Kubernetes Read Only MCP Server
# mcp-k8s-ro
A read-only MCP server that gives Claude access to Kubernetes clusters. Built in Go, communicates over stdio using the MCP protocol.
## Design
- **Read-only** — only `get`, `describe`, `logs`, and `top` style operations. No create, update, or delete. If a mutating operation is needed, the server prints the equivalent `kubectl` command for you to run manually. Safe to use while on-call at night: Claude can never accidentally mutate your cluster, even under prompt fatigue.
- **Secret-safe** — secret values are masked before being sent to the model, so your secrets cannot leak due to misconfiguration or prompt injection.
- **Token-efficient** — responses include only relevant fields (name, status, restarts, etc.) rather than raw Kubernetes API objects, keeping context usage low.
- **Cluster-aware** — every response includes the active context and cluster name, so Claude always knows which cluster it is talking to.
- **Context-pinned** — the server locks to the active kubeconfig context at startup. Switching contexts in another terminal has no effect on the running server.
- **No extra infra** — runs as a local binary or Docker container, connects to whatever kubeconfig context is active at startup.
## Redacted fields
| Object/Field | Reason |
|--------------------------------------------------------|----------------------------------------------------------|
| Secret.data | Secret leak prevention |
| Secret.stringData | Secret leak prevention |
| CertificateSigningRequest.spec.request | Large base64 PEM blob, no diagnostic value, saves tokens |
| Certificate (cert-manager) .spec.keystores | Cert chain PEM blobs, no diagnostic value, saves tokens |
| Certificate (cert-manager) status.conditions[].message | Cert chain PEM blobs, no diagnostic value, saves tokens |
| *.managedFields | No diagnostic value, saves tokens |
## Tools
| Tool | Description |
|---------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `k8s_list_resources` | List any resource type by name — pods, deployments, CRDs, etc. Accepts optional namespace filter. Returns name, status, readiness, restarts, node, IP, and more depending on resource kind. |
| `k8s_describe_resource` | Return the full YAML of a single resource. Secret data is masked. |
| `k8s_list_resource_types` | List all available resource types via the discovery API. Accepts optional API group filter. |
| `k8s_get_logs` | Fetch pod logs. Supports container selector, tail lines, and `--previous` for crashed containers. |
| `k8s_get_events` | List Kubernetes events for a namespace or the whole cluster, sorted by most recent. |
| `k8s_top_pods` | CPU and memory usage per pod, with per-container breakdown. Requires metrics-server. |
| `k8s_top_nodes` | CPU and memory usage per node, with percentage of allocatable capacity. Requires metrics-server. |
## Configuration
| Environment variable | Default | Description |
|----------------------|------------------|-------------------------|
| `KUBECONFIG` | `~/.kube/config` | Path to kubeconfig file |
## Usage with Claude
### Binary
Build the binary and add it to your Claude Desktop or `claude` CLI configuration:
```bash
make build
# binary is written to bin/mcp-k8s-ro
```
```json
{
"mcpServers": {
"k8s": {
"type" : "stdio",
"command": "/path/to/bin/mcp-k8s-ro",
"env": {
"KUBECONFIG": "/path/to/.kube/config"
}
}
}
}
```
Or via the CLI:
```bash
claude mcp add --transport stdio --scope user mcp-k8s-ro [path to binary]
```
### Docker
Pull the image from GitHub Container Registry (pinning a specific version is recommended):
```bash
docker pull ghcr.io/your-ko/mcp-k8s-ro:latest
```
Add it to your Claude Desktop or `claude` CLI configuration. The kubeconfig directory is mounted read-only into the container:
```json
{
"mcpServers": {
"k8s": {
"command": "docker",
"args": [
"run", "--rm", "-i",
"-v", "/path/to/.kube:/home/nonroot/.kube:ro",
"ghcr.io/your-ko/mcp-k8s-ro:latest"
]
}
}
}
```
If your kubeconfig is in a non-standard location, pass it via `KUBECONFIG`:
```json
{
"mcpServers": {
"k8s": {
"command": "docker",
"args": [
"run", "--rm", "-i",
"-e", "KUBECONFIG=/config/my-kubeconfig",
"-v", "/path/to/my-kubeconfig:/config/my-kubeconfig:ro",
"ghcr.io/your-ko/mcp-k8s-ro:latest"
]
}
}
}
```
## Single-cluster design
The server intentionally operates on one kubeconfig context and provides no tool to switch clusters at runtime. The reasons are:
- **Prompt injection isolation** — a malicious value in one cluster's resources (e.g. a pod annotation) cannot instruct Claude to pivot to a different cluster, including production.
- **Explicit audit boundary** — every tool response includes the context and cluster name, so there is never ambiguity about which cluster was queried.
**To point the server at a different cluster**, stop the server, switch context, and restart:
```bash
kubectl config use-context my-other-cluster
# then restart the MCP server / reload Claude Desktop
```
**To work with multiple clusters simultaneously**, register a separate server instance per cluster in your MCP config:
```json
{
"mcpServers": {
"k8s-staging": {
"type": "stdio",
"command": "/path/to/bin/mcp-k8s-ro",
"env": { "KUBECONFIG": "/path/to/.kube/config" }
},
"k8s-prod": {
"type": "stdio",
"command": "/path/to/bin/mcp-k8s-ro",
"env": { "KUBECONFIG": "/path/to/.kube/config-prod" }
}
}
}
```
Claude will address each [.claude.json](../../.claude.json)server by name and each instance only ever sees its own cluster.
Overview
mcp-k8s-ro
A read-only MCP server that gives Claude access to Kubernetes clusters. Built in Go, communicates over stdio using the MCP protocol.
Design
- Read-only — only
get,describe,logs, andtopstyle operations. No create, update, or delete. If a mutating operation is needed, the server prints the equivalentkubectlcommand for you to run manually. Safe to use while on-call at night: Claude can never accidentally mutate your cluster, even under prompt fatigue. - Secret-safe — secret values are masked before being sent to the model, so your secrets cannot leak due to misconfiguration or prompt injection.
- Token-efficient — responses include only relevant fields (name, status, restarts, etc.) rather than raw Kubernetes API objects, keeping context usage low.
- Cluster-aware — every response includes the active context and cluster name, so Claude always knows which cluster it is talking to.
- Context-pinned — the server locks to the active kubeconfig context at startup. Switching contexts in another terminal has no effect on the running server.
- No extra infra — runs as a local binary or Docker container, connects to whatever kubeconfig context is active at startup.
Redacted fields
| Object/Field | Reason |
|---|---|
| Secret.data | Secret leak prevention |
| Secret.stringData | Secret leak prevention |
| CertificateSigningRequest.spec.request | Large base64 PEM blob, no diagnostic value, saves tokens |
| Certificate (cert-manager) .spec.keystores | Cert chain PEM blobs, no diagnostic value, saves tokens |
| Certificate (cert-manager) status.conditions[].message | Cert chain PEM blobs, no diagnostic value, saves tokens |
| *.managedFields | No diagnostic value, saves tokens |
Tools
| Tool | Description |
|---|---|
k8s_list_resources | List any resource type by name — pods, deployments, CRDs, etc. Accepts optional namespace filter. Returns name, status, readiness, restarts, node, IP, and more depending on resource kind. |
k8s_describe_resource | Return the full YAML of a single resource. Secret data is masked. |
k8s_list_resource_types | List all available resource types via the discovery API. Accepts optional API group filter. |
k8s_get_logs | Fetch pod logs. Supports container selector, tail lines, and --previous for crashed containers. |
k8s_get_events | List Kubernetes events for a namespace or the whole cluster, sorted by most recent. |
k8s_top_pods | CPU and memory usage per pod, with per-container breakdown. Requires metrics-server. |
k8s_top_nodes | CPU and memory usage per node, with percentage of allocatable capacity. Requires metrics-server. |
Configuration
| Environment variable | Default | Description |
|---|---|---|
KUBECONFIG | ~/.kube/config | Path to kubeconfig file |
Usage with Claude
Binary
Build the binary and add it to your Claude Desktop or claude CLI configuration:
make build
# binary is written to bin/mcp-k8s-ro
{
"mcpServers": {
"k8s": {
"type" : "stdio",
"command": "/path/to/bin/mcp-k8s-ro",
"env": {
"KUBECONFIG": "/path/to/.kube/config"
}
}
}
}
Or via the CLI:
claude mcp add --transport stdio --scope user mcp-k8s-ro [path to binary]
Docker
Pull the image from GitHub Container Registry (pinning a specific version is recommended):
docker pull ghcr.io/your-ko/mcp-k8s-ro:latest
Add it to your Claude Desktop or claude CLI configuration. The kubeconfig directory is mounted read-only into the container:
{
"mcpServers": {
"k8s": {
"command": "docker",
"args": [
"run", "--rm", "-i",
"-v", "/path/to/.kube:/home/nonroot/.kube:ro",
"ghcr.io/your-ko/mcp-k8s-ro:latest"
]
}
}
}
If your kubeconfig is in a non-standard location, pass it via KUBECONFIG:
{
"mcpServers": {
"k8s": {
"command": "docker",
"args": [
"run", "--rm", "-i",
"-e", "KUBECONFIG=/config/my-kubeconfig",
"-v", "/path/to/my-kubeconfig:/config/my-kubeconfig:ro",
"ghcr.io/your-ko/mcp-k8s-ro:latest"
]
}
}
}
Single-cluster design
The server intentionally operates on one kubeconfig context and provides no tool to switch clusters at runtime. The reasons are:
- Prompt injection isolation — a malicious value in one cluster's resources (e.g. a pod annotation) cannot instruct Claude to pivot to a different cluster, including production.
- Explicit audit boundary — every tool response includes the context and cluster name, so there is never ambiguity about which cluster was queried.
To point the server at a different cluster, stop the server, switch context, and restart:
kubectl config use-context my-other-cluster
# then restart the MCP server / reload Claude Desktop
To work with multiple clusters simultaneously, register a separate server instance per cluster in your MCP config:
{
"mcpServers": {
"k8s-staging": {
"type": "stdio",
"command": "/path/to/bin/mcp-k8s-ro",
"env": { "KUBECONFIG": "/path/to/.kube/config" }
},
"k8s-prod": {
"type": "stdio",
"command": "/path/to/bin/mcp-k8s-ro",
"env": { "KUBECONFIG": "/path/to/.kube/config-prod" }
}
}
}
Claude will address each .claude.jsonserver by name and each instance only ever sees its own cluster.
Server Config
{
"mcpServers": {
"k8s": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"-v",
"${HOME}/.kube:/root/.kube:ro",
"ghcr.io/your-ko/mcp-k8s-ro:latest"
]
}
}
}Recommend Servers
TraeBuild with Free GPT-4.1 & Claude 3.7. Fully MCP-Ready.
Y GuiA web-based graphical interface for AI chat interactions with support for multiple AI models and MCP (Model Context Protocol) servers.
DeepChatYour AI Partner on Desktop
Tavily Mcp
RedisA Model Context Protocol server that provides access to Redis databases. This server enables LLMs to interact with Redis key-value stores through a set of standardized tools.
MCP AdvisorMCP Advisor & Installation - Use the right MCP server for your needs
AiimagemultistyleA Model Context Protocol (MCP) server for image generation and manipulation using fal.ai's Stable Diffusion model.
WindsurfThe new purpose-built IDE to harness magic
Zhipu Web SearchZhipu Web Search MCP Server is a search engine specifically designed for large models. It integrates four search engines, allowing users to flexibly compare and switch between them. Building upon the web crawling and ranking capabilities of traditional search engines, it enhances intent recognition capabilities, returning results more suitable for large model processing (such as webpage titles, URLs, summaries, site names, site icons, etc.). This helps AI applications achieve "dynamic knowledge acquisition" and "precise scenario adaptation" capabilities.
Baidu Map百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。
MiniMax MCPOfficial MiniMax Model Context Protocol (MCP) server that enables interaction with powerful Text to Speech, image generation and video generation APIs.
Playwright McpPlaywright MCP server
Amap Maps高德地图官方 MCP Server
BlenderBlenderMCP connects Blender to Claude AI through the Model Context Protocol (MCP), allowing Claude to directly interact with and control Blender. This integration enables prompt assisted 3D modeling, scene creation, and manipulation.
Jina AI MCP ToolsA Model Context Protocol (MCP) server that integrates with Jina AI Search Foundation APIs.
CursorThe AI Code Editor
EdgeOne Pages MCPAn MCP service designed for deploying HTML content to EdgeOne Pages and obtaining an accessible public URL.
ChatWiseThe second fastest AI chatbot™
Serper MCP ServerA Serper MCP Server
Visual Studio Code - Open Source ("Code - OSS")Visual Studio Code
Howtocook Mcp基于Anduin2017 / HowToCook (程序员在家做饭指南)的mcp server,帮你推荐菜谱、规划膳食,解决“今天吃什么“的世纪难题;
Based on Anduin2017/HowToCook (Programmer's Guide to Cooking at Home), MCP Server helps you recommend recipes, plan meals, and solve the century old problem of "what to eat today"