MCP Server Policy

KUBERNETES MCP POLICY

Enforce policies on every tool call to the Kubernetes MCP Server. 22 tools listed, categorised, and ready for rules.

1 read 21 write 22 tools total

kubernetes cloud

GET STARTED

Download this policy scaffold and add your rules. Intercept enforces them on every tool call before it reaches Kubernetes.

terminal

# Download policy scaffold


curl -o kubernetes.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/kubernetes.yaml

# Run with Intercept


intercept --policy kubernetes.yaml -- npx -y @

Server documentation: https://www.npmjs.com/package/mcp-server-kubernetes

READ TOOLS

list_api_resources List the API resources available in the cluster

EXECUTE TOOLS

exec_in_pod Execute a command in a Kubernetes pod or container and return the output. Command must be an array of strings where the first element is the executable and remaining elements are arguments. This executes directly without shell interpretation for security.

kubectl_generic Execute any kubectl command with the provided arguments and flags

OTHER TOOLS

cleanup Cleanup all managed resources

explain_resource Get documentation for a Kubernetes resource or field

install_helm_chart Install a Helm chart with support for both standard and template-based installation

kubectl_apply Apply a Kubernetes YAML manifest from a string or file

kubectl_context Manage Kubernetes contexts - list, get, or set the current context

kubectl_create Create Kubernetes resources using various methods (from file or using subcommands)

kubectl_delete Delete Kubernetes resources by resource type, name, labels, or from a manifest file

kubectl_describe Describe Kubernetes resources by resource type, name, and optionally namespace

kubectl_get Get or list Kubernetes resources by resource type, name, and optionally namespace

kubectl_logs Get logs from Kubernetes resources like pods, deployments, or jobs

kubectl_patch Update field(s) of a resource using strategic merge patch, JSON merge patch, or JSON patch

kubectl_rollout Manage the rollout of a resource (e.g., deployment, daemonset, statefulset)

kubectl_scale Scale a Kubernetes deployment

node_management Manage Kubernetes nodes with cordon, drain, and uncordon operations

ping Verify that the counterpart is still responsive and the connection is alive.

port_forward Forward a local port to a port on a Kubernetes resource

stop_port_forward Stop a port-forward process

uninstall_helm_chart Uninstall a Helm chart release

upgrade_helm_chart Upgrade an existing Helm chart release

POLICY YAML

This scaffold lists every tool with empty rules. Add conditions — rate limits, argument validation, deny rules — then deploy with Intercept.

kubernetes.yaml

version: "1"
description: "Policy for "
default: "allow"
tools:
    cleanup:
        rules: []
    exec_in_pod:
        rules: []
    explain_resource:
        rules: []
    install_helm_chart:
        rules: []
    kubectl_apply:
        rules: []
    kubectl_context:
        rules: []
    kubectl_create:
        rules: []
    kubectl_delete:
        rules: []
    kubectl_describe:
        rules: []
    kubectl_generic:
        rules: []
    kubectl_get:
        rules: []
    kubectl_logs:
        rules: []
    kubectl_patch:
        rules: []
    kubectl_rollout:
        rules: []
    kubectl_scale:
        rules: []
    list_api_resources:
        rules: []
    node_management:
        rules: []
    ping:
        rules: []
    port_forward:
        rules: []
    stop_port_forward:
        rules: []
    uninstall_helm_chart:
        rules: []
    upgrade_helm_chart:
        rules: []

RELATED POLICIES

FREQUENTLY ASKED QUESTIONS

What tools does the Kubernetes MCP server expose?

The Kubernetes MCP Server exposes 22 tools across 3 categories: Other, Execute, Read. Each tool can be individually controlled with Intercept policies.

How do I enforce policies on Kubernetes?

Download the policy scaffold, add rules (rate limits, argument validation, deny rules), then run Intercept as a proxy in front of the Kubernetes MCP server. Every tool call is evaluated against your YAML policy before execution.

Is the Kubernetes policy free to use?

Yes. All Intercept policies are open source under the Apache 2.0 licence. Download, modify, and deploy without restrictions.

ENFORCE POLICIES ON KUBERNETES

Open source. One binary. Zero dependencies.

VIEW ON GITHUB Browse all policies →

KUBERNETES MCP POLICY

GET STARTED

READ TOOLS

list_api_resources

EXECUTE TOOLS

exec_in_pod

kubectl_generic

OTHER TOOLS

cleanup

explain_resource

install_helm_chart

kubectl_apply

kubectl_context

kubectl_create

kubectl_delete

kubectl_describe

kubectl_get

kubectl_logs

kubectl_patch

kubectl_rollout

kubectl_scale

node_management

ping

port_forward

stop_port_forward

uninstall_helm_chart

upgrade_helm_chart

POLICY YAML

RELATED POLICIES

FREQUENTLY ASKED QUESTIONS

What tools does the Kubernetes MCP server expose?

How do I enforce policies on Kubernetes?

Is the Kubernetes policy free to use?

ENFORCE POLICIES ON KUBERNETES

GET IN TOUCH