mcp-server-kubernetes 2.9.7 → 2.9.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +8 -0
- package/dist/index.d.ts +3 -12
- package/dist/tools/exec_in_pod.d.ts +12 -16
- package/dist/tools/exec_in_pod.js +24 -21
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -128,6 +128,14 @@ Windows:
|
|
|
128
128
|
npx mcp-chat --config "%APPDATA%\Claude\claude_desktop_config.json"
|
|
129
129
|
```
|
|
130
130
|
|
|
131
|
+
## Gemini CLI
|
|
132
|
+
|
|
133
|
+
[Gemini CLI](https://geminicli.com/) allows you to install mcp servers as extensions. From a shell, install the extension by pointing to this repo:
|
|
134
|
+
|
|
135
|
+
```shell
|
|
136
|
+
gemini extensions install https://github.com/Flux159/mcp-server-kubernetes
|
|
137
|
+
```
|
|
138
|
+
|
|
131
139
|
## Features
|
|
132
140
|
|
|
133
141
|
- [x] Connect to a Kubernetes cluster
|
package/dist/index.d.ts
CHANGED
|
@@ -358,25 +358,16 @@ declare const allTools: ({
|
|
|
358
358
|
default: string;
|
|
359
359
|
};
|
|
360
360
|
command: {
|
|
361
|
-
|
|
362
|
-
|
|
363
|
-
items?: undefined;
|
|
364
|
-
} | {
|
|
361
|
+
type: string;
|
|
362
|
+
items: {
|
|
365
363
|
type: string;
|
|
366
|
-
|
|
367
|
-
type: string;
|
|
368
|
-
};
|
|
369
|
-
})[];
|
|
364
|
+
};
|
|
370
365
|
description: string;
|
|
371
366
|
};
|
|
372
367
|
container: {
|
|
373
368
|
type: string;
|
|
374
369
|
description: string;
|
|
375
370
|
};
|
|
376
|
-
shell: {
|
|
377
|
-
type: string;
|
|
378
|
-
description: string;
|
|
379
|
-
};
|
|
380
371
|
timeout: {
|
|
381
372
|
type: string;
|
|
382
373
|
description: string;
|
|
@@ -2,14 +2,17 @@
|
|
|
2
2
|
* Tool: exec_in_pod
|
|
3
3
|
* Execute a command in a Kubernetes pod or container and return the output.
|
|
4
4
|
* Uses the official Kubernetes client-node Exec API for native execution.
|
|
5
|
-
*
|
|
5
|
+
*
|
|
6
|
+
* SECURITY: Only accepts commands as an array of strings. This prevents command
|
|
7
|
+
* injection attacks by executing directly without shell interpretation.
|
|
8
|
+
* Shell operators (pipes, redirects, etc.) are intentionally not supported.
|
|
6
9
|
*/
|
|
7
10
|
import { KubernetesManager } from "../types.js";
|
|
8
11
|
/**
|
|
9
12
|
* Schema for exec_in_pod tool.
|
|
10
13
|
* - name: Pod name
|
|
11
14
|
* - namespace: Namespace (default: "default")
|
|
12
|
-
* - command: Command to execute
|
|
15
|
+
* - command: Command to execute as array of strings (e.g. ["ls", "-la"])
|
|
13
16
|
* - container: (Optional) Container name
|
|
14
17
|
*/
|
|
15
18
|
export declare const execInPodSchema: {
|
|
@@ -28,25 +31,16 @@ export declare const execInPodSchema: {
|
|
|
28
31
|
default: string;
|
|
29
32
|
};
|
|
30
33
|
command: {
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
items?: undefined;
|
|
34
|
-
} | {
|
|
34
|
+
type: string;
|
|
35
|
+
items: {
|
|
35
36
|
type: string;
|
|
36
|
-
|
|
37
|
-
type: string;
|
|
38
|
-
};
|
|
39
|
-
})[];
|
|
37
|
+
};
|
|
40
38
|
description: string;
|
|
41
39
|
};
|
|
42
40
|
container: {
|
|
43
41
|
type: string;
|
|
44
42
|
description: string;
|
|
45
43
|
};
|
|
46
|
-
shell: {
|
|
47
|
-
type: string;
|
|
48
|
-
description: string;
|
|
49
|
-
};
|
|
50
44
|
timeout: {
|
|
51
45
|
type: string;
|
|
52
46
|
description: string;
|
|
@@ -64,13 +58,15 @@ export declare const execInPodSchema: {
|
|
|
64
58
|
* Execute a command in a Kubernetes pod or container using the Kubernetes client-node Exec API.
|
|
65
59
|
* Returns the stdout output as a text response.
|
|
66
60
|
* Throws McpError on failure.
|
|
61
|
+
*
|
|
62
|
+
* SECURITY: Command must be an array of strings. This executes directly via the
|
|
63
|
+
* Kubernetes exec API without shell interpretation, preventing command injection.
|
|
67
64
|
*/
|
|
68
65
|
export declare function execInPod(k8sManager: KubernetesManager, input: {
|
|
69
66
|
name: string;
|
|
70
67
|
namespace?: string;
|
|
71
|
-
command: string
|
|
68
|
+
command: string[];
|
|
72
69
|
container?: string;
|
|
73
|
-
shell?: string;
|
|
74
70
|
timeout?: number;
|
|
75
71
|
context?: string;
|
|
76
72
|
}): Promise<{
|
|
@@ -2,7 +2,10 @@
|
|
|
2
2
|
* Tool: exec_in_pod
|
|
3
3
|
* Execute a command in a Kubernetes pod or container and return the output.
|
|
4
4
|
* Uses the official Kubernetes client-node Exec API for native execution.
|
|
5
|
-
*
|
|
5
|
+
*
|
|
6
|
+
* SECURITY: Only accepts commands as an array of strings. This prevents command
|
|
7
|
+
* injection attacks by executing directly without shell interpretation.
|
|
8
|
+
* Shell operators (pipes, redirects, etc.) are intentionally not supported.
|
|
6
9
|
*/
|
|
7
10
|
import * as k8s from "@kubernetes/client-node";
|
|
8
11
|
import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
|
|
@@ -12,12 +15,12 @@ import { contextParameter, namespaceParameter } from "../models/common-parameter
|
|
|
12
15
|
* Schema for exec_in_pod tool.
|
|
13
16
|
* - name: Pod name
|
|
14
17
|
* - namespace: Namespace (default: "default")
|
|
15
|
-
* - command: Command to execute
|
|
18
|
+
* - command: Command to execute as array of strings (e.g. ["ls", "-la"])
|
|
16
19
|
* - container: (Optional) Container name
|
|
17
20
|
*/
|
|
18
21
|
export const execInPodSchema = {
|
|
19
22
|
name: "exec_in_pod",
|
|
20
|
-
description: "Execute a command in a Kubernetes pod or container and return the output",
|
|
23
|
+
description: "Execute a command in a Kubernetes pod or container and return the output. Command must be an array of strings where the first element is the executable and remaining elements are arguments. This executes directly without shell interpretation for security.",
|
|
21
24
|
inputSchema: {
|
|
22
25
|
type: "object",
|
|
23
26
|
properties: {
|
|
@@ -27,20 +30,14 @@ export const execInPodSchema = {
|
|
|
27
30
|
},
|
|
28
31
|
namespace: namespaceParameter,
|
|
29
32
|
command: {
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
],
|
|
34
|
-
description: "Command to execute in the pod (string or array of args)",
|
|
33
|
+
type: "array",
|
|
34
|
+
items: { type: "string" },
|
|
35
|
+
description: "Command to execute as an array of strings (e.g. [\"ls\", \"-la\", \"/app\"]). First element is the executable, remaining are arguments. Shell operators like pipes, redirects, or command chaining are not supported - use explicit array format for security.",
|
|
35
36
|
},
|
|
36
37
|
container: {
|
|
37
38
|
type: "string",
|
|
38
39
|
description: "Container name (required when pod has multiple containers)",
|
|
39
40
|
},
|
|
40
|
-
shell: {
|
|
41
|
-
type: "string",
|
|
42
|
-
description: "Shell to use for command execution (e.g. '/bin/sh', '/bin/bash'). If not provided, will use command as-is.",
|
|
43
|
-
},
|
|
44
41
|
timeout: {
|
|
45
42
|
type: "number",
|
|
46
43
|
description: "Timeout for command - 60000 milliseconds if not specified",
|
|
@@ -54,20 +51,26 @@ export const execInPodSchema = {
|
|
|
54
51
|
* Execute a command in a Kubernetes pod or container using the Kubernetes client-node Exec API.
|
|
55
52
|
* Returns the stdout output as a text response.
|
|
56
53
|
* Throws McpError on failure.
|
|
54
|
+
*
|
|
55
|
+
* SECURITY: Command must be an array of strings. This executes directly via the
|
|
56
|
+
* Kubernetes exec API without shell interpretation, preventing command injection.
|
|
57
57
|
*/
|
|
58
58
|
export async function execInPod(k8sManager, input) {
|
|
59
59
|
const namespace = input.namespace || "default";
|
|
60
|
-
//
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
commandArr = input.command;
|
|
60
|
+
// Validate command is an array (defense in depth - schema should enforce this)
|
|
61
|
+
if (!Array.isArray(input.command)) {
|
|
62
|
+
throw new McpError(ErrorCode.InvalidParams, "Command must be an array of strings (e.g. [\"ls\", \"-la\"]). String commands are not supported for security reasons.");
|
|
64
63
|
}
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
64
|
+
if (input.command.length === 0) {
|
|
65
|
+
throw new McpError(ErrorCode.InvalidParams, "Command array cannot be empty");
|
|
66
|
+
}
|
|
67
|
+
// Validate all elements are strings
|
|
68
|
+
for (let i = 0; i < input.command.length; i++) {
|
|
69
|
+
if (typeof input.command[i] !== "string") {
|
|
70
|
+
throw new McpError(ErrorCode.InvalidParams, `Command array element at index ${i} must be a string`);
|
|
71
|
+
}
|
|
70
72
|
}
|
|
73
|
+
const commandArr = input.command;
|
|
71
74
|
// Prepare buffers to capture stdout and stderr
|
|
72
75
|
let stdout = "";
|
|
73
76
|
let stderr = "";
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "mcp-server-kubernetes",
|
|
3
|
-
"version": "2.9.
|
|
3
|
+
"version": "2.9.9",
|
|
4
4
|
"description": "MCP server for interacting with Kubernetes clusters via kubectl",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"type": "module",
|
|
@@ -40,7 +40,7 @@
|
|
|
40
40
|
"@kubernetes/client-node": "1.3.0",
|
|
41
41
|
"@modelcontextprotocol/sdk": "1.17.0",
|
|
42
42
|
"express": "4.21.2",
|
|
43
|
-
"js-yaml": "4.1.
|
|
43
|
+
"js-yaml": "4.1.1",
|
|
44
44
|
"yaml": "2.7.0",
|
|
45
45
|
"zod": "3.23.8"
|
|
46
46
|
},
|