Kubernetes MCP Server
Popular community server wrapping kubectl and Helm for cluster management via natural language.
Add to your client
Copy the config for your MCP client and paste it into its config file.
npx -y mcp-server-kubernetesPaste into ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"kubernetes-mcp-server": {
"command": "npx",
"args": [
"-y",
"mcp-server-kubernetes"
],
"env": {
"ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS": "true"
}
}
}
}Before you start
- Node.js (it runs via `npx mcp-server-kubernetes`)
- kubectl installed and on your PATH
- Helm v3 installed if you want to use the Helm tools (optional)
- A valid kubeconfig (default ~/.kube/config) with at least one configured context pointing at a reachable cluster (minikube, GKE, EKS, Rancher Desktop, etc.)
About Kubernetes MCP Server
Kubernetes MCP Server is a popular community server that wraps kubectl and Helm so AI assistants can manage clusters through natural language. It uses your existing kubeconfig and contexts, meaning the agent operates with exactly the cluster access you already have.
It exposes granular kubectl tools (get, describe, create, apply, delete, logs, patch, scale, rollout) plus a generic escape hatch, along with Helm v3 lifecycle tools (install/upgrade/uninstall and template apply). Convenience operations like port-forwarding, node cordon/drain, and cleanup of Evicted/CrashLoopBackOff pods round out day-to-day cluster work, and a built-in diagnostics prompt helps systematically debug failing pods.
A non-destructive mode (ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS=true) disables delete, uninstall, cleanup, node management, and the generic command tool while keeping read/create/update capabilities — a sensible default for letting agents observe and patch without risking teardown. The server is written in TypeScript, runs over stdio or SSE, masks secret values, and supports optional OpenTelemetry tracing.
Tools & capabilities (11)
kubectl_get / kubectl_describeList/retrieve resources and show detailed resource information.
kubectl_create / kubectl_apply / kubectl_deleteCreate resources, apply YAML manifests, and delete resources.
kubectl_logsFetch pod logs.
kubectl_patch / kubectl_scale / kubectl_rolloutUpdate specific fields, scale workloads, and manage deployment rollouts.
kubectl_contextList and switch kubectl contexts.
kubectl_genericRun an arbitrary kubectl command (disabled in non-destructive mode).
install_helm_chart / upgrade_helm_chart / uninstall_helm_chartManage Helm v3 releases.
port_forward / stop_port_forwardStart and stop port-forwarding to pods or services.
cleanup_podsRemove problematic pods (Evicted, CrashLoopBackOff, etc.).
node_managementCordon, drain, and uncordon nodes.
explain_resource / list_api_resources / pingGet resource docs, list available API resources, and verify cluster connectivity.
When to use it
- Use it when you want to inspect cluster state — pods, deployments, services, events — by asking in plain language
- Use it when debugging failing workloads (pull logs, describe pods, run the /k8s-diagnose prompt)
- Use it when deploying or upgrading apps via Helm charts or YAML manifests
- Use it when scaling deployments, managing rollouts, or port-forwarding for quick local access
- Use it when you want a safe read/patch agent — enable non-destructive mode to block deletes and teardown
- Use it when doing node maintenance like cordon/drain or cleaning up stuck pods
Quick setup
- 1Install kubectl (and Helm v3 if needed) and confirm `kubectl get nodes` works against your cluster
- 2Make sure your kubeconfig has the right context selected
- 3Add the server to your MCP client, e.g. `claude mcp add kubernetes -- npx mcp-server-kubernetes` or the equivalent npx config block
- 4Optionally set ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS=true for a safer tool surface
- 5Restart the MCP client and confirm the kubectl tools load
- 6Verify with a read-only request such as listing pods or running the ping tool
Security notes
It inherits your active kubeconfig context and can modify or delete cluster resources by default; set ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS=true and point at a non-production context when experimenting. Note CVE-2026-46519: earlier versions only enforced the non-destructive flag at tool discovery, not execution — upgrade to v3.6.0 or later, and always confirm which cluster the current context targets.
Kubernetes MCP Server FAQ
Does it need credentials of its own?
No. It uses your existing kubeconfig and current context, so the agent inherits whatever cluster permissions you already have. There is no separate API key.
How do I stop it from deleting things?
Set ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS=true. This disables kubectl_delete, uninstall_helm_chart, cleanup_pods, node_management, and kubectl_generic while keeping read, create, and update tools.
Is Helm required?
Only if you want the Helm tools. Core kubectl operations work without Helm; install Helm v3 to enable install/upgrade/uninstall chart tools.
Are secrets exposed to the model?
The server masks sensitive values in secret operations to avoid leaking them into the conversation, though you should still be cautious about what cluster data an agent can read.
Which clients does it work with?
Any MCP client — it documents setup for Claude Desktop, Claude Code, VS Code/Cursor, and the Gemini CLI, and communicates over stdio or SSE.
Alternatives to Kubernetes MCP Server
GitHub's official server for repos, issues, PRs, and Actions — local Docker or hosted remote.
Official AWS Labs server that lets agents call any AWS API via the AWS CLI surface.
Grafana's official server for dashboards, Prometheus/Loki queries, alerts, and incidents.
Compare Kubernetes MCP Server with: