k8s-mcp
by dotcomrow
Overview
The server provides a Kubernetes Management Plane (MCP) via an OpenAPI interface, designed for AI integration, offering both read-only and administrative access to Kubernetes resources.
Installation
No command providedEnvironment Variables
- RESET_SCHEMAS
- YSQL_SU_KV_PATH
Security Notes
The deployment utilizes Vault for secret management, which is a strong security practice. It separates read-only and admin access with distinct Kubernetes RBAC roles and service accounts. However, the `mcp-server-admin` role grants broad administrative privileges (`verbs: ["*"]`) making the admin instance a high-value target. A significant security concern is the `NetworkPolicy` allowing ingress from `0.0.0.0/0` to port 8080, which means any pod in the cluster can communicate with these services, increasing the attack surface. The CORS configuration is also overly permissive (`allow_origins: ["*"]`). Some initContainers run as root, which is generally discouraged, though often necessary for setup and limited in scope.
Similar Servers
bifrost
A high-performance AI gateway with a unified interface for multiple LLM providers, offering real-time monitoring and configuration.
kubernetes-mcp-server
Facilitates AI agent interaction with Kubernetes and OpenShift clusters by exposing management and observability tools via the Model Context Protocol.
lunar
The Lunar MCP Server acts as an HTTP proxy, designed to intercept, analyze, and manage API traffic within a Python environment, applying policies for caching, throttling, queueing, and collecting data for observability.
metorial-platform
An open source integration platform for agentic AI, connecting AI models to external APIs, data sources, and tools.