kom
by weibaohui
Overview
Manages Kubernetes clusters and resources through an SDK-level wrapper and an MCP (Multi-Cluster Platform) server, offering features like CRUD, file operations, log fetching, and SQL-like querying.
Installation
go build main.go && ./komEnvironment Variables
- KUBECONFIG
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_DEFAULT_REGION
- AWS_ROLE_ARN
- AWS_ROLE_SESSION_NAME
Security Notes
The project allows powerful Kubernetes operations, including creating privileged pods (`CreateNodeShell`, `CreateKubectlShell` functions in `kom/ctl_node.go`) with `privileged: true`, `hostNetwork: true`, `hostPID: true`, and broad tolerations. This constitutes a significant privilege escalation vector if access to the MCP server is not rigorously controlled. The basic HTTP header-based `authKey` mechanism in `main.go` is illustrative and implies that robust external authentication and authorization are required, but not built-in. Kubeconfig handling (loading from paths, strings, or generated from AWS credentials) is a critical component that can be exploited if sources are untrusted. AWS credentials, if hardcoded in examples and used verbatim by users, pose a severe risk. File operations within pods and SQL-like querying of Kubernetes resources introduce additional attack surfaces that need careful validation and authorization checks to prevent unintended data exposure or manipulation.
Similar Servers
remote-mcp-functions
Provides remote utilities or services for Minecraft Coder Pack (MCP) development environments.
rf-mcp
Facilitates AI agents to perform end-to-end test automation using Robot Framework, supporting tool discovery, step-by-step execution, and test suite generation through a natural language interface.
FerrumMCP
A browser automation server for AI assistants, enabling interaction with web pages through the Model Context Protocol.
mcp
This MCP server assists developers by identifying inefficient or outdated npm packages in install commands and source files, providing migration documentation.