/ Directorio / Playground / k8s-mcp-server
← Todos los servidores ↗ GitHub
● Comunidad alexei-led ⚡ Instantáneo

k8s-mcp-server

por alexei-led · alexei-led/k8s-mcp-server

Give Claude kubectl, helm, istioctl, and argocd — with command validation, non-root execution, and scoped kubeconfig — so you can ops your cluster by chat.

k8s-mcp-server runs as a Docker container that mounts your kubeconfig read-only. It wraps kubectl/helm/istioctl/argocd plus Unix utilities (jq, grep, sed) for pipelines. Two security modes (default restrictive, permissive) and a command validator so Claude can't accidentally kubectl delete namespace your prod.

▶ Ver demo 📦 Instalar 💡 Casos de uso

Por qué usarlo

Características clave

Demo en vivo

Cómo se ve en la práctica

k8s.replay ▶ listo
0/0

Instalar

Elige tu cliente

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "k8s": {
      "command": "uvx",
      "args": [
        "k8s-mcp-server"
      ],
      "_inferred": true
    }
  }
}

Abre Claude Desktop → Settings → Developer → Edit Config. Reinicia después de guardar.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "k8s": {
      "command": "uvx",
      "args": [
        "k8s-mcp-server"
      ],
      "_inferred": true
    }
  }
}

Cursor usa el mismo esquema mcpServers que Claude Desktop. La configuración del proyecto prevalece sobre la global.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "k8s": {
      "command": "uvx",
      "args": [
        "k8s-mcp-server"
      ],
      "_inferred": true
    }
  }
}

Haz clic en el icono MCP Servers de la barra lateral de Cline y luego en "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "k8s": {
      "command": "uvx",
      "args": [
        "k8s-mcp-server"
      ],
      "_inferred": true
    }
  }
}

Mismo formato que Claude Desktop. Reinicia Windsurf para aplicar.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "k8s",
      "command": "uvx",
      "args": [
        "k8s-mcp-server"
      ]
    }
  ]
}

Continue usa un array de objetos de servidor en lugar de un mapa.

~/.config/zed/settings.json
{
  "context_servers": {
    "k8s": {
      "command": {
        "path": "uvx",
        "args": [
          "k8s-mcp-server"
        ]
      }
    }
  }
}

Añádelo a context_servers. Zed recarga en caliente al guardar.

claude mcp add k8s -- uvx k8s-mcp-server

Un solo comando. Verifica con claude mcp list. Quita con claude mcp remove.

Casos de uso

Usos del mundo real: k8s-mcp-server

Morning cluster health check via chat

👤 SRE, platform engineers ⏱ ~5 min intermediate

Cuándo usarlo: Daily, before stand-up — anything red? Any pods crashlooping?

Requisitos previos
  • kubeconfig on host — Usually ~/.kube/config
Flujo
  1. Start the MCP container
    Start k8s-mcp-server via Docker mounting ~/.kube read-only.✓ Copiado
    → Container up
  2. Run the checks
    Across all namespaces, list pods not in Running state, nodes not Ready, and recent (last 1h) events of type Warning.✓ Copiado
    → Three-part health report
  3. Triage
    For each crashlooping pod, get last 50 log lines and propose most likely cause.✓ Copiado
    → Log excerpts + diagnoses

Resultado: 5-minute daily cluster pulse check.

Errores comunes
  • Running kubectl get events cluster-wide floods context — Always filter by time and type

Debug a failed Helm release

👤 Devs shipping Helm charts ⏱ ~15 min intermediate

Cuándo usarlo: helm upgrade failed and you want to know why without copying error messages back and forth.

Flujo
  1. Get history
    helm history my-app -n production. What changed between v4 (working) and v5 (failed)?✓ Copiado
    → Version diff
  2. Diff templates
    Render the template for v5 with current values and compare against v4. Highlight differences.✓ Copiado
    → Diff of rendered manifests
  3. Roll back if needed
    Roll back to v4. Confirm all pods become Ready.✓ Copiado
    → Rollback + health check

Resultado: Fast recovery with understanding, not just luck.

Errores comunes
  • Rolling back without capturing the failure first means you can't fix forward — Always save helm get all v5 to a file before rolling back
Combinar con: filesystem

Audit Argo CD apps for drift

👤 GitOps practitioners ⏱ ~20 min advanced

Cuándo usarlo: You suspect someone kubectl'd something into prod that Argo CD doesn't know about.

Flujo
  1. List out-of-sync apps
    argocd app list --output json. Filter to apps where sync status isn't Synced.✓ Copiado
    → Out-of-sync list
  2. Diff each
    For each drifted app, run argocd app diff and summarize what's different from Git.✓ Copiado
    → Per-app diff summary

Resultado: Clear picture of manual drift to reconcile.

Combinaciones

Combínalo con otros MCPs para multiplicar por 10

k8s + github

When an app is broken in cluster, open GitHub issue with pod logs

If any pod in 'payments' namespace is crashlooping, fetch logs and open a GitHub issue with them attached.✓ Copiado

Herramientas

Lo que expone este MCP

HerramientaEntradasCuándo llamarCoste
kubectl command: str (full kubectl args) General cluster ops free
helm command: str Release management free
istioctl command: str Service mesh ops free
argocd command: str GitOps ops (requires argocd login in container) free

Coste y límites

Lo que cuesta ejecutarlo

Cuota de API
None
Tokens por llamada
kubectl get -o yaml can be huge; prefer -o json | jq to trim
Monetario
Free, MIT
Consejo
Always use -o wide or -o jsonpath=... to trim. kubectl get all is a token-bomb.

Seguridad

Permisos, secretos, alcance

Ámbitos mínimos: Kubeconfig scoped to a least-privilege ServiceAccount
Almacenamiento de credenciales: Mount ~/.kube read-only into the container
Salida de datos: Traffic to your cluster API server only
No conceder nunca: cluster-admin ServiceAccount to the kubeconfig used by the MCP

Resolución de problemas

Errores comunes y soluciones

The connection to the server localhost:8080 was refused

kubeconfig not mounted or KUBECONFIG env var wrong in the container.

Verificar: docker exec ... kubectl config view
Command blocked in restrictive mode

Either craft a narrower command, or explicitly opt into permissive mode for that session.

Timeout on long-running command

Raise K8S_MCP_TIMEOUT. For truly long ops, run async via a Job and poll.

Alternativas

k8s-mcp-server vs otros

AlternativaCuándo usarlaContrapartida
Direct kubectl via ssh-managerYou prefer running kubectl on a jump hostLess structured; no command validation
Kagent / AIOps SaaS MCPsYou want managed service rather than self-hostedCosts money; less control

Más

Recursos

📖 Lee el README oficial en GitHub

🐙 Ver issues abiertas

🔍 Ver todos los 400+ servidores MCP y Skills