MCP Directory

MCP Server for Kubernetes: the options

Five real MCP servers that talk to Kubernetes, matched to what you actually run — plus the read-only config that keeps an agent off your prod cluster.

Hua·June 30, 2026·6 min read
From below of long thin blue cables connected to row of small white connectors on system block in data center
Photo by Brett Sayles on Pexels

The right MCP server for Kubernetes depends on one question: do you want the agent to run kubectl against a cluster, or to drive a dashboard you already trust? For raw cluster access, install one thin server — MCP K8S Go or K8s MCP Server — and point it at a read-only kubeconfig context. If you already run a Kubernetes UI like Radar or K8M, turn on its built-in MCP endpoint instead of adding a separate binary. Installing more than one is how you burn your tool budget for no gain.

This is the grounded shortlist. Every server below is real, linked, and matched to a specific job, with the minimal config that works. Most MCP servers — roughly 90% — run locally over stdio, and three of these five do exactly that: a local process holding your kubeconfig, which is the least surprising, most private way to hand cluster credentials to an LLM.

Pick by how you already run Kubernetes

Start from your setup, not from GitHub stars. If you live in kubectl, you want a CLI-shaped server. If you already run a dashboard, use its embedded MCP endpoint so the agent and the UI share one auth path. This table maps each option to its job so you install exactly one.

ServerBest forTransportNotes
MCP K8S GoRaw cluster, resource CRUDstdiolist/get/create/modify, logs, exec; npx install
K8s MCP Serverkubectl + helm + argocd in a sandboxstdioRuns the CLIs inside a Docker container
kubefwdLocal dev against remote servicesstdioBulk port-forward, inspect pods, watch traffic
RadarYou already run the Radar UIHTTPMCP built into the open-source dashboard
K8MYou already run the K8M dashboardSSE49 cluster tools; needs an auth token

If you only read one row: kubectl person → MCP K8S Go; you want helm and argocd too → K8s MCP Server; you already run a UI → Radar or K8M.

MCP K8S Go: the default for a raw cluster

For a plain cluster connection, MCP K8S Go is the server to reach for first. It's a small Go binary that speaks the core Kubernetes verbs — list, get, create, and modify resources, read pod logs, and run commands — which is exactly the surface you want next to an agent, and nothing more. It reads your existing kubeconfig, so if kubectl works, it works.

Run it over stdio with a single command:

{
  "command": "npx",
  "args": ["@strowk/mcp-k8s"]
}

The one thing to get right before you wire it up: it inherits your current kubeconfig context. Point it at a read-only context or a scoped service-account token, not your cluster-admin default. The server won't stop an agent from deleting a Deployment if the credentials allow it — that guardrail is yours to set at the RBAC layer.

K8s MCP Server: when you need helm, argocd, and a sandbox

Reach for K8s MCP Server when one CLI isn't enough. It runs kubectl, helm, istioctl, and argocd against your clusters — but inside a Docker container, so the tools and their blast radius stay isolated from your host. That's the pick for anyone whose day is helm releases and ArgoCD syncs, not just reading pods.

It runs over stdio and mounts your kubeconfig into the container read-only, which is the important detail:

{
  "command": "docker",
  "args": ["run", "-i", "--rm", "-v", "/Users/YOUR_USER_NAME/.kube:/home/appuser/.kube:ro", "ghcr.io/alexei-led/k8s-mcp-server:latest"]
}

Note the :ro on the volume mount — the agent can read your kubeconfig but can't rewrite it, and the container is --rm so nothing persists. It's Python under the hood, but you never touch that; the Docker image is the whole interface. Give the mounted context least privilege and you have the most contained option on this list.

kubefwd: for local dev, not cluster ops

kubefwd solves a different problem — it's for developing against a cluster, not operating one. Its MCP server lets an agent bulk port-forward services, inspect pods, and monitor traffic, so your local app can hit my-service.my-namespace as if it ran in the cluster. If you're debugging a service locally against real dependencies, this is the one; if you want the agent to apply manifests, it isn't.

It's a stdio server that ships inside the kubefwd binary you already use:

{
  "command": "kubefwd",
  "args": ["mcp"]
}

Heads-up: kubefwd edits /etc/hosts and binds low ports to make forwarding transparent, so it typically wants elevated privileges. That's expected for its job, but it means you should trust the binary — install it from the official release, not a random fork.

Radar and K8M: use your dashboard's built-in server

If you already run a Kubernetes UI, don't add a separate CLI server — turn on the one built into the dashboard. Radar is an open-source Kubernetes UI with an MCP server baked in, exposed over HTTP at a local endpoint, so the agent operates the same cluster view you do. K8M is an AI-driven mini dashboard whose built-in server exposes 49 cluster operation tools over SSE — the broadest tool surface here by count.

Radar is the simpler wiring — a plain local HTTP URL, no token:

{ "url": "http://localhost:9280/mcp" }

K8M gates access behind a token you generate in its UI, which is the right default for a server carrying 49 tools:

{
  "url": "http://localhost:3618/mcp/k8m/sse",
  "headers": { "Authorization": "<token-from-K8M>" }
}

That 49-tool count is also the catch. Most clients get unreliable at tool selection well before you'd expect — the practical ceiling is around 40 tools total — so K8M alone can crowd out everything else you have installed. If you run K8M, keep your other servers lean, and understand the arithmetic in Cursor's tool limit.

What to skip and how to wire it up

Skip installing two Kubernetes servers at once. They overlap heavily, and every extra server eats into that roughly 40-tool budget before selection degrades — a 49-tool dashboard plus a CLI server is already over the line. Pick one, point it at a least-privilege context, and stop.

Also skip giving any of these cluster-admin on day one. These servers are only as safe as the kubeconfig behind them; the server enforces nothing, RBAC enforces everything. Start read-only, widen deliberately.

Adding any of these is the same three steps in any client — server command or URL, credentials, restart — walked through in how to add an MCP server. To browse the full field or compare tooling side by side, start from the best MCP servers, filter by capabilities, or check alternatives when one of these doesn't fit your cluster.

FAQ

Is there an official MCP server for Kubernetes?

There's no single first-party server from the Kubernetes project itself. The strongest options are community and vendor-built: MCP K8S Go and K8s MCP Server for raw cluster access via kubectl, and Radar and K8M for dashboards that ship an MCP endpoint built in. Pick by whether you want a CLI-shaped server or your existing UI's embedded one.

Is it safe to connect an MCP server to my Kubernetes cluster?

Only with RBAC. None of these servers enforce access limits themselves — they inherit whatever your kubeconfig or service account allows, so point them at a read-only context, not cluster-admin. K8s MCP Server adds a layer by running the CLIs in a Docker container with your kubeconfig mounted read-only, and K8M gates its endpoint behind a token.

MCP K8S Go or K8s MCP Server — which should I pick?

MCP K8S Go if you mostly need core resource operations — list, get, create, modify, logs, exec — from a lightweight `npx` install. K8s MCP Server if your workflow also involves helm, istioctl, or argocd, since it runs all of them inside an isolated Docker sandbox that keeps the tooling off your host.

Do these Kubernetes MCP servers run locally?

Most do. MCP K8S Go, K8s MCP Server, and kubefwd all run locally over stdio, matching the roughly 90% of MCP servers that run on your own machine. Radar and K8M run as local servers too but expose HTTP and SSE endpoints, since they're built into dashboards you host.

Can an MCP server run kubectl and helm for me?

Yes. K8s MCP Server is built for exactly that — it executes kubectl, helm, istioctl, and argocd against your clusters from inside a Docker container. MCP K8S Go covers the kubectl-style resource operations and command execution. In both cases the agent can only do what the underlying credentials permit, so scope them tightly.

Put this into practice

Browse MCP servers by capability, or check your own setup's tool budget and security.

More essays