Skip to content

Kubernetes MCP Server

Deploy Kubernetes MCP Server inside a cluster to expose Kubernetes context to MCP clients.

Overview

The HelmForge chart uses the official ghcr.io/containers/kubernetes-mcp-server:v0.0.62 image and serves HTTP on port 8080. This workload is a control-plane bridge: its effective permissions are the Kubernetes RBAC permissions granted to its ServiceAccount.

Defaults are inspection-oriented:

  • mcp.readOnly=true
  • mcp.disableDestructive=true
  • mcp.stateless=true
  • mcp.clusterProvider=in-cluster
  • RBAC bound to the built-in view ClusterRole

Configuration Reference

Core runtime:

  • image.repository, image.tag, image.pullPolicy: official pinned Kubernetes MCP Server image.
  • imagePullSecrets: optional registry pull secrets.
  • replicaCount: HTTP MCP server replica count.
  • app.port: HTTP listen port.
  • app.command, app.args: optional command and argument overrides.
  • app.env, app.envFrom, app.extraEnv: additional environment and Secret or ConfigMap imports.
  • commonLabels, nameOverride, fullnameOverride: naming and common metadata controls.

MCP behavior and RBAC:

  • mcp.readOnly: default read-only operation.
  • mcp.disableDestructive: disables destructive tools by default.
  • mcp.allowUnsafeWriteAccess: explicit acknowledgement required for full write plus destructive mode.
  • mcp.stateless, mcp.clusterProvider, mcp.disableMultiCluster.
  • mcp.listOutput, mcp.toolsets, mcp.logLevel, mcp.configToml.
  • rbac.create, rbac.clusterRoleName: ServiceAccount RBAC binding. Default role is view.

Storage and scaling:

  • persistence.enabled: optional data volume. The server is stateless by default.
  • persistence.size, persistence.storageClass, persistence.accessModes: generated PVC settings.
  • persistence.existingClaim, persistence.mountPath: existing claim and mount path.
  • replicaCount > 1 with persistence requires ReadWriteMany or persistence.enabled=false.

Exposure and operations:

  • serviceAccount.create, serviceAccount.name, serviceAccount.annotations, serviceAccount.automountServiceAccountToken.
  • service.type, service.port, service.annotations, service.ipFamilyPolicy, service.ipFamilies.
  • ingress.enabled, ingress.ingressClassName, ingress.annotations, ingress.hosts, ingress.tls.
  • gateway.enabled, gateway.parentRefs, gateway.hostnames, gateway.path, gateway.pathType.
  • pdb.enabled, pdb.minAvailable.
  • networkPolicy.enabled, networkPolicy.ingressFrom.
  • probes.startup, probes.liveness, probes.readiness: enable flags and timing values.
  • resources, podSecurityContext, securityContext, nodeSelector, tolerations, affinity.
  • topologySpreadConstraints, priorityClassName, terminationGracePeriodSeconds.
  • podLabels, podAnnotations, extraVolumes, extraVolumeMounts, extraManifests.

Installation

helm repo add helmforge https://repo.helmforge.dev
helm repo update
helm install kubernetes-mcp-server helmforge/kubernetes-mcp-server

OCI install:

helm install kubernetes-mcp-server oci://ghcr.io/helmforgedev/helm/kubernetes-mcp-server

Safe Defaults

mcp:
  readOnly: true
  disableDestructive: true
  stateless: true
  clusterProvider: in-cluster
  toolsets:
    - core
    - config

rbac:
  create: true
  clusterRoleName: view

The chart blocks fully unsafe write mode unless mcp.allowUnsafeWriteAccess=true is set deliberately.

Config File

Use mcp.configToml for upstream TOML configuration when command-line flags are not enough:

mcp:
  configToml: |
    [server]
    listOutput = "table"

Exposure

Keep this service internal or place it behind a trusted identity-aware proxy:

ingress:
  enabled: true
  ingressClassName: traefik
  hosts:
    - host: kubernetes-mcp.example.com
      paths:
        - path: /
          pathType: Prefix

RBAC

Review RBAC before enabling write tools. For production, prefer a purpose-built ClusterRole over broad cluster-admin.

Additional Resources

Edit this page on GitHub