The mcp-kubernetes is a Model Context Protocol (MCP) server that enables AI assistants to interact with Kubernetes clusters. It serves as a bridge between AI tools (like Claude, Cursor, and GitHub Copilot) and Kubernetes, translating natural language requests into Kubernetes operations and returning the results in a format the AI tools can understand.
It allows AI tools to:
- Query Kubernetes resources
- Execute kubectl commands
- Manage Kubernetes clusters through natural language interactions
- Diagnose and interpret the states of Kubernetes resources
Get your kubeconfig file for your Kubernetes cluster and setup in the mcpServers (replace src path with your kubeconfig path):
{
"mcpServers": {
"kubernetes": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"--mount",
"type=bind,src=/home/username/.kube/config,dst=/home/mcp/.kube/config",
"ghcr.io/azure/mcp-kubernetes"
]
}
}
}Install kubectl
Install kubectl if it's not installed yet and add it to your PATH, e.g.
# For Linux
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
# For MacOS
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/arm64/kubectl"Install helm
Install helm if it's not installed yet and add it to your PATH, e.g.
curl -sSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bashConfig your MCP servers in Claude Desktop, Cursor, ChatGPT Copilot, Github Copilot and other supported AI clients, e.g.
{
"mcpServers": {
"kubernetes": {
"command": "<path of binary 'mcp-kubernetes'>",
"args": ["--transport", "stdio"],
"env": {
"KUBECONFIG": "<your-kubeconfig-path>"
}
}
}
}Environment variables:
KUBECONFIG: Path to your kubeconfig file, e.g./home/<username>/.kube/config.
Command line arguments:
Usage of ./mcp-kubernetes:
--access-level string Access level (readonly, readwrite, or admin) (default "readonly")
--additional-tools string Comma-separated list of additional tools to support (kubectl is always enabled). Available: helm,cilium,hubble
--allow-namespaces string Comma-separated list of namespaces to allow (empty means all allowed)
--host string Host to listen for the server (only used with transport sse or streamable-http) (default "127.0.0.1")
--otlp-endpoint string OTLP endpoint for OpenTelemetry traces (e.g. localhost:4317, default "")
--port int Port to listen for the server (only used with transport sse or streamable-http) (default 8000)
--timeout int Timeout for command execution in seconds, default is 60s (default 60)
--transport string Transport mechanism to use (stdio, sse or streamable-http) (default "stdio")The --access-level flag controls what operations are allowed and which tools are available:
readonly(default): Only read operations are allowed (get, describe, logs, etc.)- Available tools: 4 kubectl tools for viewing resources
readwrite: Read and write operations are allowed (create, delete, apply, etc.)- Available tools: 6 kubectl tools for managing resources
admin: All operations are allowed, including admin operations (cordon, drain, taint, etc.)- Available tools: All 7 kubectl tools including node management
Tools are filtered at registration time based on the access level, so AI assistants only see tools they can actually use.
Example configurations:
// Read-only access (default)
{
"mcpServers": {
"kubernetes": {
"command": "mcp-kubernetes"
}
}
}
// Read-write access
{
"mcpServers": {
"kubernetes": {
"command": "mcp-kubernetes",
"args": ["--access-level", "readwrite"]
}
}
}
// Admin access
{
"mcpServers": {
"kubernetes": {
"command": "mcp-kubernetes",
"args": ["--access-level", "admin"]
}
}
}Ask any questions about Kubernetes cluster in your AI client. The MCP tools make it easier for AI assistants to understand and use kubectl operations.
What is the status of my Kubernetes cluster?
What is wrong with my nginx pod?
Show me all deployments in the production namespace
Scale my web deployment to 5 replicas
Check if I have permission to create podsThe mcp-kubernetes server provides consolidated kubectl tools that group related operations together. Tools are automatically filtered based on your access level.
kubectl_resources - Manage Kubernetes resources
Available in: readonly, readwrite, admin
Handles CRUD operations on Kubernetes resources and node management. In readonly mode, only supports get and describe operations. Node operations (cordon, uncordon, drain, taint) are available in admin mode only.
Parameters:
operation: The operation to perform (get, describe, create, delete, apply, patch, replace, cordon, uncordon, drain, taint)resource: The resource type (e.g., pods, deployments, services, nodes) or empty for file-based operationsargs: Additional arguments like resource names, namespaces, and flags
Examples:
# Get all pods
operation: "get"
resource: "pods"
args: "--all-namespaces"
# Apply a configuration
operation: "apply"
resource: ""
args: "-f deployment.yaml"
# Drain a node (admin only)
operation: "drain"
resource: "node"
args: "worker-1 --ignore-daemonsets"
# Add a taint (admin only)
operation: "taint"
resource: "nodes"
args: "worker-1 key=value:NoSchedule"kubectl_workloads - Manage workload deployments
Available in: readwrite, admin
Manages deployment lifecycle operations including scaling and rollouts.
Parameters:
operation: The operation to perform (run, expose, scale, autoscale, rollout)resource: For rollout operations, the subcommand (status, history, undo, restart, pause, resume)args: Additional arguments
Examples:
# Scale a deployment
operation: "scale"
resource: "deployment"
args: "nginx --replicas=3"
# Check rollout status
operation: "rollout"
resource: "status"
args: "deployment/nginx"kubectl_metadata - Manage resource metadata
Available in: readwrite, admin
Updates labels, annotations, and other metadata on resources.
Parameters:
operation: The operation to perform (label, annotate, set)resource: The resource typeargs: Resource name and metadata changes
Examples:
# Add a label
operation: "label"
resource: "pods"
args: "nginx-pod app=web"
# Set image
operation: "set"
resource: "image"
args: "deployment/nginx nginx=nginx:latest"kubectl_diagnostics - Debug and monitor resources
Available in: readonly, readwrite, admin
Provides debugging and monitoring capabilities.
Parameters:
operation: The operation to perform (logs, events, top, exec, cp)resource: The resource type or specific resourceargs: Additional arguments
Examples:
# View logs
operation: "logs"
resource: ""
args: "nginx-pod -f"
# Execute command in pod
operation: "exec"
resource: ""
args: "nginx-pod -- ls /app"kubectl_cluster - View cluster information
Available in: readonly, readwrite, admin
Provides cluster-level information and API discovery.
Parameters:
operation: The operation to perform (cluster-info, api-resources, api-versions, explain)resource: For explain operation, the resource to documentargs: Additional flags
Examples:
# Get cluster info
operation: "cluster-info"
resource: ""
args: ""
# Explain pod spec
operation: "explain"
resource: "pod.spec"
args: "--recursive"kubectl_config - Configuration and security
Available in: readonly, readwrite, admin
Handles configuration validation and security operations. In readonly mode, only supports diff and auth can-i.
Parameters:
operation: The operation to perform (diff, auth, certificate)resource: Subcommand for auth/certificate operationsargs: Operation-specific arguments
Examples:
# Check permissions
operation: "auth"
resource: "can-i"
args: "create pods"
# Approve certificate
operation: "certificate"
resource: "approve"
args: "csr-name"helm - Helm package manager
Available when: --additional-tools=helm is specified
Run Helm commands for managing Kubernetes applications.
Parameters:
command: The helm command to execute
Example:
command: "list --all-namespaces"cilium - Cilium CNI commands
Available when: --additional-tools=cilium is specified
Run Cilium commands for network policies and observability.
Parameters:
command: The cilium command to execute
Example:
command: "status"hubble - Hubble observability commands
Available when: --additional-tools=hubble is specified
Run Hubble commands for network monitoring and debugging in Cilium-enabled clusters.
Parameters:
command: The hubble command to execute
Example:
command: "status"
command: "observe observe --namespace backend-jobs --from-label 'app=web'"
command: "list nodes"Telemetry collection is on by default.
To opt out, set the environment variable KUBERNETES_MCP_COLLECT_TELEMETRY=false.
The mcp-kubernetes server supports exporting telemetry data using OpenTelemetry Protocol (OTLP). You can configure an OTLP endpoint to send traces to any OpenTelemetry-compatible backend:
{
"mcpServers": {
"kubernetes": {
"command": "mcp-kubernetes",
"args": ["--otlp-endpoint", "localhost:4317"]
}
}
}How to inspect MCP server requests and responses:
npx @modelcontextprotocol/inspector <path of binary 'mcp-kubernetes'>This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
