Merge branch 'main' into feat/update-deployment

Author: Flux159

ADVANCED_README.md

@@ -1,5 +1,49 @@
 # Advanced README for mcp-server-kubernetes
 
+### Non-Destructive Mode
+
+You can run the server in a non-destructive mode that disables all destructive operations (delete pods, delete deployments, delete namespaces, etc.) by setting the `ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS` environment variable to `true`:
+
+```shell
+ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS=true npx mcp-server-kubernetes
+```
+
+This feature is particularly useful for:
+
+- **Production environments**: Prevent accidental deletion or modification of critical resources
+- **Shared clusters**: Allow multiple users to safely explore the cluster without risk of disruption
+- **Educational settings**: Provide a safe environment for learning Kubernetes operations
+- **Demonstration purposes**: Show cluster state and resources without modification risk
+
+When enabled, the following destructive operations are disabled:
+
+- `delete_pod`: Deleting pods
+- `delete_deployment`: Deleting deployments
+- `delete_namespace`: Deleting namespaces
+- `uninstall_helm_chart`: Uninstalling Helm charts
+- `delete_cronjob`: Deleting cronjobs
+- `cleanup`: Cleaning up resources
+
+All read-only operations like listing resources, describing pods, getting logs, etc. remain fully functional.
+
+For Non destructive mode in Claude Desktop, you can specify the env var like this:
+
+```json
+{
+  "mcpServers": {
+    "kubernetes-readonly": {
+      "command": "npx",
+      "args": ["mcp-server-kubernetes"],
+      "env": {
+        "ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS": "true"
+      }
+    }
+  }
+}
+```
+
+### SSE Transport
+
 To enable [SSE transport](https://modelcontextprotocol.io/docs/concepts/transports#server-sent-events-sse) for mcp-server-kubernetes, use the ENABLE_UNSAFE_SSE_TRANSPORT environment variable.
 
 ```shell
@@ -35,6 +79,6 @@ If there's no error, you will receive an `event: message` response in the localh
 
 Note that normally a client would handle this for you. This is just a demonstration of how to use the SSE transport.
 
-## Why is it Unsafe?
+### Why is SSE Transport Unsafe?
 
 SSE transport exposes an http endpoint that can be accessed by anyone with the URL. This can be a security risk if the server is not properly secured. It is recommended to use a secure proxy server to proxy to the SSE endpoint. In addition, anyone with access to the URL will be able to utilize the authentication of your kubeconfig to make requests to your Kubernetes cluster. You should add logging to your proxy in order to monitor user requests to the SSE endpoint.

Dockerfile

@@ -14,7 +14,7 @@ RUN chmod 644 /etc/apt/sources.list.d/kubernetes.list
 RUN curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg
 RUN echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
 RUN apt-get update
-RUN apt-get install -y kubectl google-cloud-cli google-cloud-cli-gke-gcloud-auth-plugin
+RUN apt-get install -y kubectl google-cloud-cli google-cloud-cli-gke-gcloud-auth-plugin awscli
 
 # Build the typescript code
 FROM base AS dependencies

README.md

@@ -82,6 +82,7 @@ npx mcp-chat --config "%APPDATA%\Claude\claude_desktop_config.json"
 - [x] Get Kubernetes events from the cluster
 - [x] Port forward to a pod or service
 - [x] Create, list, and decribe cronjobs
+- [x] Non-destructive mode for read-only access to clusters
 
 ## Local Development
 
@@ -143,7 +144,9 @@ See the [CONTRIBUTING.md](CONTRIBUTING.md) file for details.
 
 ## Advanced
 
-For more advanced information like using SSE transport, see the [ADVANCED_README.md](ADVANCED_README.md).
+### Additional Advanced Features
+
+For more advanced information like using SSE transport, Non-destructive mode with `ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS`, see the [ADVANCED_README.md](ADVANCED_README.md).
 
 ## Architecture
 

bun.lockb

@@ -1,6 +1,6 @@
 {
   "name": "mcp-server-kubernetes",
-  "version": "1.3.0",
+  "version": "1.3.2",
   "description": "MCP server for interacting with Kubernetes clusters via kubectl",
   "license": "MIT",
   "type": "module",

package.json

@@ -32,7 +32,7 @@ import {
 } from "./tools/create_namespace.js";
 import { createPod, createPodSchema } from "./tools/create_pod.js";
 import { createCronJob, createCronJobSchema } from "./tools/create_cronjob.js";
-import { DeleteCronJob,DeleteCronJobSchema} from "./tools/delete_cronjob.js";
+import { DeleteCronJob, DeleteCronJobSchema } from "./tools/delete_cronjob.js";
 import { deletePod, deletePodSchema } from "./tools/delete_pod.js";
 import { describePod, describePodSchema } from "./tools/describe_pod.js";
 import { getLogs, getLogsSchema } from "./tools/get_logs.js";
@@ -62,13 +62,20 @@ import {
 } from "./tools/port_forward.js";
 import { deleteDeployment, deleteDeploymentSchema } from "./tools/delete_deployment.js";
 import { createDeployment } from "./tools/create_deployment.js";
-import {scaleDeployment,scaleDeploymentSchema} from "./tools/scale_deployment.js"
+import { scaleDeployment, scaleDeploymentSchema } from "./tools/scale_deployment.js"
 import {
   describeDeployment,
   describeDeploymentSchema,
 } from "./tools/describe_deployment.js";
-import {createConfigMap, CreateConfigMapSchema } from "./tools/create_configmap.js";
 import { updateDeployment, updateDeploymentSchema } from "./tools/update_deployment.js";
+import { createConfigMap, CreateConfigMapSchema } from "./tools/create_configmap.js";
+import { createService, createServiceSchema } from "./tools/create_service.js";
+import { listContexts, listContextsSchema } from "./tools/list_contexts.js";
+import { getCurrentContext, getCurrentContextSchema } from "./tools/get_current_context.js";
+import { setCurrentContext, setCurrentContextSchema } from "./tools/set_current_context.js";
+
+// Check if non-destructive tools only mode is enabled
+const nonDestructiveTools = process.env.ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS === 'true';
 
 const k8sManager = new KubernetesManager();
 
@@ -80,44 +87,64 @@ const server = new Server(
   serverConfig
 );
 
+// Define destructive tools (delete and uninstall operations)
+const destructiveTools = [
+  deletePodSchema,
+  deleteDeploymentSchema,
+  deleteNamespaceSchema,
+  uninstallHelmChartSchema,
+  DeleteCronJobSchema,
+  cleanupSchema, // Cleanup is also destructive as it deletes resources
+];
+
 // Tools handlers
 server.setRequestHandler(ListToolsRequestSchema, async () => {
-  return {
-    tools: [
-      cleanupSchema,
-      createDeploymentSchema,
-      createNamespaceSchema,
-      createPodSchema,
-      createCronJobSchema,
-      deletePodSchema,
-      deleteDeploymentSchema,
-      deleteNamespaceSchema,
-      describeCronJobSchema,
-      describePodSchema,
-      describeDeploymentSchema,
-      explainResourceSchema,
-      getEventsSchema,
-      getJobLogsSchema,
-      getLogsSchema,
-      installHelmChartSchema,
-      listApiResourcesSchema,
-      listCronJobsSchema,
-      listDeploymentsSchema,
-      listJobsSchema,
-      listNamespacesSchema,
-      listNodesSchema,
-      listPodsSchema,
-      listServicesSchema,
-      updateDeploymentSchema,
-      uninstallHelmChartSchema,
-      upgradeHelmChartSchema,
-      PortForwardSchema,
-      StopPortForwardSchema,
-      scaleDeploymentSchema,
-      DeleteCronJobSchema,
-      CreateConfigMapSchema,
-    ],
-  };
+  // Get all available tools
+  const allTools = [
+    cleanupSchema,
+    createDeploymentSchema,
+    createNamespaceSchema,
+    createPodSchema,
+    createCronJobSchema,
+    createServiceSchema,
+    deletePodSchema,
+    deleteDeploymentSchema,
+    deleteNamespaceSchema,
+    describeCronJobSchema,
+    describePodSchema,
+    describeDeploymentSchema,
+    explainResourceSchema,
+    getEventsSchema,
+    getJobLogsSchema,
+    getLogsSchema,
+    installHelmChartSchema,
+    listApiResourcesSchema,
+    listCronJobsSchema,
+    listContextsSchema,
+    getCurrentContextSchema,
+    setCurrentContextSchema,
+    listDeploymentsSchema,
+    listJobsSchema,
+    listNamespacesSchema,
+    listNodesSchema,
+    listPodsSchema,
+    listServicesSchema,
+    uninstallHelmChartSchema,
+    updateDeploymentSchema,
+    upgradeHelmChartSchema,
+    PortForwardSchema,
+    StopPortForwardSchema,
+    scaleDeploymentSchema,
+    DeleteCronJobSchema,
+    CreateConfigMapSchema,
+  ];
+
+  // Filter out destructive tools if ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS is set to 'true'
+  const tools = nonDestructiveTools
+    ? allTools.filter(tool => !destructiveTools.some(dt => dt.name === tool.name))
+    : allTools;
+
+  return { tools };
 });
 
 server.setRequestHandler(
@@ -183,12 +210,12 @@ server.setRequestHandler(
           );
         }
 
-        case "delete_cronjob" : {
+        case "delete_cronjob": {
           return await DeleteCronJob(
             k8sManager,
             input as {
-              name : string;
-              namespace : string
+              name: string;
+              namespace: string
             }
           );
         }
@@ -323,6 +350,27 @@ server.setRequestHandler(
           );
         }
 
+        case "list_contexts": {
+          return await listContexts(
+            k8sManager,
+            input as { showCurrent?: boolean }
+          );
+        }
+
+        case "get_current_context": {
+          return await getCurrentContext(
+            k8sManager,
+            input as { detailed?: boolean }
+          );
+        }
+
+        case "set_current_context": {
+          return await setCurrentContext(
+            k8sManager,
+            input as { name: string }
+          );
+        }
+
         case "describe_cronjob": {
           return await describeCronJob(
             k8sManager,
@@ -453,25 +501,44 @@ server.setRequestHandler(
             }
           );
         }
-        
-        case "scale_deployment" : {
+
+        case "scale_deployment": {
           return await scaleDeployment(
             k8sManager,
             input as {
-              name : string,
-              namespace : string,
-              replicas : number
+              name: string,
+              namespace: string,
+              replicas: number
             }
           );
         }
 
-        case "create_configmap" : {
+        case "create_configmap": {
           return await createConfigMap(
             k8sManager,
             input as {
-              name : string,
-              namespace : string,
-              data : Record<string, string>
+              name: string,
+              namespace: string,
+              data: Record<string, string>
+            }
+          );
+        }
+
+        case "create_service": {
+          return await createService(
+            k8sManager,
+            input as {
+              name: string;
+              namespace?: string;
+              type?: "ClusterIP" | "NodePort" | "LoadBalancer";
+              selector?: Record<string, string>;
+              ports: Array<{
+                port: number;
+                targetPort?: number;
+                protocol?: string;
+                name?: string;
+                nodePort?: number;
+              }>;
             }
           );
         }

src/index.ts

@@ -116,4 +116,15 @@ export const CreateConfigMapResponseSchema = z.object({
       message: z.string(),
     })
   ),
-});
+});
+
+export const ListContextsResponseSchema = z.object({
+  content: z.array(ToolResponseContent),
+});
+
+export const GetCurrentContextResponseSchema = z.object({
+  content: z.array(ToolResponseContent),
+});
+export const SetCurrentContextResponseSchema = z.object({
+  content: z.array(ToolResponseContent),
+});

src/models/response-schemas.ts

@@ -43,7 +43,7 @@ export async function createNamespace(
           type: "text",
           text: JSON.stringify(
             {
-              podName: response.body.metadata!.name!,
+              namespaceName: response.body.metadata!.name!,
               status: "created",
             },
             null,