Back to MCP Trust Indexm8ven
31
grade F
2 days ago
npm

mcp-server-kubernetes

MCP server for interacting with Kubernetes clusters via kubectl

Flux159/mcp-server-kubernetes· npm: mcp-server-kubernetes· listed on npm

Install from

npmnpmmcp.so

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
⚠️
Tests do not pass
Either the test suite is broken or the code regressed. Either way the published behaviour can’t be verified by the publisher’s own tests.
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 2 credentials: K8S_TOKEN, MCP_AUTH_TOKEN
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configALLOWED_TOOLS"kubectl_get,kubectl_describe" npx mcp-server-kubernetes
configALLOW_ONLY_NON_DESTRUCTIVE_TOOLStrue npx mcp-server-kubernetes
configALLOW_ONLY_READONLY_TOOLStrue npx mcp-server-kubernetes
configDNS_REBINDING_ALLOWED_HOSTTo enable DNS Rebinding protection if running locally, you should use DNS_REBINDING_PROTECTION and optionally (defaults to 127.0.0.1):
configDNS_REBINDING_PROTECTIONTo enable DNS Rebinding protection if running locally, you should use and optionally DNS_REBINDING_ALLOWED_HOST (defaults to 127.0.0.1):
configENABLE_TELEMETRY
configENABLE_UNSAFE_SSE_TRANSPORTTo enable [SSE transport](https://modelcontextprotocol.io/docs/concepts/transports#server-sent-events-sse) for mcp-server-kubernetes, use the environment variable.
configENABLE_UNSAFE_STREAMABLE_HTTP_TRANSPORTTo enable [Streamable HTTP transport](https://modelcontextprotocol.io/specification/2025-06-18/basic/transports#streamable-http) for mcp-server-kubernetes, use the environment variable.
configHOSTENABLE_UNSAFE_STREAMABLE_HTTP_TRANSPORT=1 PORT=3001 =0.0.0.0 npx flux159/mcp-server-kubernetes
configK8S_CA_DATAexport ='LS0tLS1CRUdJTi...' # optional, base64-encoded CA certificate
configK8S_CONTEXTexport ='my-specific-context' # Override kubeconfig context
configK8S_NAMESPACEexport ='my-namespace' # Override default namespace
configK8S_SERVER3. + K8S_TOKEN – Minimal env-based config
configK8S_SKIP_TLS_VERIFYexport ='false' # optional, defaults to false
🔐 secretK8S_TOKEN3. K8S_SERVER + – Minimal env-based config
configKUBECONFIG6. – Standard kubeconfig env var
configKUBECONFIG_JSON2. – Full config as JSON string
configKUBECONFIG_PATH5. – Custom kubeconfig file path
configKUBECONFIG_YAML1. – Full config as YAML string
configMASK_SECRETSfalse npx mcp-server-kubernetes
🔐 secretMCP_AUTH_TOKENmy-secret-token ENABLE_UNSAFE_STREAMABLE_HTTP_TRANSPORT=1 npx mcp-server-kubernetes
configOTEL_CAPTURE_RESPONSE_METADATA
configOTEL_EXPORTER_OTLP_ENDPOINT
configOTEL_RESOURCE_ATTRIBUTES
configOTEL_SERVICE_NAME
configOTEL_SERVICE_VERSION
configOTEL_TRACES_SAMPLER
configOTEL_TRACES_SAMPLER_ARG
configPORTENABLE_UNSAFE_STREAMABLE_HTTP_TRANSPORT=1 =3001 HOST=0.0.0.0 npx flux159/mcp-server-kubernetes
configSPAWN_MAX_BUFFER"": "5242880" // 5MB = 102410245. Default is 1MB in Node.js
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 1 concrete improvement we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/mcp-server-kubernetes-05n7al)](https://m8ven.ai/mcp/mcp-server-kubernetes-05n7al)
commit: fc02c20487916165dfc9e9f583ec92a4a4490f81
code hash: 59810c14bf159a6ce274ed4a89b890bcfb07d6a62d7d09a6657fe033297119a6
verified: 4/18/2026, 3:54:26 PM
view raw JSON →