k8s-mcp-server
Provides an MCP (Model Context Protocol) server exposing Kubernetes cluster interactions (discovery/listing/details/describe, logs, node/pod metrics, events, and resource create/update/delete), with optional Helm-related tooling and a read-only mode. Can run over stdio, SSE, or streamable-http transports.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Runs as non-root in Docker containers per README. It supports Kubernetes auth via kubeconfig content, bearer token, or in-cluster service account, and offers --read-only plus tool category disabling to reduce risk. However, TLS/enforcement for the MCP HTTP/SSE endpoints is not clearly documented, and there is no described authentication/authorization protecting access to the MCP server itself; access control relies primarily on Kubernetes RBAC and how you expose the service.
⚡ Reliability
Best When
You have an MCP-capable agent and want a standardized, tool-based interface to Kubernetes (especially for listing/inspecting and read-only exploration, optionally with controlled write access).
Avoid When
When you cannot enforce strong Kubernetes RBAC, network isolation, and (if applicable) transport-level access controls for the MCP server endpoint.
Use Cases
- • Agent-assisted Kubernetes operations (read-only browsing, investigation, resource discovery)
- • Automating Kubernetes workflows such as creating/updating/deleting resources from YAML/JSON manifests
- • Observability via pod/node metrics and pod logs retrieved by an agent
- • Integrating Kubernetes tooling into an MCP-compatible assistant or web app
Not For
- • Highly sensitive production clusters without tight network/RBAC controls (it can modify resources)
- • Environments requiring strict, fine-grained authorization per tool-call beyond Kubernetes RBAC
- • Use as a public unauthenticated endpoint on the internet (no external auth described)
Interface
Authentication
Authentication to Kubernetes is done via kubeconfig/token/service account. The README does not describe any separate auth for protecting access to the MCP server itself.
Pricing
A hosted deployment is mentioned on a third-party site, but no pricing details are provided in the README excerpt.
Agent Metadata
Known Gotchas
- ⚠ Write-capable tools exist (resource create/update/delete and Helm install/upgrade/uninstall/rollback) unless mitigated via --read-only or tool disabling flags.
- ⚠ When using --no-k8s and --no-helm together, the server will exit with an error (must enable at least one tool category).
- ⚠ Authentication is to Kubernetes only; agents must ensure the MCP server endpoint is not exposed without appropriate access controls.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for k8s-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.