Gives Claude read-only access to your Kubernetes clusters through kubectl-style operations: list resources, describe objects, tail logs, check events, and pull metrics from metrics-server. Built in Go over stdio. Secrets are automatically masked before they reach the model, and the server locks to whatever kubeconfig context is active at startup, so prompt injection can't make Claude pivot to production. Responses are token-efficient, returning only diagnostic fields instead of full API objects. When Claude wants to mutate something, it prints the kubectl command for you to run manually. If you troubleshoot Kubernetes incidents with an AI and want guardrails that work even when you're tired, this handles the inspection layer safely.
claude mcp add --transport stdio your-ko-mcp-k8s-ro -- docker run -i --rm ghcr.io/your-ko/mcp-k8s-ro:1.0.5