Kubernetes MCP server
Native Kubernetes and OpenShift MCP server: list, inspect, and manage cluster resources, pods, and Helm releases directly through the Kubernetes API.
kubernetes-mcp-server is a maintained, Go-based MCP server for Kubernetes and OpenShift from the containers organization. Unlike servers that shell out to kubectl or helm, it talks directly to the Kubernetes API, so it needs no external CLI tools installed and works against any cluster your kubeconfig can reach. It gives an AI agent a safe, structured way to explore and operate a cluster: view the kubeconfig, list namespaces and events, list and read any resource via apiVersion and kind, create or update resources from YAML or JSON, scale workloads, pull pod and node logs and metrics, exec into pods, and run one-off pods.
It runs locally over stdio via npx (npx kubernetes-mcp-server@latest) — or via uvx, a native binary, or a container image — and supports an HTTP/SSE server mode with --port. Safety flags matter for agent use: --read-only disables all writes and --disable-destructive blocks delete and update operations, so you can hand an agent read access to production with confidence. The default toolsets are core and config; additional toolsets ship behind a flag, including helm (install, list, uninstall releases), plus kcp, kiali, kubevirt, and tekton for those ecosystems. Tools can be filtered per toolset to keep the context window small and improve tool-selection accuracy.
Quick install
Copy-paste configs are provided for all 8 supported clients. Pick your client below.
Add to ~/.claude.json
{
"mcpServers": {
"kubernetes": {
"command": "npx",
"args": [
"-y",
"kubernetes-mcp-server@latest"
],
"env": {
"KUBECONFIG": "<KUBECONFIG>"
}
}
}
}claude mcp add kubernetes -- npx -y kubernetes-mcp-server@latestAvailable tools
| Tool | Description |
|---|---|
| configuration_view | Get the current Kubernetes configuration content as a kubeconfig YAML (minified to the current context by default). |
| events_list | List Kubernetes events (warnings, errors, state changes) for debugging and troubleshooting in the current cluster. |
| namespaces_list | List all the Kubernetes namespaces in the current cluster. |
| nodes_log | Get logs from a Kubernetes node (kubelet, kube-proxy, or other system logs) via the node's proxy endpoint. |
| nodes_stats_summary | Get detailed resource usage statistics from a node via the kubelet's Summary API. |
| nodes_top | List the CPU and memory consumption of nodes as recorded by the Kubernetes Metrics Server. |
| pods_list | List all the Kubernetes pods in the current cluster across all namespaces. |
| pods_list_in_namespace | List all the Kubernetes pods in a specified namespace. |
| pods_get | Get a Kubernetes pod by name in the current or provided namespace. |
| pods_delete | Delete a Kubernetes pod by name in the current or provided namespace. |
| pods_top | List the CPU and memory consumption of pods as recorded by the Kubernetes Metrics Server. |
| pods_exec | Execute a command inside a Kubernetes pod (shell access) in the current or provided namespace. |
| pods_log | Get the logs of a Kubernetes pod by name in the current or provided namespace. |
| pods_run | Run a Kubernetes pod with the provided container image and optional name, optionally exposing it. |
| resources_list | List Kubernetes resources of a given apiVersion and kind, optionally scoped to a namespace and label selector. |
| resources_get | Get a single Kubernetes resource by apiVersion, kind, optional namespace, and name. |
| resources_create_or_update | Create or update a Kubernetes resource from a YAML or JSON representation. |
| resources_delete | Delete a Kubernetes resource by apiVersion, kind, optional namespace, and name. |
| resources_scale | Get or update the replica scale of a Kubernetes resource (such as a Deployment or StatefulSet). |
Required configuration
- KUBECONFIGOptional
Path to the kubeconfig file. Optional; falls back to in-cluster config or ~/.kube/config.
What you can do with it
Debug a cluster safely from your agent
Run the server with --read-only and the agent can list pods, read logs with pods_log, inspect events with events_list, and check node and pod metrics — diagnosing an incident without any risk of mutating the cluster.
Apply and scale workloads
Give the agent the right to manage a namespace and it can create or update resources from YAML via resources_create_or_update and adjust replica counts with resources_scale, with --disable-destructive available to block deletes and overwrites.
FAQ
- Is it free?
- Yes. kubernetes-mcp-server is open source (Apache-2.0) and free to run via npx, uvx, a native binary, or a container image. It works against any Kubernetes or OpenShift cluster your kubeconfig can reach.
- Does it support remote/OAuth?
- It runs locally over stdio for editor and desktop clients and can also serve HTTP/SSE with the --port flag for remote use. It authenticates to the cluster using your kubeconfig (or in-cluster service account), not a separate OAuth flow; use --read-only and --disable-destructive to constrain what an agent can do.