{"id":"reza-gholizade-k8s-mcp-server","name":"k8s-mcp-server","af_score":56.5,"security_score":46.8,"reliability_score":31.2,"what_it_does":"Provides an MCP (Model Context Protocol) server exposing Kubernetes cluster interactions (discovery/listing/details/describe, logs, node/pod metrics, events, and resource create/update/delete), with optional Helm-related tooling and a read-only mode. Can run over stdio, SSE, or streamable-http transports.","best_when":"You have an MCP-capable agent and want a standardized, tool-based interface to Kubernetes (especially for listing/inspecting and read-only exploration, optionally with controlled write access).","avoid_when":"When you cannot enforce strong Kubernetes RBAC, network isolation, and (if applicable) transport-level access controls for the MCP server endpoint.","last_evaluated":"2026-03-30T13:41:24.348611+00:00","has_mcp":true,"has_api":false,"auth_methods":["KUBECONFIG_DATA (kubeconfig content via env)","KUBERNETES_SERVER + KUBERNETES_TOKEN (bearer token) with optional CA/TLS settings","In-cluster service account token from /var/run/secrets/kubernetes.io/serviceaccount/token","Kubeconfig file via KUBECONFIG or default ~/.kube/config"],"has_free_tier":false,"known_gotchas":["Write-capable tools exist (resource create/update/delete and Helm install/upgrade/uninstall/rollback) unless mitigated via --read-only or tool disabling flags.","When using --no-k8s and --no-helm together, the server will exit with an error (must enable at least one tool category).","Authentication is to Kubernetes only; agents must ensure the MCP server endpoint is not exposed without appropriate access controls."],"error_quality":0.0}