k8s-mcp-server

An MCP server that exposes Kubernetes read-only style tools to AI assistants: getting a specific Kubernetes resource and listing resources by kind with optional namespace and labelSelector filtering. It supports both in-cluster configuration and external kubeconfig.

Evaluated Apr 04, 2026 (17d ago)

Repo ↗ Infrastructure kubernetes mcp go ai-agent cloud-infrastructure devtools observability

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

Relies on Kubernetes auth (kubeconfig/service account) rather than custom auth. TLS requirements for the MCP transport are not specified in the provided README. Effective authorization depends on Kubernetes RBAC; without explicit mention of RBAC constraints, least-privilege cannot be assumed. Secret handling details (e.g., whether kubeconfig contents are logged) are not documented. Rate limiting/audit logging controls are not described.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

You have an MCP-capable client and appropriate Kubernetes RBAC, and you want an agent to query cluster state (read operations) reliably.

Avoid When

You cannot control the Kubernetes credentials/RBAC used by the server, or you need strong guarantees around output sanitization and auditability for sensitive environments.

Use Cases

• AI-assisted debugging of Kubernetes workloads (e.g., inspect Pods/Deployments)
• Generating context-aware summaries from Kubernetes resources
• Automated inventorying of cluster resources by kind/namespace/labels
• Building agent workflows that query Kubernetes state via MCP tools

Not For

• Performing write/scale/delete operations (not documented as supported)
• Multi-tenant production deployments without strong RBAC and auditing
• Handling sensitive cluster data in untrusted agent environments

Interface

REST API

GraphQL

gRPC

MCP Server

Yes

SDK

Webhooks

Authentication

Methods: Kubeconfig (external cluster access) In-cluster service account (Kubernetes in-cluster config)

OAuth: No Scopes: No

Authentication is delegated to Kubernetes credentials (kubeconfig or service account). No agent-facing OAuth scopes described; Kubernetes RBAC controls effective permissions.

Pricing

Free tier: No

Requires CC: No

Agent Metadata

Pagination

none

Idempotent

True

Retry Guidance

Not documented

Known Gotchas

⚠ Listing resources may return large results; without pagination/limits documented, agents could time out or overwhelm context windows.
⚠ Kubernetes RBAC strongly affects what the server can return; permission errors may occur depending on the service account/kubeconfig used.
⚠ Because tool schemas are generic (kind/name/namespace/labelSelector), agents may request kinds that are not supported/registered, leading to errors.

Alternatives

Using the Kubernetes API directly with a tool wrapper (REST client) Open-source Kubernetes agent/tooling frameworks that provide read APIs Building a custom MCP server around the Kubernetes Go client with tighter RBAC and specific resource schemas

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for k8s-mcp-server.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-04-04.