Limitations - cturner8/kube-mcp GitHub Wiki

This page documents current limitations and constraints of kube-mcp. These may be addressed in future releases.

Kubernetes API Coverage

Currently, kube-mcp supports a limited subset of Kubernetes resources through its MCP tools. This includes:

Supported

  • Core Resources: Pods, Services, Namespaces, Nodes, ConfigMaps, Secrets, Events, PersistentVolumes, PersistentVolumeClaims
  • Apps: Deployments
  • Networking: Ingresses (networking.k8s.io/v1)

Unsupported

The following resources are not yet supported:

  • StatefulSets, DaemonSets, ReplicaSets
  • Jobs, CronJobs
  • Gateway API (Gateway, HTTPRoute, etc.)
  • Custom Resource Definitions (CRDs)
  • NetworkPolicies, StorageClasses
  • RBAC resources (Roles, RoleBindings, etc.)
  • And many others

To see all available tools, refer to the MCP Tools documentation.

Read-Only Operations

All MCP tools are currently read-only. The server does not support:

  • Creating resources
  • Updating/patching resources
  • Deleting resources
  • Executing commands in pods

Cluster-Wide Access Required

The Helm chart deploys kube-mcp with a ClusterRole and ClusterRoleBinding, providing cluster-wide read access.

In practice, this means the following:

  • The ServiceAccount can read resources across all namespaces
  • Cannot be restricted to specific namespaces without modifying the chart
  • Requires cluster-admin privileges to install

Authentication & Authorization Limitations

Single OIDC Client

  • Only one OIDC client configuration per deployment
  • All users authenticate through the same client
  • Cannot have different OIDC configurations for different user groups

No Per-User Tool Restrictions

  • Tool access controls (allowed/disallowed tools) apply globally to all users
  • Cannot configure different tool permissions for different users
  • Scope-based authorization is validated but does not affect tool availability

For resource-level access control, rely on Kubernetes RBAC (see RBAC).

Ingress Limitations

Gateway API Not Supported

The Helm chart only supports traditional Ingress resources (networking.k8s.io/v1). Gateway API (gateway.networking.k8s.io) is not supported.

If you need to use Gateway API, you must:

  • Disable ingress in the chart: ingress.enabled: false
  • Manually create Gateway/HTTPRoute resources
  • Ensure they target the kube-mcp Service

Performance Considerations

JWKS Caching

  • JWKS keys are cached for 5 minutes
  • No configuration option to adjust cache duration

No Rate Limiting

  • The server does not implement rate limiting
  • Consider using ingress-level rate limiting for production deployments

Multi-Cluster Support

Multi-cluster functionality is not supported given kube-mcp is designed to run directly within the target cluster.