kubectl MCP Server

MCP server that bridges AI assistants to Kubernetes clusters, exposing 253 tools for pod diagnostics, deployment management, RBAC auditing, Helm chart management, cost optimization, and network diagnostics through natural language conversations.

Evaluated Mar 06, 2026 (0d ago) vunknown
Homepage ↗ Repo ↗ Other kubernetes kubectl k8s mcp devops infrastructure helm rbac diagnostics security-audit
⚙ Agent Friendliness
76
/ 100
Can an agent use this?
🔒 Security
84
/ 100
Is it safe for agents?
⚡ Reliability
77
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
82
Documentation
80
Error Messages
0
Auth Simplicity
62
Rate Limits
70

🔒 Security

TLS Enforcement
95
Auth Strength
85
Scope Granularity
80
Dep. Hygiene
80
Secret Handling
78

Uses kubeconfig — inherits cluster RBAC. Agents with kubectl access have broad cluster control. Use dedicated service account with minimal RBAC. Never give cluster-admin to agent.

⚡ Reliability

Uptime/SLA
80
Version Stability
78
Breaking Changes
75
Error Recovery
75
AF Security Reliability

Best When

You want to interact with Kubernetes clusters conversationally for debugging, auditing, or management tasks without memorizing kubectl commands.

Avoid When

You need deterministic GitOps workflows, have strict change management policies requiring human review, or operate in air-gapped environments. Use ArgoCD or Flux instead.

Use Cases

  • Debugging crashed pods and analyzing container logs via AI assistant
  • Deploying and scaling applications through natural language commands
  • Auditing RBAC permissions and security configurations across clusters
  • Identifying resource waste and optimizing cluster costs
  • Managing Helm releases and viewing interactive dashboards
  • Multi-cluster management from a single AI interface

Not For

  • Production GitOps pipelines where changes must go through version control
  • Environments where AI-initiated cluster changes are prohibited by policy
  • Air-gapped clusters without MCP client connectivity

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: kubeconfig oauth2.1
OAuth: Yes Scopes: Yes

Uses existing kubeconfig for cluster access. Enterprise features include OAuth 2.1 authentication, RBAC validation, non-destructive mode, and secret masking. The server inherits whatever Kubernetes RBAC permissions the configured kubeconfig grants.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

MIT licensed. Available via npm and PyPI. Docker image also available.

Agent Metadata

Pagination
unknown
Idempotent
Partial
Retry Guidance
Not documented

Known Gotchas

  • 253 tools is extremely high - may overwhelm agent tool selection and consume significant context window
  • Write operations (scale, delete, deploy) can cause real cluster damage if non-destructive mode is not enabled
  • Secret masking must be explicitly enabled to prevent leaking sensitive values to LLM context
  • Requires kubectl and kubeconfig pre-configured - the MCP server cannot set up cluster access
  • Python and Node.js installation options have different feature sets (UI dashboards only in Python pip install)

Alternatives

k9s lens kubectx argocd flux

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for kubectl MCP Server.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5178
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered