Security-first release with MCP Authorization (RFC 9728) and kagent integration.
MCP Authorization (RFC 9728)
- OAuth 2.0 Protected Resource Metadata for enterprise security
- JWT verification via JWKS endpoints
- Enterprise IdP support: Okta, Auth0, Keycloak, Microsoft Entra ID, Google OAuth
- Fine-grained scopes for access control:
| Scope |
Description |
mcp:read |
Read-only operations |
mcp:write |
Write operations |
mcp:admin |
Administrative operations |
mcp:tools |
General tool access |
mcp:helm |
Helm operations |
mcp:diagnostics |
Diagnostic operations |
mcp:networking |
Network operations |
mcp:storage |
Storage operations |
mcp:security |
Security operations |
mcp:cost |
Cost analysis operations |
Environment Variables
MCP_AUTH_ENABLED=true
MCP_AUTH_ISSUER_URL=https://your-idp.com
MCP_AUTH_JWKS_URI=https://your-idp.com/.well-known/jwks.json
MCP_AUTH_AUDIENCE=kubectl-mcp-server
MCP_AUTH_REQUIRED_SCOPES=mcp:read,mcp:tools
kagent Integration
- ToolServer manifest for Kubernetes-native MCP server deployment
- Agent manifest for AI agent orchestration with kagent
- Deploy to Kubernetes with full MCP protocol support
Testing
- 167 tests passing (up from 138)
- Added 29 new auth module tests
- Comprehensive scope and JWT verification tests
Installation
# npm/npx
npx kubectl-mcp-server
# pip
pip install kubectl-mcp-tool==1.10.0
# Docker
docker pull rohitghumare64/kubectl-mcp-server:v1.10.0
