kube-mcp
by thekaranpargaie
Overview
Facilitates Kubernetes cluster management and operations through natural language commands, acting as an AI assistant backend for developer and DevOps workflows.
Installation
node server.jsSecurity Notes
The server directly constructs and executes `kubectl` commands using `child_process.exec` where many arguments (e.g., pod names, commands for `exec`, file paths for `apply` and `cp`, patch data for `patch`, labels/annotations) are derived directly from user input without apparent sanitization. This is a severe command injection vulnerability, allowing a malicious actor to potentially execute arbitrary code on the host system where the MCP server is running. For example, injecting shell metacharacters into the `command` argument of the `exec` tool, or the `file` argument of `apply`, could lead to Remote Code Execution. The `port-forward` tool also has the potential to expose internal services if misused. Running this server requires significant trust in the input it receives and robust sanitization of all user-controlled arguments is critical.
Similar Servers
mcp-server-kubernetes
This MCP server enables AI agents to connect to and manage Kubernetes clusters by executing kubectl and Helm commands.
mcp-k8s-go
This MCP server enables interaction with Kubernetes clusters to list, get, apply, and execute commands on various resources through a conversational interface.
mcp-server-azure-devops
This server provides an AI agent with tools to interact with Azure DevOps services, including searching code, wikis, and work items, managing pull requests, retrieving project details, and handling pipeline operations.
mcp-k8s
Facilitates natural language interaction and automation for Kubernetes cluster management and Helm operations via the Model Control Protocol (MCP).