mcp-ephemeral-k8s
Verified Safeby BobMerkus
Overview
Provides a Python library and server for dynamically creating, managing, and proxying ephemeral Model Context Protocol (MCP) servers within a Kubernetes cluster.
Installation
uvx mcp-ephemeral-k8sEnvironment Variables
- KUBECONFIG
- KUBECONTEXT
- MCP_SERVER_PORT
- GIT_PYTHON_REFRESH
- GITHUB_PERSONAL_ACCESS_TOKEN
- GITHUB_DYNAMIC_TOOLSETS
Security Notes
The server's core functionality involves creating, managing, and deleting Kubernetes resources, including Jobs, Pods, Services, ServiceAccounts, Roles, and RoleBindings (or ClusterRoles/ClusterRoleBindings). By default, the Helm chart requests 'clusterWide' RBAC, granting extensive permissions across the cluster, including the ability to 'bind' and 'escalate' roles (from charts/mcp-ephemeral-k8s/templates/role.yaml). This high level of privilege is necessary for its intended operations (spawning dynamic MCP servers with varying permissions), but it makes the server a high-value target. If the mcp-ephemeral-k8s server itself is compromised, it could lead to significant privilege escalation and control over the Kubernetes cluster. The provided source code does not show malicious patterns, obfuscation, or hardcoded secrets, and it uses environment variables for sensitive data.
Similar Servers
mcp-k8s
Facilitates natural language interaction and automation for Kubernetes cluster management and Helm operations via the Model Control Protocol (MCP).
zeromcp
A minimal, pure Python Model Context Protocol (MCP) server for exposing tools, resources, and prompts via HTTP/SSE and Stdio transports.
durable-mcp-python
A framework for building durable and fault-tolerant Model Context Protocol (MCP) servers in Python, enabling stateful operations and graceful recovery from disconnections or reboots.
mcp-servers
Provides an MCP server for Qdrant vector database integration, enabling AI agents to perform semantic search, store documents, and manage collections with advanced multi-tenant filtering capabilities.