mcp-k8s is a dedicated MCP Server acting as a secure gateway between AI models and Kubernetes clusters. It enables AI agents, like LLMs, to understand and manage your K8s environment via the standardized Model Control Protocol. Core capabilities include discovering available API resources (both built-in and CRDs) and executing specific CRUD operations (Create, Read, Update, Delete) on them, with configurable safety controls for write actions. Leveraging Go and the official Kubernetes client-go library, mcp-k8s translates instructions from MCP clients into direct K8s API interactions using standard kubeconfig authentication. This unlocks powerful use cases for developers and SREs, simplifying complex kubectl tasks into natural language queries, automating resource management, and streamlining debugging workflows. Integration is flexible via standard I/O (stdio) or HTTP/SSE transport, allowing seamless connection with various MCP clients.

Kubernetes Resource Management

This core feature enables AI models, through an MCP client, to perform fundamental Create, Read, Update, and Delete (CRUD) operations on Kubernetes resources. mcp-k8s acts as a bridge, translating standardized MCP requests into specific Kubernetes API calls using the client-go library. It exposes dedicated MCP tools like get_resource (Read), list_resources (Read multiple), create_resource (Create), update_resource (Update), and delete_resource (Delete). This allows developers and AI models to manage deployments, services, pods, configmaps, and other resources without directly using kubectl or the Kubernetes API. For instance, a developer could instruct an LLM integrated with mcp-k8s to "Scale the 'frontend' deployment in the 'production' namespace to 5 replicas." The LLM would formulate an MCP request using the update_resource tool, which mcp-k8s then executes against the target cluster specified via the kubeconfig file. This significantly lowers the barrier to entry for Kubernetes management and enables powerful automation scenarios driven by natural language or AI logic.

Dynamic API Resource Discovery

mcp-k8s provides the capability to dynamically discover the types of resources available within a connected Kubernetes cluster, including both built-in resources and Custom Resource Definitions (CRDs). This is achieved through the get_api_resources MCP tool. When invoked by an MCP client, this tool queries the Kubernetes API server to retrieve a comprehensive list of manageable resource types, along with their API group, version, and kind (GVK). This functionality is crucial because Kubernetes clusters can vary significantly based on installed operators and CRDs. By first querying available resources, an AI model or automation script can understand the specific capabilities of the target cluster before attempting operations. For example, an AI assistant tasked with managing a specific application defined by a CRD (e.g., MyDatabase) can first use get_api_resources to confirm the MyDatabase resource exists and determine its correct GVK before attempting to list or modify instances of it. This ensures compatibility and adaptability across diverse Kubernetes environments.

Configurable Write Permissions

A key security and operational feature of mcp-k8s is the ability to granularly control whether write operations (Create, Update, Delete) are permitted. This is managed through command-line flags (-enable-create, -enable-update, -enable-delete) when starting the mcp-k8s server. By default, all write operations are disabled, forcing administrators to explicitly enable them. This "read-only by default" approach enhances safety, preventing accidental or unauthorized modifications to the Kubernetes cluster by the connected AI model or client. Administrators can choose to enable only specific operations based on the intended use case. For example, an instance of mcp-k8s used purely for monitoring cluster state might only have list/get operations enabled (-enable-list is true by default), while an instance used for automated application deployment might have -enable-create and -enable-update set to true, but -enable-delete kept false. This fine-grained control allows mcp-k8s to be deployed safely in various scenarios, balancing functionality with risk mitigation.

Flexible Transport Mechanisms

mcp-k8s supports multiple transport mechanisms for communication between the MCP server and client, enhancing its integration flexibility. By default, it operates using standard input/output (stdio), which is ideal for scenarios where the MCP client runs mcp-k8s as a local child process. This is simple and requires minimal setup. Alternatively, mcp-k8s can be configured to run in HTTP/SSE (Server-Sent Events) mode using the -transport=sse flag, along with -host and -port settings. In this mode, mcp-k8s exposes an HTTP endpoint (e.g., http://localhost:8080/sse) that MCP clients can connect to over the network. This allows mcp-k8s to run as a standalone service, potentially on a different machine or container than the client, facilitating microservice architectures or remote access scenarios (though security implications must be considered for remote access). This dual support ensures developers can choose the most appropriate communication method for their specific architecture and deployment needs, aligning with the MCP principle of transport flexibility.