Changes
Security Fixes
- Fixed
os.system() command injection in networking.py port-forward — replaced with subprocess.Popen using list args
- Fixed temp file leak in
kubectl_apply — wrapped os.unlink in try/finally
- Fixed
command.split() in kind_node_exec — replaced with shlex.split()
- Added non-destructive guard to
exec_in_pod and port_forward
- Restricted
kubectl_generic allowlist — config limited to safe subcommands, auth limited to can-i
- Fixed hardcoded version string in HTTP handler
DRY Consolidation
- Consolidated
_get_kubectl_context_args from 10 duplicate implementations to single source in k8s_config.py
- Extracted shared Helm repo add/update helper
- Created
_cli_utils.py with cached CLI availability checks and common subprocess runner
- Standardized non-destructive mode patterns across all tool files
Dead Code Removal
- Removed unused imports across 7 files
- Removed unused
check_safety_mode decorator and is_operation_allowed function from safety.py
- Removed auto-pip-install antipattern from
mcp_server.py
Code Quality
- Fixed bare
except: clauses in networking.py and cost.py
- Fixed
None values in pod recommendations list
- Proper exception chaining with
from err in FastMCP import
- Updated test suite: 469 tests passing
Install
pip install kubectl-mcp-server==1.23.1
# or
npx kubectl-mcp-server@1.23.1
