MCP Server for Kubernetes

A server for managing Kubernetes clusters using the Model Context Protocol.

GitHub

MCP Kubernetes Server

A Model Context Protocol (MCP) server for Kubernetes, supporting chunked HTTP streaming, advanced troubleshooting prompts, and full Kubernetes resource/tool coverage.

Prerequisites

  • Node.js v18+ (for local dev/build)
  • Docker (for containerization)
  • Access to a Kubernetes cluster (AKS, EKS, GKE, or local)
  • kubectl configured (for testing and kubeconfig management)

1. Build and Run Locally

npm install
npm run build
MCP_TRANSPORT=http-chunked npm start
  • By default, the server uses your local kubeconfig (~/.kube/config or C:\Users\<username>\.kube\config).
  • To use a custom kubeconfig, set the KUBECONFIG environment variable: 
    export KUBECONFIG=/path/to/your/kubeconfig
npm start

2. Dockerize the MCP Server

Build the Docker image

docker build -t yourrepo/mcp-server:latest .

Push to your registry

docker push yourrepo/mcp-server:latest

3. Deploy on Kubernetes (AKS, EKS, GKE)

Edit the image name in k8s-mcp-server.yaml:

Replace yourrepo/mcp-server:latest with your image name.

Apply the manifest

kubectl apply -f k8s-mcp-server.yaml
  • This creates a namespace, ServiceAccount, RBAC, Deployment, and Service.
  • By default, the Service is ClusterIP (internal). Change to LoadBalancer or NodePort for external access.

4. Using the MCP Server

HTTP Chunked Endpoint

  • The server exposes /call-tool-chunked on port 3000.
  • Example (using curl): 
    curl -X POST http://<server-ip>:3000/call-tool-chunked \
  -H "Content-Type: application/json" \
  -d '{"name": "get_pods", "args": {"namespace": "default"}}'
  • The response will stream progress and results as JSON lines.

Using Prompts

  • To use a prompt, POST to /call-tool-chunked with the prompt name, e.g.: 
    curl -X POST http://<server-ip>:3000/call-tool-chunked \
  -H "Content-Type: application/json" \
  -d '{"name": "k8s-pod-crashloop-diagnose", "args": {"podName": "my-pod", "namespace": "default"}}'

5. Kubeconfig and Permissions

  • The MCP server uses the kubeconfig available in the container (default: /root/.kube/config).
  • For in-cluster deployments, it uses the ServiceAccount and RBAC provided in the manifest.
  • To use a custom kubeconfig, mount it as a secret and update the Deployment (see commented lines in the manifest).

6. Security Notes

  • Do not expose the MCP server to the public internet without authentication and TLS.
  • Use network policies, firewalls, or VPNs to restrict access.
  • Use least-privilege RBAC for the ServiceAccount.

7. Extending and Customizing

  • Add new tools, resources, or prompts in the src/ directory.
  • Rebuild and redeploy the Docker image after making changes.

8. Troubleshooting

  • Check logs with kubectl logs -n mcp-server deploy/mcp-server.
  • Ensure the ServiceAccount has the required permissions for your use case.
  • For local testing, ensure your kubeconfig is valid and has cluster access.

License

MIT

Related Servers