Kubernetes MCP
Community MCP server connecting Claude to Kubernetes clusters via kubectl — pod management, deployment scaling, log retrieval, and resource deletion. 1.4K stars.
- Check pod health and restart failing containers from your editor
- Scale deployments up or down during development and testing
- Pull container logs for troubleshooting without a separate terminal
Kubernetes management is complex and error-prone. AI-assisted K8s operations can accelerate incident response and routine cluster management — with appropriate RBAC constraints in place.
Platform engineers and SREs managing Kubernetes clusters who want AI-assisted troubleshooting, with RBAC configured to limit destructive capabilities.
https://www.npmjs.com/package/mcp-server-kubernetes
By Flux159 (community)
How to Get It
claude mcp add kubernetes -- npx mcp-server-kubernetes
Tip: Paste this into a Claude Code conversation. Verify command matches your Claude Code version.
Trust Signals Source Reviewed
Data & Access
Community Pulse Growing
Discussed on Reddit
- Analyzing Claude Code Source Code. Write "WTF" and Anthropic knows. — Reddit · 539 pts
- I built a local-first MCP server for Kubernetes root cause analysis (single Go b — Reddit · 39 pts
- Built a Kubernetes operator for MCP servers - would love feedback [alpha] — Reddit · 5 pts
10 mentions across 1 sources
Reviewer notes
Source Reviewed review. These are observations, not a security certification.
v3.4.0, 69 releases, 1,365 GitHub stars, updated daily. Strong ecosystem signal. However: single individual maintainer limits enterprise trust. Full cluster control including kubectl_delete, kubectl_apply, kubectl_scale, and kubectl_generic (arbitrary kubectl). CRITICAL: use RBAC-scoped kubeconfig. Client readiness tier-3 without governance controls.
Full Kubernetes cluster write access including resource deletion and arbitrary kubectl. An AI agent here could delete namespaces, exfiltrate secrets, or bring down services. Mitigation: scope kubeconfig to read-only ClusterRole. Individual maintainer is supply chain risk. OpenTelemetry auto-instrumentation adds surface area. MIT license. RESTRICTED: Full cluster control including kubectl_delete, kubectl_apply, kubectl_scale. Requires compensating controls (sandboxing, separate accounts, restricted profiles) before team deployment.
2026-04-02: LIMITATION: Full cluster write access including kubectl_delete and arbitrary kubectl commands. A misconfigured AI agent could bring down services or exfiltrate secrets. Requires RBAC-scoped kubeconfig.
How to evaluate tools before deploying →
Data shown here comes from public APIs and automated scanning. Reviewer notes reflect one person's experience. This is not a security certification or legal recommendation. Always evaluate tools according to your own organization's policies.
Evaluation
v3.4.0, 69 releases, 1,365 GitHub stars, updated daily. Strong ecosystem signal. However: single individual maintainer limits enterprise trust. Full cluster control including kubectl_delete, kubectl_apply, kubectl_scale, and kubectl_generic (arbitrary kubectl). CRITICAL: use RBAC-scoped kubeconfig. Client readiness tier-3 without governance controls.