "kubernetes-mcp-containers": {
      "command": "npx",
      "args": [
        "-y",
        "kubernetes-mcp-server@latest"
      ],
      "env": {
        "KUBECONFIG": "${HOME}/.kube/config"
      }
    }
  }
}

Open Claude Desktop → Settings → Developer → Edit Config. Restart after saving.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "kubernetes-mcp-containers": {
      "command": "npx",
      "args": [
        "-y",
        "kubernetes-mcp-server@latest"
      ],
      "env": {
        "KUBECONFIG": "${HOME}/.kube/config"
      }
    }
  }
}

Cursor uses the same mcpServers schema as Claude Desktop. Project config wins over global.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "kubernetes-mcp-containers": {
      "command": "npx",
      "args": [
        "-y",
        "kubernetes-mcp-server@latest"
      ],
      "env": {
        "KUBECONFIG": "${HOME}/.kube/config"
      }
    }
  }
}

Click the MCP Servers icon in the Cline sidebar, then "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "kubernetes-mcp-containers": {
      "command": "npx",
      "args": [
        "-y",
        "kubernetes-mcp-server@latest"
      ],
      "env": {
        "KUBECONFIG": "${HOME}/.kube/config"
      }
    }
  }
}

Same shape as Claude Desktop. Restart Windsurf to pick up changes.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "kubernetes-mcp-containers",
      "command": "npx",
      "args": [
        "-y",
        "kubernetes-mcp-server@latest"
      ]
    }
  ]
}

Continue uses an array of server objects rather than a map.

~/.config/zed/settings.json
{
  "context_servers": {
    "kubernetes-mcp-containers": {
      "command": {
        "path": "npx",
        "args": [
          "-y",
          "kubernetes-mcp-server@latest"
        ]
      }
    }
  }
}

Add to context_servers. Zed hot-reloads on save.

claude mcp add kubernetes-mcp-containers -- npx -y kubernetes-mcp-server@latest

One-liner. Verify with claude mcp list. Remove with claude mcp remove.

Use Cases

Real-world ways to use Kubernetes MCP Server

Triage a production incident on Kubernetes

👤 SREs / platform engineers ⏱ ~10 min intermediate

When to use: An app is misbehaving in prod and you need to look at pods, events, logs without alt-tabbing.

Prerequisites
  • kubeconfig with access to the cluster — Standard aws eks update-kubeconfig or equivalent
Flow
  1. Find unhealthy pods
    k8s: in context prod-us-east, namespace checkout, list pods not in Running state. Include reason + restart count.✓ Copied
    → Pods shown with state, reason, restarts
  2. Get events
    Get events in that namespace from the last 30 minutes, sorted by time.✓ Copied
    → Events list; OOMKilled or ImagePullBackOff visible if present
  3. Get logs
    For the pod with the most recent restart, tail the previous container's logs (last 200 lines).✓ Copied
    → Stack trace / cause visible
  4. Diagnose
    Synthesize: what's the likely root cause and what should we do? Be specific.✓ Copied
    → Concrete next step (e.g. raise memory limit + roll out)

Outcome: Triage in <5 minutes with cited pod names + log lines.

Pitfalls
  • Logs of a missing previous container aren't available — If pod only restarted once, check current container logs and previous container only if it crashed
  • Wrong context — Always specify context per call; don't rely on current-context drift
Combine with: sentry · github

Author a Deployment using cluster context

👤 App devs writing manifests ⏱ ~20 min intermediate

When to use: You need a new Deployment and want it to match cluster conventions.

Flow
  1. Inspect existing
    k8s: get a sample existing Deployment in apps namespace. I want to match its labels, security context, resources.✓ Copied
    → Returns a representative Deployment YAML
  2. Author new
    Now write a new Deployment for image-resizer:1.2.0, 2 replicas, port 8080, matching the conventions.✓ Copied
    → YAML that respects cluster conventions
  3. Dry-run apply
    Apply with --dry-run=server. Report any validation errors.✓ Copied
    → Server-side validation passes; no ApplyConfiguration drift

Outcome: Manifest matches cluster idioms first try.

Pitfalls
  • Forgetting the PSA labels — Read the namespace's pod-security labels first
Combine with: filesystem · github

Audit Helm releases across namespaces

👤 Platform team ⏱ ~25 min intermediate

When to use: Quarterly: find outdated chart versions across the fleet.

Flow
  1. List all releases
    k8s/Helm: list every release in every namespace. Include chart + version + appVersion.✓ Copied
    → Full release table
  2. Highlight outdated
    For each, compare against the latest chart version (you can search). Flag releases >2 minor versions behind.✓ Copied
    → Flagged set with current vs latest

Outcome: Upgrade backlog with priority order.

Pitfalls
  • Mixed Helm 2 leftovers — Filter to v3 releases; the MCP only handles Helm 3

Combinations

Pair with other MCPs for X10 leverage

kubernetes-mcp-containers + sentry

Correlate errors with pod restarts

Sentry: error spike at 14:00. k8s: any pod restarts in checkout ns at that time?✓ Copied
kubernetes-mcp-containers + github

Open PR with manifest fix

k8s: identify the bad memory limit. GitHub: open a PR raising it in helm/values.yaml.✓ Copied
kubernetes-mcp-containers + mcp-grafana

Cross-reference k8s state with Prometheus

k8s: pod is restarting. Grafana: pull memory usage history for that pod.✓ Copied

Tools

What this MCP exposes

ToolInputsWhen to callCost
list_resources context?, namespace?, kind: str, label_selector? Discovery 1 API call
get_resource context?, namespace?, kind, name Inspect specific item 1 call
apply_yaml context?, yaml: str, dry_run?: bool Create or update 1 call
delete_resource context?, namespace?, kind, name Remove 1 call
get_logs context?, namespace, pod, container?, previous?, tail? Inspect runtime 1 call
exec context?, namespace, pod, container?, command: str[] Diagnose inside container 1 call
list_events context?, namespace, since? Look for OOMKilled/ImagePullBackOff 1 call
list_helm_releases context?, namespace? Helm audit 1 call

Cost & Limits

What this costs to run

API quota
Bound by kube-apiserver QPS (default ~50)
Tokens per call
200–8000 (logs/yaml can be large)
Monetary
Free OSS; cluster bill applies
Tip
Use --tail on logs aggressively; never get pods -o yaml -A on huge clusters

Security

Permissions, secrets, blast radius

Minimum scopes: whatever your kubeconfig user has — RBAC enforced server-side
Credential storage: kubeconfig file; rotate via your cloud provider
Data egress: Only your kube API endpoint
Never grant: cluster-admin to a kubeconfig used with an LLM

Troubleshooting

Common errors and fixes

Unauthorized / 403

RBAC denies the verb; check kubectl auth can-i for that user

Verify: kubectl auth can-i get pods -n checkout
Connection refused

VPN not up, or context points at wrong endpoint; check kubectl cluster-info

Apply rejected: validation error

Run with dry_run=server first; surface the exact error

Logs too large

Use tail param; default is whole log

Alternatives

Kubernetes MCP Server vs others

AlternativeWhen to use it insteadTradeoff
kubectl-mcp (other forks)You prefer a different binaryLess actively maintained
Lens / k9sYou want interactive UI, not LLMNo automation layer
Argo CD MCPYou're GitOps-onlyIndirect; deploys via Git, not direct API

More

Resources

📖 Read the official README on GitHub

🐙 Browse open issues

🔍 Browse all 400+ MCP servers and Skills