{"id":"briankscheong-k8s-mcp-server","name":"k8s-mcp-server","homepage":null,"repo_url":"https://github.com/briankscheong/k8s-mcp-server","category":"infrastructure","subcategories":[],"tags":["ai-agents","mcp","kubernetes","devops","automation","operations","go"],"what_it_does":"Provides a Model Context Protocol (MCP) server that exposes Kubernetes API functionality (read-only resource inspection plus optional mutation like deleting pods and scaling deployments) over MCP transports (stdio by default and SSE).","use_cases":["Letting AI agents query Kubernetes cluster state (pods, deployments, services, configmaps, namespaces, nodes).","Debugging and troubleshooting workloads by combining cluster reads with agent workflows.","Automating operational tasks with controlled write access (e.g., scale deployments, delete pods)."],"not_for":["Public/Internet-facing use without network controls and strict RBAC, since it can perform cluster mutations when read-only is disabled.","Handling sensitive cluster data without careful consideration of logging/telemetry and least-privilege credentials.","Replacing full operational tooling where robust audit/compliance workflows are required (not evidenced in the provided docs)."],"best_when":"Used with least-privilege Kubernetes credentials and read-only mode, integrated locally via stdio or carefully secured via SSE in controlled environments.","avoid_when":"Avoid running with broad RBAC or with --read-only=false unless you have strong operational controls and guardrails for agent-initiated actions.","alternatives":["Direct kubectl usage or custom automation scripts/CLIs.","Kubernetes client libraries (e.g., Go client-go, Kubernetes API SDKs) with your own agent integration layer.","Existing MCP servers/frameworks specific to Kubernetes or cluster management if available in your environment."],"af_score":57.8,"security_score":54.5,"reliability_score":26.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T19:45:17.789520+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Kubeconfig file (K8S_MCP_KUBECONFIG or --kubeconfig)","In-cluster service account config (K8S_MCP_IN_CLUSTER or --in-cluster)"],"oauth":false,"scopes":false,"notes":"Authentication/authorization is delegated to Kubernetes RBAC via the provided kubeconfig or in-cluster service account. No separate user/auth layer for the MCP server is described in the README."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open-source MIT licensed; no pricing information in provided content."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":57.8,"security_score":54.5,"reliability_score":26.2,"mcp_server_quality":78.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":75.0,"rate_limit_clarity":10.0,"tls_enforcement":45.0,"auth_strength":60.0,"scope_granularity":55.0,"dependency_hygiene":50.0,"secret_handling":60.0,"security_notes":"Security depends primarily on Kubernetes RBAC least-privilege. README recommends restricted service accounts and read-only mode, which reduces risk. No explicit transport security details are provided for the SSE server (e.g., TLS requirements, auth for the MCP endpoint). No explicit error-handling/log redaction guidance or secret-handling guarantees are described in the provided content.","uptime_documented":0.0,"version_stability":50.0,"breaking_changes_history":30.0,"error_recovery":25.0,"idempotency_support":"false","idempotency_notes":"Docs enumerate tools including mutations (delete_pod, scale_deployment) but do not state idempotency behavior or safe retry semantics.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Default read-only is enabled (\"default true\"); agent requests that assume write access will fail unless read-only is disabled.","Cross-namespace and other wider permissions depend entirely on the kubeconfig/service account RBAC; mis-scoped credentials can broaden access.","Tool availability/coverage may depend on enabled resource types/toolsets via flags/env (K8S_MCP_RESOURCE_TYPES, K8S_MCP_TOOLSETS)."]}}