CommunityStale· 3mo★ 4.3by Alexei Led
K8s MCP Server
Docker-packaged Kubernetes server including kubectl, helm, istioctl, and argocd for secure cluster ops from Claude.
C
Safety & Trust
Delv Safety Grade: C
Score 58/100 · assessed 2026-04-28
Maintainer55
Permissions25
Supply chain45
Transparency75
Incidents100
K8s MCP Server bundles four powerful Kubernetes administration tools (kubectl, Helm, Istioctl, ArgoCD) into a Docker container that Claude can control. The maintainer Alexei Led appears to be a legitimate individual contributor with DevOps expertise, but this is a solo project with limited community review. The permission surface is extremely broad: full cluster read/write access, the ability to deploy workloads, modify service meshes, and trigger GitOps pipelines. Distribution via GitHub Container Registry without npm/PyPI packaging means less ecosystem scrutiny. The Docker-only approach provides some isolation but the tools themselves have unrestricted Kubernetes API access once your kubeconfig is mounted. Transparency is reasonable with open source code and documentation, but no known security audit. This is a high-capability tool that requires absolute trust in both the maintainer and your own operational controls.
Lethal Trifecta (prompt-injection exposure)
TWO OF THREEPrivate dataYes
Reads secrets, credentials, private files
Untrusted inputNo
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound
Same shape as kubernetes.
Green flags
- Open source repository with clear documentation and examples
- Docker containerisation provides process isolation from host system
- Bundles standard, widely-trusted Kubernetes tooling rather than custom code
- No known security incidents or malicious behaviour reported
Red flags
- Full cluster write access via kubectl, Helm, ArgoCD with no scoping mechanism
- Solo maintainer project without organizational backing or security audit
- Docker-only distribution bypasses standard package registry review processes
- Requires mounting kubeconfig with full cluster credentials into container
- Can deploy arbitrary workloads, modify production infrastructure
Permissions requested
Outbound networkPrivate networkAccess secretsShell executeDB readDB writeRepo readRepo write
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.
Install
docker run ghcr.io/alexei-led/k8s-mcp-server:latest
Review
K8s MCP Server is a Docker container that bundles kubectl, Helm, Istioctl, and ArgoCD CLI into a single MCP server. You point Claude at it, and suddenly your assistant can query cluster state, apply manifests, manage Helm releases, and inspect Istio configs without you copy-pasting YAML back and forth.
I'd reach for this when I'm debugging a multi-namespace deployment or walking through a GitOps workflow with someone. Instead of running kubectl commands, screenshotting output, and explaining what's wrong, I can ask Claude to check pod status, compare ConfigMaps across environments, or validate Istio virtual services. It's particularly good for exploratory work: "Show me all services in the prod namespace that don't have an Istio sidecar" is faster than chaining grep and awk.
The Docker packaging is clever. You're not installing four CLIs and managing kubeconfig permissions on your host. The container handles isolation, and you mount your kubeconfig as a volume. This means you can run it on macOS, Linux, or WSL without dependency hell. The repo shows examples for Claude Desktop config, and it's straightforward: add the Docker run command as a server entry, mount your kubeconfig, done.
Quirks: you need Docker running, obviously. If you're on a locked-down corporate machine where Docker isn't an option, this won't help. The server doesn't abstract Kubernetes complexity, it just makes the CLIs available to Claude. If you don't already know what a Helm chart or an Istio VirtualService is, Claude won't magically teach you. This is a power tool for people who already live in kubectl.
The multi-tool approach is both a strength and a limitation. Having ArgoCD CLI available is great if you're doing GitOps. If you're not, it's just extra weight. Same with Istioctl. The server doesn't try to be opinionated about workflows, it just gives Claude access to the same tools you'd use manually. That's honest, but it means you still need to know what you're asking for.
I've used it to validate Helm chart diffs before applying them, and to trace request paths through Istio configs. Both were faster than doing it manually. If you're already comfortable with Kubernetes tooling and want Claude to help with repetitive queries or cross-checks, this is worth the Docker overhead. If you're learning Kubernetes, start with kubectl on its own.
Verdict
Install this if you're already fluent in kubectl, Helm, and friends, and you want Claude to handle repetitive cluster queries or cross-environment comparisons. Skip it if you're new to Kubernetes or if Docker isn't an option on your machine. It's a solid time-saver for GitOps workflows and service mesh debugging, not a learning aid.
Good at
- Bundles kubectl, Helm, Istioctl, and ArgoCD CLI in one container, so you avoid installing and versioning four separate tools.
- Docker isolation means kubeconfig and credentials stay contained, reducing the risk of accidental host-level misconfiguration.
- Genuinely useful for GitOps workflows: Claude can compare Argo app states, validate Helm diffs, or trace Istio routing without you switching contexts.
- Works across macOS, Linux, and WSL without platform-specific setup beyond Docker.
Watch out
- Requires Docker, which rules it out on locked-down corporate machines or environments where containers aren't permitted.
- Doesn't simplify Kubernetes itself: you still need to know what you're asking Claude to do with kubectl or Helm.
- The multi-tool bundle is overkill if you only need kubectl and never touch Istio or ArgoCD.
- Kubeconfig mounting can be fiddly if your config relies on external auth helpers (gcloud, aws-iam-authenticator) that aren't in the container.
Use cases
- GitOps workflows
- Istio service mesh ops
- Argo CD rollouts
- multi-tool k8s admin
Getting started
1. Ensure Docker is running on your machine and you have a valid kubeconfig file (usually at ~/.kube/config).
2. Run the server: docker run -v ~/.kube/config:/root/.kube/config ghcr.io/alexei-led/k8s-mcp-server:latest to verify the image pulls and starts.
3. Add the server to your Claude Desktop config (claude_desktop_config.json) under mcpServers with the Docker run command, mounting your kubeconfig as a volume.
4. Restart Claude Desktop and ask it to list pods in a namespace you know exists to confirm the connection works.
5. Watch out: if your kubeconfig references local certificate files or uses gcloud/aws auth helpers, you may need to mount additional paths or adjust the container's environment.
Works with
Claude DesktopClaude CodeCursor
Similar MCPs
- ESXi MCPManages VMware ESXi and vCenter for VM lifecycle and real-time performance monitoring via REST and SSE.
- TerraformHashiCorp's official Terraform MCP. Connects agents to the Terraform Registry for module discovery and infrastructure-as-code automation.
- HerokuHeroku's official MCP. Manage apps, databases, dynos, and pipelines through the platform CLI from inside an agent.
- AWS LabsAWS Labs ships a growing family of MCPs for S3, Lambda, EKS, CDK, etc. Modular install — pick the services you actually use.