// MCP TOOL REFERENCE

KUBERNETES TOOLS

45 tools from the Kubernetes MCP Server, categorised by risk level.

View the Kubernetes policy →
// ALL 45 KUBERNETES TOOLS
READ 29 tools
Read configuration_contexts_list List all available context names and associated server urls from the kubeconfig file Read configuration_view Get the current Kubernetes configuration content as a kubeconfig YAML Read events_list List Kubernetes events (warnings, errors, state changes) for debugging and troubleshooting in the current c... Read helm_list List all the Helm releases in the current or provided namespace (or in all namespaces if specified) Read kcp_workspace_describe Get detailed information about a specific kcp workspace Read kcp_workspaces_list List all available kcp workspaces in the current cluster Read kiali_get_logs Get the logs of a Kubernetes Pod (or workload name that will be resolved to a pod) in a namespace. Output i... Read kiali_get_mesh_status Retrieves the high-level health, topology, and environment details of the Istio service mesh. Returns multi... Read kiali_get_mesh_traffic_graph Returns service-to-service traffic topology, dependencies, and network metrics (throughput, response time, ... Read kiali_get_metrics Returns a compact JSON summary of Istio metrics (latency quantiles, traffic trends, throughput, payload siz... Read kiali_get_pod_performance Returns a human-readable text summary with current Pod CPU/memory usage (from Prometheus) compared to Kuber... Read kiali_get_resource_details Fetches a list of resources OR retrieves detailed data for a specific resource. If 'resourceName' is omitte... Read kiali_get_trace_details Fetches a single distributed trace by trace_id and returns its call hierarchy (service tree with duration, ... Read kiali_list_traces Lists distributed traces for a service in a namespace. Returns a summary (namespace, service, total_found, ... Read namespaces_list List all the Kubernetes namespaces in the current cluster Read nodes_log Get logs from a Kubernetes node (kubelet, kube-proxy, or other system logs). This accesses node logs throug... Read nodes_stats_summary Get detailed resource usage statistics from a Kubernetes node via the kubelet's Summary API. Provides compr... Read nodes_top List the resource consumption (CPU and memory) as recorded by the Kubernetes Metrics Server for the specifi... Read pods_get Get a Kubernetes Pod in the current or provided namespace with the provided name Read pods_list List all the Kubernetes pods in the current cluster from all namespaces Read pods_list_in_namespace List all the Kubernetes pods in the specified namespace in the current cluster Read pods_log Get the logs of a Kubernetes Pod in the current or provided namespace with the provided name Read pods_top List the resource consumption (CPU and memory) as recorded by the Kubernetes Metrics Server for the specifi... Read projects_list List all the OpenShift projects in the current cluster Read resources_get Get a Kubernetes resource in the current cluster by providing its apiVersion, kind, optionally the namespac... Read resources_list List Kubernetes resources and objects in the current cluster by providing their apiVersion and kind and opt... Read targets_list List all available targets Read tekton_taskrun_logs Get the logs from a Tekton TaskRun by resolving its underlying pod Read vm_clone Clone a KubeVirt VirtualMachine by creating a VirtualMachineClone resource. This creates a copy of the sour...
WRITE 5 tools
Write helm_install Install (deploy) a Helm chart to create a release in the current or provided namespace Write kiali_manage_istio_config Create, patch, or delete Istio config. For list and get (read-only) use manage_istio_config_read. Write kiali_manage_istio_config_read Read-only Istio config: list or get objects. For action 'list', returns an array of objects with {name, nam... Write resources_create_or_update Create or update a Kubernetes resource in the current cluster by providing a YAML or JSON representation of... Write vm_create Create a VirtualMachine in the cluster with the specified configuration, automatically resolving instance t...
DESTRUCTIVE 3 tools
Destructive helm_uninstall Uninstall a Helm release in the current or provided namespace Destructive pods_delete Delete a Kubernetes Pod in the current or provided namespace with the provided name Destructive resources_delete Delete a Kubernetes resource in the current cluster by providing its apiVersion, kind, optionally the names...
EXECUTE 8 tools
Execute pods_exec Execute a command in a Kubernetes Pod (shell access, run commands in container) in the current or provided ... Execute pods_run Run a Kubernetes Pod in the current or provided namespace with the provided container image and optional name Execute resources_scale Get or update the scale of a Kubernetes resource in the current cluster by providing its apiVersion, kind, ... Execute tekton_pipeline_start Start a Tekton Pipeline by creating a PipelineRun that references it Execute tekton_pipelinerun_restart Restart a Tekton PipelineRun by creating a new PipelineRun with the same spec Execute tekton_task_start Start a Tekton Task by creating a TaskRun that references it Execute tekton_taskrun_restart Restart a Tekton TaskRun by creating a new TaskRun with the same spec Execute vm_lifecycle Manage VirtualMachine lifecycle: start, stop, or restart a VM
// RUNNING THIS SERVER

The managed route: connect Kubernetes through the PolicyLayer gateway — every tool call above is checked against your policy before it runs, with a full audit log.

DIRECT INSTALL (UNMANAGED) npx -y kubernetes-mcp-server
// FAQ
How many tools does the Kubernetes MCP server have? +

The Kubernetes MCP server exposes 45 tools across 4 categories: Read, Write, Destructive, Execute.

How do I enforce policies on Kubernetes tools? +

Route the Kubernetes server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard — they are enforced on every call before it reaches the server.

What risk categories do Kubernetes tools fall into? +

Kubernetes tools are categorised as Read (29), Write (5), Destructive (3), Execute (8). Each category has a recommended default policy.

Let agents act without letting them run wild.

Route your MCP servers through PolicyLayer and every tool call is checked against your policy before it runs — allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

SECURE YOUR MCP →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.