mcp-kubernetes

The server demonstrates a high level of security awareness with comprehensive documentation on best practices and explicit controls. Key strengths include: robust OAuth 2.1 implementation with PKCE, client registration security, and strong URL validation (HTTPS required, SSRF protection against private IPs/localhost by default). It offers 'Non-Destructive Mode' (enabled by default) and 'Dry-Run Mode' to prevent unintended changes, which is critical for AI agent interactions. Downstream OAuth mode enables per-user Kubernetes RBAC enforcement with a 'fail-closed' principle, preventing privilege escalation. ServiceAccount tokens are projected with short expiration and auto-rotated. Detailed RBAC profiles (minimal, readonly, standard, admin) are provided, with explicit warnings and required confirmations for dangerous 'admin' access. Structured audit logging with PII sanitization and OpenTelemetry instrumentation enhance observability and security monitoring. While it allows configuring less secure options (e.g., public client registration, private OAuth URLs) via explicit flags, these are clearly documented with strong warnings against production use.