kube-rs

Rust client library for Kubernetes. Provides a typed API for Kubernetes resources (Pods, Deployments, Services, CRDs) with async support via Tokio. Powers Kubernetes operator/controller development in Rust with the controller-runtime equivalent. Includes event watching, informers, reflectors, and CRD schema generation.

Evaluated Mar 06, 2026 (0d ago) v0.90+
Homepage ↗ Repo ↗ Developer Tools rust kubernetes k8s operator controller cloud-native async custom-resources
⚙ Agent Friendliness
60
/ 100
Can an agent use this?
🔒 Security
88
/ 100
Is it safe for agents?
⚡ Reliability
79
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
82
Error Messages
80
Auth Simplicity
82
Rate Limits
75

🔒 Security

TLS Enforcement
95
Auth Strength
88
Scope Granularity
85
Dep. Hygiene
88
Secret Handling
85

Kubernetes RBAC controls access. Service account tokens should follow least privilege. TLS enforced for API server communication.

⚡ Reliability

Uptime/SLA
85
Version Stability
78
Breaking Changes
72
Error Recovery
82
AF Security Reliability

Best When

Building Kubernetes operators, controllers, or Rust services that need programmatic cluster interaction.

Avoid When

Simple scripts or one-off cluster operations — use kubectl or Python kubernetes client for scripting.

Use Cases

  • Build Kubernetes operators and controllers in Rust using kube::Controller with watch/reconcile loops
  • Interact with Kubernetes API server from Rust applications for dynamic resource management
  • Create and manage Custom Resource Definitions (CRDs) with type-safe Rust structs and kube-derive macros
  • Implement Kubernetes admission webhooks in Rust with type-safe object validation
  • Build Kubernetes-native tools that list, watch, create, and delete resources using the typed API

Not For

  • Non-Kubernetes container orchestration — use Docker SDK or Nomad client for other orchestrators
  • Simple kubectl-like operations in scripts — use kubectl CLI directly; kube-rs is for programmatic use
  • Go-preferred organizations — the official Kubernetes client-go and controller-runtime have broader community support

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
No
SDK
Yes
Webhooks
Yes

Authentication

Methods: bearer_token
OAuth: Yes Scopes: Yes

Uses kubeconfig by default for auth. Supports service account tokens, client certificates, OIDC, and exec plugins. In-cluster auth automatic when running inside Kubernetes.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

Apache 2.0 licensed open source library.

Agent Metadata

Pagination
cursor
Idempotent
Partial
Retry Guidance
Documented

Known Gotchas

  • kube-rs versions change frequently — pin versions carefully; v0.80 to v0.90 had API surface changes for Controller setup
  • Custom resources require #[derive(CustomResource)] from kube-derive — forgetting to annotate the CRD struct causes confusing type errors
  • Watch streams need reconnection handling — watcher() from kube::runtime handles reconnection, but raw watches need manual restart logic
  • Controller reconcile functions must return Result — errors trigger requeue with backoff; use ? operator for propagation
  • In-cluster auth requires KUBERNETES_SERVICE_HOST env var — local development needs kubeconfig; implement auto-detection for portability
  • Resource versions and conflict handling — Kubernetes uses optimistic concurrency; update conflicts require refetch and retry

Alternatives

client-go-api kubernetes-python-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for kube-rs.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5227
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered