kubectl-mcp-server MCP — Casos de uso, Instalar & Demo ao vivo

Por que usar

Principais recursos

253 tools covering pods, deployments, services, RBAC, networking
Ecosystem coverage: Helm, Flux, ArgoCD, Cert-Manager, Velero, KEDA, Istio
Cost optimization: detects over-provisioned resources, saves recommendations
OAuth 2.1 mode for secured multi-tenant SRE platforms

Demo ao vivo

Como fica na prática

kubectl.replay ▶ pronto

0/0

Instalar

Escolha seu cliente

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "kubectl": {
      "command": "uvx",
      "args": [
        "kubectl-mcp-server"
      ],
      "_inferred": true
    }
  }
}

Abra Claude Desktop → Settings → Developer → Edit Config. Reinicie após salvar.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "kubectl": {
      "command": "uvx",
      "args": [
        "kubectl-mcp-server"
      ],
      "_inferred": true
    }
  }
}

Cursor usa o mesmo esquema mcpServers que o Claude Desktop. Config de projeto vence a global.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "kubectl": {
      "command": "uvx",
      "args": [
        "kubectl-mcp-server"
      ],
      "_inferred": true
    }
  }
}

Clique no ícone MCP Servers na barra lateral do Cline, depois "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "kubectl": {
      "command": "uvx",
      "args": [
        "kubectl-mcp-server"
      ],
      "_inferred": true
    }
  }
}

Mesmo formato do Claude Desktop. Reinicie o Windsurf para aplicar.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "kubectl",
      "command": "uvx",
      "args": [
        "kubectl-mcp-server"
      ]
    }
  ]
}

O Continue usa um array de objetos de servidor em vez de um map.

~/.config/zed/settings.json

{
  "context_servers": {
    "kubectl": {
      "command": {
        "path": "uvx",
        "args": [
          "kubectl-mcp-server"
        ]
      }
    }
  }
}

Adicione em context_servers. Zed recarrega automaticamente ao salvar.

claude mcp add kubectl -- uvx kubectl-mcp-server

Uma linha só. Verifique com claude mcp list. Remova com claude mcp remove.

Casos de uso

Usos do mundo real: kubectl-mcp-server

Triage a CrashLoopBackOff pod in 60 seconds

👤 On-call SREs ⏱ ~10 min intermediate

Quando usar: Alerts fire; you want to see logs, events, and resource usage before digging in kubectl manually.

Pré-requisitos

kubectl configured with cluster access — kubectl config get-contexts should list your cluster

Fluxo

Identify crashing pods

List pods in namespace X with restart count > 5. Show pod name, container, and last exit reason.✓ Copiado

→ Narrowed list
Pull logs + events

For pod Y, get last 100 lines of logs and the related events. Highlight any error keywords.✓ Copiado

→ Likely root cause
Check resource pressure

Show CPU/memory limits vs actual for the pod. OOM killed?✓ Copiado

→ Resource verdict

Resultado: A focused hypothesis in a minute, not ten kubectl commands.

Armadilhas

Wrong cluster context — Always specify --context in your prompt; the default can bite you across prod/staging

Combine com: prometheus

Find over-provisioned workloads to trim your cluster bill

👤 FinOps, platform engineers ⏱ ~40 min advanced

Quando usar: Quarterly cost reviews — you want data-driven scale-down candidates.

Fluxo

Run the cost analysis

Use the cost-optimization tools to find deployments where request/limit is 3x actual over the last 30 days.✓ Copiado

→ Ranked list of over-provisioned workloads
Estimate savings

For the top 10, estimate $ saved per month if right-sized. Group by team.✓ Copiado

→ Per-team savings table
File PRs with suggested manifests

Generate updated manifests for the top 5 and file PRs in the appropriate repos.✓ Copiado

→ PRs opened with proposed diffs

Resultado: Visible cost wins backed by metrics, with follow-through via PRs.

Combine com: github · prometheus

Upgrade a Helm release safely with Claude

👤 Platform engineers ⏱ ~20 min advanced

Quando usar: Routine Helm upgrades shouldn't require 20 minutes of ceremony.

Fluxo

Diff new vs current

For release X, show diff between values.yaml and the new chart version.✓ Copiado

→ Value/template diff
Dry-run

Run helm upgrade --dry-run with the new chart. Report any rendered template issues.✓ Copiado

→ Clean dry-run or actionable errors
Upgrade with rollback ready

Apply the upgrade. Immediately after, verify rollout status and keep the previous revision ready for rollback.✓ Copiado

→ Deployed successfully with rollback instructions

Resultado: Lower-risk Helm ops with a rollback path explicit from the start.

Audit RBAC for overly-permissive roles

👤 Security engineers ⏱ ~30 min advanced

Quando usar: Pre-certification or after noticing a suspicious role.

Fluxo

List wildcard roles

Find ClusterRoles or Roles with '*' in resources or verbs. Group by namespace.✓ Copiado

→ Wildcard RBAC list
Map to subjects

For each, who's bound to it? List ServiceAccounts/Users/Groups.✓ Copiado

→ Subject-role matrix
Suggest minimal replacements

For the top 5 riskiest, suggest minimum required verbs based on actual usage (audit logs).✓ Copiado

→ Concrete tightening proposals

Resultado: Tightened RBAC with defensible diffs.

Combinações

Combine com outros MCPs para 10× de alavancagem

kubectl + prometheus

Cross-reference pod state with Prometheus metrics

For pod X, show kubectl describe output alongside its last 24h CPU/memory from Prometheus.✓ Copiado

kubectl + github

RBAC audit → PRs that tighten YAML manifests

For each finding in the RBAC audit, open a PR against the infra repo with a minimized Role YAML.✓ Copiado

Ferramentas

O que este MCP expõe

Ferramenta	Entradas	Quando chamar	Custo
kubectl_get	resource, namespace?, label_selector?	List anything	1 API call
kubectl_describe	resource, name, namespace?	Deep detail on a single object	1 API call
pod_logs	pod, container?, tail?, namespace?	Debug	1 API call
pod_events	pod, namespace?	Why did this happen?	1 API call
helm_list	namespace?	Overview Helm releases	helm cmd
helm_upgrade	release, chart, values?, dry_run?	Deploy	helm cmd
cost_optimize	namespace?, period?	FinOps sweeps	metrics API
rbac_audit		Security review	several API calls

Custo e limites

O que custa rodar

Cota de API: Limited by your cluster's API server capacity
Tokens por chamada: kubectl output can be large — describe/get-wide especially
Monetário: Free MCP; cluster costs are yours
Dica: Prefer label_selector and field selectors over listing everything; avoid --output=wide in prompts

Segurança

Permissões, segredos, alcance

Escopos mínimos: cluster read-only unless you need writes

Armazenamento de credenciais: Standard KUBECONFIG; MCP doesn't store creds separately

Saída de dados: Your K8s API server only

Nunca conceda: cluster-admin to the MCP context unless absolutely necessary

Solução de problemas

Erros comuns e correções

Unauthorized / forbidden

KUBECONFIG context lacks permissions. Check kubectl auth can-i for the specific verb/resource

Verificar: kubectl auth can-i get pods --namespace X

Context confusion between clusters

Always set or pass --context explicitly; a wrong context on prod is a bad day

Verificar: kubectl config current-context

Helm upgrade fails mid-way

Use helm rollback <release> <prev-rev>; always capture prev revision before upgrading

Alternativas

kubectl-mcp-server vs. outros

Alternativa	Quando usar	Troca
k8s-mcp-server (official-ish, smaller)	You only need basic kubectl and worry about the 253-tool surface noise	Fewer ecosystem tools (no Helm/Flux)
Direct kubectl in a shell	You're deep in a terminal session already	No agent loop

Mais

Recursos

📖 Leia o README oficial no GitHub

🐙 Ver issues abertas

🔍 Ver todos os 400+ servidores MCP e Skills