kubectl-mcp-server MCP — Cas d'usage, Installer & Démo en direct

Pourquoi l'utiliser

Fonctionnalités clés

253 tools covering pods, deployments, services, RBAC, networking
Ecosystem coverage: Helm, Flux, ArgoCD, Cert-Manager, Velero, KEDA, Istio
Cost optimization: detects over-provisioned resources, saves recommendations
OAuth 2.1 mode for secured multi-tenant SRE platforms

Démo en direct

Aperçu en pratique

kubectl.replay ▶ prêt

0/0

Installer

Choisissez votre client

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "kubectl": {
      "command": "uvx",
      "args": [
        "kubectl-mcp-server"
      ],
      "_inferred": true
    }
  }
}

Ouvrez Claude Desktop → Settings → Developer → Edit Config. Redémarrez après avoir enregistré.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "kubectl": {
      "command": "uvx",
      "args": [
        "kubectl-mcp-server"
      ],
      "_inferred": true
    }
  }
}

Cursor utilise le même schéma mcpServers que Claude Desktop. La config projet l'emporte sur la globale.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "kubectl": {
      "command": "uvx",
      "args": [
        "kubectl-mcp-server"
      ],
      "_inferred": true
    }
  }
}

Cliquez sur l'icône MCP Servers dans la barre latérale Cline, puis "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "kubectl": {
      "command": "uvx",
      "args": [
        "kubectl-mcp-server"
      ],
      "_inferred": true
    }
  }
}

Même format que Claude Desktop. Redémarrez Windsurf pour appliquer.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "kubectl",
      "command": "uvx",
      "args": [
        "kubectl-mcp-server"
      ]
    }
  ]
}

Continue utilise un tableau d'objets serveur plutôt qu'une map.

~/.config/zed/settings.json

{
  "context_servers": {
    "kubectl": {
      "command": {
        "path": "uvx",
        "args": [
          "kubectl-mcp-server"
        ]
      }
    }
  }
}

Ajoutez dans context_servers. Zed recharge à chaud à la sauvegarde.

claude mcp add kubectl -- uvx kubectl-mcp-server

Une seule ligne. Vérifiez avec claude mcp list. Supprimez avec claude mcp remove.

Cas d'usage

Usages concrets : kubectl-mcp-server

Triage a CrashLoopBackOff pod in 60 seconds

👤 On-call SREs ⏱ ~10 min intermediate

Quand l'utiliser : Alerts fire; you want to see logs, events, and resource usage before digging in kubectl manually.

Prérequis

kubectl configured with cluster access — kubectl config get-contexts should list your cluster

Déroulement

Identify crashing pods

List pods in namespace X with restart count > 5. Show pod name, container, and last exit reason.✓ Copié

→ Narrowed list
Pull logs + events

For pod Y, get last 100 lines of logs and the related events. Highlight any error keywords.✓ Copié

→ Likely root cause
Check resource pressure

Show CPU/memory limits vs actual for the pod. OOM killed?✓ Copié

→ Resource verdict

Résultat : A focused hypothesis in a minute, not ten kubectl commands.

Pièges

Wrong cluster context — Always specify --context in your prompt; the default can bite you across prod/staging

Combiner avec : prometheus

Find over-provisioned workloads to trim your cluster bill

👤 FinOps, platform engineers ⏱ ~40 min advanced

Quand l'utiliser : Quarterly cost reviews — you want data-driven scale-down candidates.

Déroulement

Run the cost analysis

Use the cost-optimization tools to find deployments where request/limit is 3x actual over the last 30 days.✓ Copié

→ Ranked list of over-provisioned workloads
Estimate savings

For the top 10, estimate $ saved per month if right-sized. Group by team.✓ Copié

→ Per-team savings table
File PRs with suggested manifests

Generate updated manifests for the top 5 and file PRs in the appropriate repos.✓ Copié

→ PRs opened with proposed diffs

Résultat : Visible cost wins backed by metrics, with follow-through via PRs.

Combiner avec : github · prometheus

Upgrade a Helm release safely with Claude

👤 Platform engineers ⏱ ~20 min advanced

Quand l'utiliser : Routine Helm upgrades shouldn't require 20 minutes of ceremony.

Déroulement

Diff new vs current

For release X, show diff between values.yaml and the new chart version.✓ Copié

→ Value/template diff
Dry-run

Run helm upgrade --dry-run with the new chart. Report any rendered template issues.✓ Copié

→ Clean dry-run or actionable errors
Upgrade with rollback ready

Apply the upgrade. Immediately after, verify rollout status and keep the previous revision ready for rollback.✓ Copié

→ Deployed successfully with rollback instructions

Résultat : Lower-risk Helm ops with a rollback path explicit from the start.

Audit RBAC for overly-permissive roles

👤 Security engineers ⏱ ~30 min advanced

Quand l'utiliser : Pre-certification or after noticing a suspicious role.

Déroulement

List wildcard roles

Find ClusterRoles or Roles with '*' in resources or verbs. Group by namespace.✓ Copié

→ Wildcard RBAC list
Map to subjects

For each, who's bound to it? List ServiceAccounts/Users/Groups.✓ Copié

→ Subject-role matrix
Suggest minimal replacements

For the top 5 riskiest, suggest minimum required verbs based on actual usage (audit logs).✓ Copié

→ Concrete tightening proposals

Résultat : Tightened RBAC with defensible diffs.

Combinaisons

Associez-le à d'autres MCPs pour un effet X10

kubectl + prometheus

Cross-reference pod state with Prometheus metrics

For pod X, show kubectl describe output alongside its last 24h CPU/memory from Prometheus.✓ Copié

kubectl + github

RBAC audit → PRs that tighten YAML manifests

For each finding in the RBAC audit, open a PR against the infra repo with a minimized Role YAML.✓ Copié

Outils

Ce que ce MCP expose

Outil	Entrées	Quand appeler	Coût
kubectl_get	resource, namespace?, label_selector?	List anything	1 API call
kubectl_describe	resource, name, namespace?	Deep detail on a single object	1 API call
pod_logs	pod, container?, tail?, namespace?	Debug	1 API call
pod_events	pod, namespace?	Why did this happen?	1 API call
helm_list	namespace?	Overview Helm releases	helm cmd
helm_upgrade	release, chart, values?, dry_run?	Deploy	helm cmd
cost_optimize	namespace?, period?	FinOps sweeps	metrics API
rbac_audit		Security review	several API calls

Coût et limites

Coût d'exécution

Quota d'API: Limited by your cluster's API server capacity
Tokens par appel: kubectl output can be large — describe/get-wide especially
Monétaire: Free MCP; cluster costs are yours
Astuce: Prefer label_selector and field selectors over listing everything; avoid --output=wide in prompts

Sécurité

Permissions, secrets, portée

Portées minimales : cluster read-only unless you need writes

Stockage des identifiants : Standard KUBECONFIG; MCP doesn't store creds separately

Sortie de données : Your K8s API server only

Ne jamais accorder : cluster-admin to the MCP context unless absolutely necessary

Dépannage

Erreurs courantes et correctifs

Unauthorized / forbidden

KUBECONFIG context lacks permissions. Check kubectl auth can-i for the specific verb/resource

Vérifier : kubectl auth can-i get pods --namespace X

Context confusion between clusters

Always set or pass --context explicitly; a wrong context on prod is a bad day

Vérifier : kubectl config current-context

Helm upgrade fails mid-way

Use helm rollback <release> <prev-rev>; always capture prev revision before upgrading

Alternatives

kubectl-mcp-server vs autres

Alternative	Quand l'utiliser	Compromis
k8s-mcp-server (official-ish, smaller)	You only need basic kubectl and worry about the 253-tool surface noise	Fewer ecosystem tools (no Helm/Flux)
Direct kubectl in a shell	You're deep in a terminal session already	No agent loop

Plus

Ressources

📖 Lire le README officiel sur GitHub

🐙 Voir les issues ouvertes

🔍 Parcourir les 400+ serveurs MCP et Skills