npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

k8scortex-mcp

v1.0.2

Published

Production-grade MCP server for Kubernetes — 75 tools across GKE, AKS, EKS, OpenShift and Minikube with RBAC, audit logging, GitOps (ArgoCD + Flux), and multi-cluster support

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

apatilgtnapatilgtn

Keywords

mcpmodel-context-protocolkubernetesk8skubectlclaudeai-agentgitopsfluxfluxcdargocddevopsplatform-engineeringgkeakseksopenshifthelmkustomizemulticluster

Readme

K8sCortex — Kubernetes MCP Server

A production-grade Model Context Protocol (MCP) server that gives developers, AI agents, and automation pipelines a single, secure, natural-language interface to Kubernetes — across any cloud, any cluster, any team.

Features

  • Curated multi-domain toolset across workload, deployment, configuration, observability, jobs, networking, GitOps, cluster admin, and generic read paths
  • Multi-cluster routing — target any registered cluster with a single cluster parameter
  • Entra ID OIDC authentication with per-tool RBAC (5-tier role hierarchy)
  • Structured audit logging — every tool call recorded with caller identity, arguments, and outcome
  • Dual transport — SSE/HTTP for programmatic clients + stdio for Claude Desktop
  • Azure Key Vault integration for dynamic credential management with 5-minute TTL cache
  • Dry-run safety — destructive tools default to simulation mode
  • Generic read coverage — list/get support for resources outside curated write paths to avoid troubleshooting dead-ends

Quick Start

Prerequisites

  • Node.js ≥ 18
  • A Kubernetes cluster (minikube, Rancher Desktop, or AKS)
  • kubectl configured with a valid context

Install & Run

# Clone
git clone https://github.com/your-org/k8scortex-mcp.git
cd k8scortex-mcp

# Install
npm install

# Build
npm run build

# Run (local dev mode — auth bypassed)
DISABLE_AUTH=true PORT=3001 npm run dev

Connect with MCP Inspector

npx @modelcontextprotocol/inspector sse http://localhost:3001/mcp

Connect with Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "k8scortex": {
      "command": "node",
      "args": ["<path-to>/k8scortex-mcp/dist/stdio.js"],
      "env": {
        "DISABLE_AUTH": "true",
        "KUBECONFIG": "~/.kube/config"
      }
    }
  }
}

Restart Claude Desktop. Ask: "List all pods in the default namespace".

Tools

K8sCortex intentionally keeps writes curated and governed, while allowing flexible read access for diagnostics.

| Domain | Tool | Description | |---|---|---| | Workload | list_pods | List pods with status and IP | | Workload | get_pod_logs | Fetch container logs | | Workload | describe_deployment | Full deployment spec | | Workload | list_statefulsets | List StatefulSets with rollout status | | Workload | describe_statefulset | Detailed StatefulSet spec/status | | Workload | list_daemonsets | List DaemonSets with scheduling status | | Workload | describe_daemonset | Detailed DaemonSet spec/status | | Workload | list_nodes | Cluster nodes with Ready status | | Deploy | scale_deployment | Scale replicas (dry-run default) | | Deploy | restart_pod | Delete pod to trigger restart | | Config | get_configmap | Read ConfigMap data | | Config | describe_namespace_quota | Resource quota usage | | Config | list_events | Recent namespace events | | Config | list_persistent_volume_claims | PVC status, bound volume, storage class, capacity | | Config | get_effective_permissions | ServiceAccount SubjectAccessReview matrix | | Generic Read | list_k8s_resources | Generic list for arbitrary resource kinds | | Generic Read | get_k8s_resource | Generic get for arbitrary resource kinds | | Observe | get_hpa_status | HPA metrics and scaling | | Observe | list_warning_events | Warning events for triage | | Observe | get_node_pressure | Node memory/disk/PID pressure | | Multi | list_clusters | All registered clusters | | Multi | get_cluster_info | Node count, versions, architecture |

For the evolving full catalog, see docs/developer-guide.md.

Managed Risk

The largest functional risk in Kubernetes MCP is dead-end visibility on non-curated resources (for example StatefulSets, DaemonSets, PVCs, or CRDs). KubeNexus addresses this by combining:

  • Governed writes: high-impact operations remain explicit, role-gated, and often dry-run by default.
  • Flexible reads: generic read tools cover arbitrary resource kinds for diagnostics.

This keeps the governance posture strong while preserving practical troubleshooting coverage.

Scope Boundaries (v1)

K8sCortex is designed as a governed platform interface, not an unrestricted Kubernetes super-client.

  • Generic write for any resource: intentionally out of scope in v1. Writes are curated and role-gated by design.
  • Pod exec interactive sessions: intentionally out of scope in v1. This requires stronger session controls and command-level auditing that are planned for a later version.

Architecture

Claude / Prism Agent / CI-CD
        │
        ▼
┌──────────────────────────────┐
│     K8sCortex MCP Server     │
│  OIDC → RBAC → Tool → Audit │
│         │                    │
│   Cluster Store (Key Vault)  │
└──────────┬───────────────────┘
           │
    ┌──────┼──────┐
    ▼      ▼      ▼
   AKS    EKS    GKE

Security

  • Authentication: Entra ID OIDC tokens validated on every request
  • Authorization: Role-based tool access (developerplatform-engineer)
  • Audit: JSON-structured log per invocation with user, tool, args, status
  • Network: ClusterIP only — no public endpoint
  • Credentials: Key Vault with 5-minute TTL cache, no kubeconfigs on disk

Project Structure

src/
├── index.ts              # Express SSE server
├── stdio.ts              # Stdio entry point (Claude Desktop)
├── auth.ts               # OIDC middleware
├── roles.ts              # RBAC role hierarchy
├── audit.ts              # Audit logger
├── context.ts            # AsyncLocalStorage user context
├── cluster-store.ts      # Dynamic K8s client factory
├── kubernetes.ts         # Client re-export
└── tools/
    ├── workload.ts       # list_pods, get_pod_logs, describe_deployment, list_nodes
    ├── deployment.ts     # scale_deployment, restart_pod
    ├── configuration.ts  # get_configmap, describe_namespace_quota, list_events
    ├── observability.ts  # get_hpa_status, list_warning_events, get_node_pressure
    └── multicluster.ts   # list_clusters, get_cluster_info

kubernetes/               # Production manifests
├── namespace.yaml
├── deployment.yaml
├── service.yaml
├── rbac.yaml
├── network-policy.yaml
├── hpa.yaml
├── secret-provider-class.yaml
└── alerts.yaml           # Prometheus alerting rules

docs/
├── developer-guide.md    # End-user documentation
├── operator-runbook.md   # Platform team operations
├── slos.md               # Service level objectives
└── adrs/                 # Architecture decision records
    ├── ADR-001-tool-taxonomy.md
    ├── ADR-002-idp-integration.md
    ├── ADR-003-role-model.md
    └── ADR-004-credential-management.md

Documentation

  • Developer Guide — How to connect, available tools, example queries
  • Operator Runbook — Deploy, upgrade, rotate credentials, incident response
  • SLOs — Availability, latency, and alerting targets

Document Files

  • Word documents are consolidated in docs/docx.
  • Current files:
    • K8sCortex_Cloud_Testing_Publishing_Plan.docx
    • K8sCortex_Project_Plan.docx
    • K8sCortex_Project_Plan_v3.docx
    • K8sCortex_Project_Plan_v4.docx

License

Internal — Platform Engineering