Add exec_in_pod tool for command execution in Kubernetes pods

.gitignore

@@ -134,3 +134,7 @@ dist
 .yarn/build-state.yml
 .yarn/install-state.gz
 .pnp.*
+
+# Ignore editor-specific directories and files
+.cursor/
+.vscode/

ADVANCED_README.md

@@ -200,7 +200,83 @@ Complete Example
 Assuming your image name is flux159/mcp-server-kubernetes and you need to map ports and set environment parameters, you can run:
 
 ```shell
-docker  run --rm -it -p 3001:3001 -e ENABLE_UNSAFE_SSE_TRANSPORT=1  -e PORT=3001   -v ~/.kube/config:/home/appuser/.kube/config   flux159/mcp-server-kubernetes
+docker  run --rm -it -p 3001:3001 -e ENABLE_UNSAFE_SSE_TRANSPORT=1  -e PORT=3001   -v ~/.kube/config:/home/appuser/.kube/config   flux159/mcp-server-kubernetes:latest
+```
+
+## Advance Docker Usage
+
+### Connect to AWS EKS Cluster
+
+```json
+{
+  "mcpServers": {
+    "kubernetes": {
+      "command": "docker",
+      "args": [
+        "run",
+        "-i",
+        "--rm",
+        "-v",
+        "~/.kube:/home/appuser/.kube:ro",
+        "-v",
+        "~/.aws:/home/appuser/.aws:ro",
+        "-e",
+        "AWS_PROFILE=default",
+        "-e",
+        "AWS_REGION=us-west-2",
+        "flux159/mcp-server-kubernetes:latest"
+      ]
+    }
+  }
+}
+```
+
+### Connect to Google GKE Clusters
+
+```json
+{
+  "mcpServers": {
+    "kubernetes": {
+      "command": "docker",
+      "args": [
+        "run",
+        "-i",
+        "--rm",
+        "-v",
+        "~/.kube:/home/appuser/.kube:ro",
+        "-v",
+        "~/.config/gcloud:/home/appuser/.config/gcloud:ro",
+        "-e",
+        "CLOUDSDK_CORE_PROJECT=my-gcp-project",
+        "-e",
+        "CLOUDSDK_COMPUTE_REGION=us-central1",
+        "flux159/mcp-server-kubernetes:latest"
+      ]
+    }
+  }
+}
+```
+
+### Connect to Azure AKS Clusters
+
+```json
+{
+  "mcpServers": {
+    "kubernetes": {
+      "command": "docker",
+      "args": [
+        "run",
+        "-i",
+        "--rm",
+        "-v",
+        "~/.kube:/home/appuser/.kube:ro",
+        "-e",
+        "AZURE_SUBSCRIPTION=my-subscription-id",
+        "flux159/mcp-server-kubernetes:latest"
+      ]
+    }
+  }
+}
 ```
 
 ⚠️ Key safety considerations

CLAUDE.md

@@ -0,0 +1,90 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Development Commands
+
+### Build and Development
+
+- `bun run build` - Compile TypeScript to dist/ and make executables
+- `bun run dev` - Start TypeScript compiler in watch mode for development
+- `bun run start` - Run the compiled server from dist/index.js
+- `bun run test` - Run all tests using Vitest
+
+### Testing and Quality
+
+- `bun run test` - Execute the complete test suite with custom sequencer (kubectl tests run last)
+- Tests have 120s timeout and 60s hook timeout due to Kubernetes operations
+- Use `npx @modelcontextprotocol/inspector node dist/index.js` for local testing with Inspector
+- Always run single test based on with area you are working on. running all tests will take a long time.
+
+### Local Development Testing
+
+- `bun run chat` - Test locally with mcp-chat CLI client
+- For Claude Desktop testing, point to local `dist/index.js` build
+
+## Architecture Overview
+
+This is an MCP (Model Context Protocol) server that provides Kubernetes cluster management capabilities. The server connects to Kubernetes clusters via kubectl and offers both read-only and destructive operations.
+
+### Core Components
+
+**KubernetesManager** (`src/utils/kubernetes-manager.ts`): Central class managing Kubernetes API connections, resource tracking, port forwards, and watches. Handles kubeconfig loading from multiple sources in priority order.
+
+**Tool Structure**: Each Kubernetes operation is implemented as a separate tool in `src/tools/`, with corresponding Zod schemas for validation. Tools are divided into:
+
+- kubectl operations (get, describe, apply, delete, create, etc.)
+- Helm operations (install, upgrade, uninstall charts)
+- Specialized operations (port forwarding, scaling, rollouts)
+
+**Resource Handlers** (`src/resources/handlers.ts`): Manage MCP resource endpoints for dynamic data retrieval.
+
+**Configuration System** (`src/config/`): Contains schemas and templates for deployments, namespaces, containers, and cleanup operations.
+
+### Key Architecture Patterns
+
+- **Tool Filtering**: Non-destructive mode dynamically removes destructive tools based on `ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS` environment variable
+- **Unified kubectl API**: Consistent interface across all kubectl operations with standardized error handling
+- **Resource Tracking**: All created resources are tracked for cleanup capabilities
+- **Transport Flexibility**: Supports both StdioTransport and SSE transport for different integration scenarios
+
+### Request Flow
+
+1. Client sends MCP request via transport layer
+2. Server filters available tools based on destructive/non-destructive mode
+3. Request routed to appropriate handler (tools/resources)
+4. KubernetesManager executes Kubernetes API calls
+5. Responses formatted and returned through transport
+
+## Development Guidelines
+
+### Adding New Tools
+
+- Create new tool file in `src/tools/` with Zod schema export
+- Import and register in `src/index.ts` main server setup
+- Add to destructive/non-destructive filtering logic as appropriate
+- Include comprehensive error handling for Kubernetes API failures
+
+### Testing Strategy
+
+- Unit tests focus on tool functionality and schema validation
+- Integration tests verify actual Kubernetes operations
+- Custom test sequencer ensures kubectl tests run last (they modify cluster state)
+- Tests require active Kubernetes cluster connection
+
+### Configuration Handling
+
+- Server loads kubeconfig from multiple sources: KUBECONFIG_YAML env var, KUBECONFIG path, or ~/.kube/config
+- Supports multiple kubectl contexts with context switching capabilities
+- Environment variables control server behavior (non-destructive mode, custom kubeconfig paths)
+
+## Kubernetes Integration Details
+
+The server requires:
+
+- kubectl installed and accessible in PATH
+- Valid kubeconfig with configured contexts
+- Active Kubernetes cluster connection
+- Helm v3 for chart operations (optional)
+
+**Non-destructive mode** disables: kubectl_delete, uninstall_helm_chart, cleanup operations, and kubectl_generic (which could contain destructive commands).

README.md

@@ -71,7 +71,7 @@ npx mcp-chat --config "%APPDATA%\Claude\claude_desktop_config.json"
 - [x] Unified kubectl API for managing resources
   - Get or list resources with `kubectl_get`
   - Describe resources with `kubectl_describe`
-  - List resources with `kubectl_list`
+  - List resources with `kubectl_get`
   - Create resources with `kubectl_create`
   - Apply YAML manifests with `kubectl_apply`
   - Delete resources with `kubectl_delete`
@@ -89,15 +89,15 @@ npx mcp-chat --config "%APPDATA%\Claude\claude_desktop_config.json"
   - Run Helm operations
     - Install, upgrade, and uninstall charts
     - Support for custom values, repositories, and versions
-- [x] Troubleshooting Prompt (`k8s-troubleshoot`)
+- [x] Troubleshooting Prompt (`k8s-diagnose`)
   - Guides through a systematic Kubernetes troubleshooting flow for pods based on a keyword and optional namespace.
 - [x] Non-destructive mode for read and create/update-only access to clusters
 
 ## Prompts
 
-The MCP Kubernetes server includes specialized prompts to assist with common operations.
+The MCP Kubernetes server includes specialized prompts to assist with common diagnostic operations.
 
-### k8s-troubleshoot Prompt
+### k8s-diagnose Prompt
 
 This prompt provides a systematic troubleshooting flow for Kubernetes pods. It accepts a `keyword` to identify relevant pods and an optional `namespace` to narrow the search.
 The prompt's output will guide you through an autonomous troubleshooting flow, providing instructions for identifying issues, collecting evidence, and suggesting remediation steps.
@@ -192,7 +192,7 @@ For Claude Desktop configuration with non-destructive mode:
 
 All read-only and resource creation/update operations remain available:
 
-- Resource Information: `kubectl_get`, `kubectl_describe`, `kubectl_list`, `kubectl_logs`, `explain_resource`, `list_api_resources`
+- Resource Information: `kubectl_get`, `kubectl_describe`, `kubectl_logs`, `explain_resource`, `list_api_resources`
 - Resource Creation/Modification: `kubectl_apply`, `kubectl_create`, `kubectl_scale`, `kubectl_patch`, `kubectl_rollout`
 - Helm Operations: `install_helm_chart`, `upgrade_helm_chart`
 - Connectivity: `port_forward`, `stop_port_forward`

src/index.ts

@@ -15,6 +15,7 @@ import {
   listApiResources,
   listApiResourcesSchema,
 } from "./tools/kubectl-operations.js";
+import { execInPod, execInPodSchema } from "./tools/exec_in_pod.js";
 import { getResourceHandlers } from "./resources/handlers.js";
 import {
   ListResourcesRequestSchema,
@@ -44,7 +45,6 @@ import {
   kubectlDescribe,
   kubectlDescribeSchema,
 } from "./tools/kubectl-describe.js";
-import { kubectlList, kubectlListSchema } from "./tools/kubectl-list.js";
 import { kubectlApply, kubectlApplySchema } from "./tools/kubectl-apply.js";
 import { kubectlDelete, kubectlDeleteSchema } from "./tools/kubectl-delete.js";
 import { kubectlCreate, kubectlCreateSchema } from "./tools/kubectl-create.js";
@@ -80,7 +80,6 @@ const allTools = [
   // Unified kubectl-style tools - these replace many specific tools
   kubectlGetSchema,
   kubectlDescribeSchema,
-  kubectlListSchema,
   kubectlApplySchema,
   kubectlDeleteSchema,
   kubectlCreateSchema,
@@ -103,10 +102,11 @@ const allTools = [
   // Port forwarding
   PortForwardSchema,
   StopPortForwardSchema,
+  execInPodSchema,
+
 
   // API resource operations
   listApiResourcesSchema,
-
   // Generic kubectl command
   kubectlGenericSchema,
 ];
@@ -187,6 +187,7 @@ server.setRequestHandler(
             allNamespaces?: boolean;
             labelSelector?: string;
             fieldSelector?: string;
+            sortBy?: string;
           }
         );
       }
@@ -203,20 +204,6 @@ server.setRequestHandler(
         );
       }
 
-      if (name === "kubectl_list") {
-        return await kubectlList(
-          k8sManager,
-          input as {
-            resourceType: string;
-            namespace?: string;
-            output?: string;
-            allNamespaces?: boolean;
-            labelSelector?: string;
-            fieldSelector?: string;
-          }
-        );
-      }
-
       if (name === "kubectl_apply") {
         return await kubectlApply(
           k8sManager,
@@ -451,6 +438,18 @@ server.setRequestHandler(
           );
         }
 
+        case "exec_in_pod": {
+          return await execInPod(
+            k8sManager,
+            input as {
+              name: string;
+              namespace?: string;
+              command: string | string[];
+              container?: string;
+            }
+          );
+        }
+
         default:
           throw new McpError(ErrorCode.InvalidRequest, `Unknown tool: ${name}`);
       }

src/models/response-schemas.ts

@@ -160,3 +160,7 @@ export const SetCurrentContextResponseSchema = z.object({
 export const DescribeNodeResponseSchema = z.object({
   content: z.array(ToolResponseContent),
 });
+
+export const ExecInPodResponseSchema = z.object({
+  content: z.array(ToolResponseContent),
+});

src/prompts/index.ts

@@ -1,18 +1,15 @@
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { KubernetesManager } from "../types.js";
 import { ListPromptsRequestSchema, GetPromptRequestSchema } from "@modelcontextprotocol/sdk/types.js";
-import { kubectlList } from "../tools/kubectl-list.js";
-import { kubectlDescribe } from "../tools/kubectl-describe.js";
-import { kubectlLogs } from "../tools/kubectl-logs.js";
 
 export function registerPromptHandlers(server: Server, k8sManager: KubernetesManager) {
   // Register prompts list handler
   server.setRequestHandler(ListPromptsRequestSchema, async () => {
     return {
       prompts: [
         {
-          name: "k8s-troubleshoot",
-          description: "Troubleshoot Kubernetes Resources.",
+          name: "k8s-diagnose",
+          description: "Diagnose Kubernetes Resources.",
           arguments: [
             {
               name: "keyword",
@@ -35,18 +32,18 @@ export function registerPromptHandlers(server: Server, k8sManager: KubernetesMan
   server.setRequestHandler(GetPromptRequestSchema, async (request) => {
     const { name, arguments: args } = request.params;
 
-    if (name === "k8s-troubleshoot") {
+    if (name === "k8s-diagnose") {
       const keyword = args?.keyword as string;
       const namespace = args?.namespace as string;
 
       if (!keyword) {
-        throw new Error("Keyword parameter is required for k8s-troubleshoot prompt");
+        throw new Error("Keyword parameter is required for k8s-diagnose prompt");
       }
 
       const actualNamespace = namespace || "all";
-      const message = `Troubleshooting for resources (pods, nodes, etc.) containing keyword "${keyword}" in their names within namespace "${actualNamespace}" (or across all namespaces if specified) for this investigation:
+      const message = `Diagnose Kubernetes resources (pods, nodes, etc.) containing keyword "${keyword}" in their names within namespace "${actualNamespace}" (or across all namespaces if specified) for this investigation:
 
-**Autonomous Kubernetes Troubleshooting Flow**
+**Autonomous Kubernetes Diagnosis Flow**
 
 0. **Perform Quick Health Checks / Golden Signals Analysis**
    - Assess latency, errors, and resource utilization. If a clear issue is identified (e.g., node not ready, network partition), streamline or deprioritize subsequent detailed steps.