k8s-mcp.mp4
A Model Context Protocol (MCP) server that provides safe, read-only access to Kubernetes resources for debugging and inspection. Built with security in mind, it offers comprehensive cluster visibility without modification capabilities.
- π Read-only security: Safely inspect Kubernetes resources without modification capabilities
- π― CRD support: Works seamlessly with any Custom Resource Definitions in your cluster
- π Smart discovery: Find resources by API group substring (e.g., "flux" for FluxCD, "argo" for ArgoCD)
- β‘ High performance: Efficient resource querying with filtering and pagination
- π οΈ Comprehensive toolset:
list_resources: List and filter Kubernetes resources with advanced optionsdescribe_resource: Get detailed information about specific resourcesget_pod_logs: Retrieve pod logs with sophisticated filtering capabilitieslist_events: List and filter Kubernetes events for debugging and monitoring
- Kubernetes cluster access with a valid kubeconfig file
- Go 1.24+ (for building from source)
go install github.com/kkb0318/kubernetes-mcp@latestThe binary will be available at $GOPATH/bin/kubernetes-mcp (or $HOME/go/bin/kubernetes-mcp if GOPATH is not set).
git clone https://github.com/kkb0318/kubernetes-mcp.git
cd kubernetes-mcp
go build -o kubernetes-mcp .Add the server to your MCP configuration:
Uses ~/.kube/config automatically:
{
"mcpServers": {
"kubernetes": {
"command": "/path/to/kubernetes-mcp"
}
}
}{
"mcpServers": {
"kubernetes": {
"command": "/path/to/kubernetes-mcp",
"env": {
"KUBECONFIG": "/path/to/your/kubeconfig"
}
}
}
}Note: Replace
/path/to/kubernetes-mcpwith your actual binary path.
# Default kubeconfig (~/.kube/config)
./kubernetes-mcp
# Custom kubeconfig path
KUBECONFIG=/path/to/your/kubeconfig ./kubernetes-mcpImportant: Ensure you have appropriate read permissions for the Kubernetes resources you want to inspect.
List and filter Kubernetes resources with advanced capabilities.
| Parameter | Type | Description |
|---|---|---|
kind |
required | Resource type (Pod, Deployment, Service, etc.) or "all" for discovery |
groupFilter |
optional | Filter by API group substring for project-specific resources |
namespace |
optional | Target namespace (defaults to all namespaces) |
labelSelector |
optional | Filter by labels (e.g., "app=nginx") |
fieldSelector |
optional | Filter by fields (e.g., "metadata.name=my-pod") |
limit |
optional | Maximum number of resources to return |
timeoutSeconds |
optional | Request timeout (default: 30s) |
showDetails |
optional | Return full resource objects instead of summary |
Examples:
// List pods with label selector
{
"kind": "Pod",
"namespace": "default",
"labelSelector": "app=nginx"
}
// Discover FluxCD resources
{
"kind": "all",
"groupFilter": "flux"
}Get detailed information about a specific Kubernetes resource.
| Parameter | Type | Description |
|---|---|---|
kind |
required | Resource type (Pod, Deployment, etc.) |
name |
required | Resource name |
namespace |
optional | Target namespace |
Example:
{
"kind": "Pod",
"name": "nginx-pod",
"namespace": "default"
}Retrieve pod logs with sophisticated filtering options.
| Parameter | Type | Description |
|---|---|---|
name |
required | Pod name |
namespace |
optional | Pod namespace (defaults to "default") |
container |
optional | Specific container name |
tail |
optional | Number of lines from the end (default: 100) |
since |
optional | Duration like "5s", "2m", "3h" |
sinceTime |
optional | RFC3339 timestamp |
timestamps |
optional | Include timestamps in output |
previous |
optional | Get logs from previous container instance |
Example:
{
"name": "nginx-pod",
"namespace": "default",
"tail": 50,
"since": "5m",
"timestamps": true
}List and filter Kubernetes events with advanced filtering options for debugging and monitoring.
| Parameter | Type | Description |
|---|---|---|
namespace |
optional | Target namespace (leave empty for all namespaces) |
object |
optional | Filter by object name (e.g., pod name, deployment name) |
eventType |
optional | Filter by event type: "Normal" or "Warning" (case-insensitive) |
reason |
optional | Filter by event reason (e.g., "Pulled", "Failed", "FailedScheduling") |
since |
optional | Duration like "5s", "2m", "1h" |
sinceTime |
optional | RFC3339 timestamp (e.g., "2025-06-20T10:00:00Z") |
limit |
optional | Maximum number of events to return (default: 100) |
timeoutSeconds |
optional | Request timeout (default: 30s) |
Examples:
// List recent warning events
{
"eventType": "Warning",
"since": "30m"
}
// List events for a specific pod
{
"object": "nginx-pod",
"namespace": "default"
}
// List failed scheduling events
{
"reason": "FailedScheduling",
"limit": 50
}Automatically discovers and works with any CRDs in your cluster. Simply use the CRD's Kind name with list_resources or describe_resource tools.
Use the groupFilter parameter to discover resources by API group substring:
| Filter | Discovers | Examples |
|---|---|---|
"flux" |
FluxCD resources | HelmReleases, Kustomizations, GitRepositories |
"argo" |
ArgoCD resources | Applications, AppProjects, ApplicationSets |
"istio" |
Istio resources | VirtualServices, DestinationRules, Gateways |
"cert-manager" |
cert-manager resources | Certificates, Issuers, ClusterIssuers |
Built with security as a primary concern:
- β Read-only access - No resource creation, modification, or deletion
- β Production safe - Secure for use in production environments
- β Minimal permissions - Only requires read access to cluster resources
- β No destructive operations - Cannot harm your cluster
We welcome contributions! Please ensure all changes maintain the read-only nature of the server and include appropriate tests.
This project is licensed under the MIT License - see the LICENSE file for details.
