This directory contains deployment manifests for running kubectl-mcp-server in Kubernetes.
kMCP is a development platform and control plane for MCP servers that simplifies deployment to Kubernetes.
# Install kmcp CLI
curl -fsSL https://raw.githubusercontent.com/kagent-dev/kmcp/refs/heads/main/scripts/get-kmcp.sh | bash
# Install kmcp controller in your cluster
helm install kmcp-crds oci://ghcr.io/kagent-dev/kmcp/helm/kmcp-crds \
--namespace kmcp-system --create-namespace
kmcp install
# Deploy kubectl-mcp-server using npx (easiest)
kmcp deploy package --deployment-name kubectl-mcp-server \
--manager npx --args kubectl-mcp-server
# Or deploy using Docker image
kmcp deploy --file kmcp/kmcp.yaml --image rohitghumare64/kubectl-mcp-server:latestSee kmcp/kmcp.yaml for the MCPServer manifest.
Deploy directly to Kubernetes without kMCP:
# Using kustomize (recommended)
kubectl apply -k kubernetes/
# Or apply individual manifests
kubectl apply -f kubernetes/namespace.yaml
kubectl apply -f kubernetes/rbac.yaml
kubectl apply -f kubernetes/deployment.yaml
kubectl apply -f kubernetes/service.yamlkagent is a Kubernetes-native framework for building AI agents (CNCF project). Register kubectl-mcp-server as a ToolServer to give your agents 121 Kubernetes management tools.
# Install kagent
brew install kagent
# Or: curl https://raw.githubusercontent.com/kagent-dev/kagent/refs/heads/main/scripts/get-kagent | bash
# Install kagent to cluster with demo agents
export OPENAI_API_KEY="your-api-key"
kagent install --profile demo
# Register kubectl-mcp-server as a ToolServer (stdio - uses npx)
kubectl apply -f kagent/toolserver-stdio.yaml
# Or if kubectl-mcp-server is deployed in K8s (HTTP transport)
kubectl apply -f kagent/toolserver-http.yaml
# Optionally create a K8s admin agent
kubectl apply -f kagent/agent-k8s-admin.yaml
# Open kagent dashboard
kagent dashboardSee kagent/ for ToolServer manifests and example agents.
# Using Docker image directly with custom values
helm upgrade --install kubectl-mcp-server \
--set image.repository=rohitghumare64/kubectl-mcp-server \
--set image.tag=latest \
--set service.port=8000 \
./helm # Coming soondeploy/
├── kagent/ # kagent AI agent integration
│ ├── toolserver-stdio.yaml # ToolServer (stdio/npx transport)
│ ├── toolserver-http.yaml # ToolServer (HTTP transport)
│ └── agent-k8s-admin.yaml # Example K8s admin agent
├── kmcp/ # kMCP deployment manifests
│ └── kmcp.yaml # MCPServer custom resource
├── kubernetes/ # Standard Kubernetes manifests
│ ├── namespace.yaml # Namespace definition
│ ├── rbac.yaml # ServiceAccount, ClusterRole, ClusterRoleBinding
│ ├── deployment.yaml # Deployment with resource limits
│ ├── service.yaml # ClusterIP and NodePort services
│ └── kustomization.yaml # Kustomize configuration
└── README.md # This file
| Variable | Default | Description |
|---|---|---|
MCP_DEBUG |
0 |
Set to 1 for verbose logging |
MCP_LOG_FILE |
- | Path to log file |
The deployment uses SSE transport by default. Modify the args in deployment.yaml:
args:
- "--transport"
- "sse" # Options: stdio, sse, http, streamable-http
- "--port"
- "8000"The included RBAC configuration grants read-only access to most Kubernetes resources. For write operations (apply, delete, scale), you'll need to modify rbac.yaml to add write permissions.
kubectl port-forward -n kubectl-mcp svc/kubectl-mcp-server 8000:8000Access via http://<node-ip>:30800
Create an Ingress resource pointing to the kubectl-mcp-server service.
# Check pods
kubectl get pods -n kubectl-mcp
# Check logs
kubectl logs -n kubectl-mcp -l app=kubectl-mcp-server
# Test health endpoint
kubectl port-forward -n kubectl-mcp svc/kubectl-mcp-server 8000:8000 &
curl http://localhost:8000/health- RBAC: The default configuration uses read-only permissions
- Non-destructive mode: Add
--disable-destructiveto args for extra safety - Network Policies: Consider adding NetworkPolicy to restrict access
- Secrets: Secrets are masked in output by default