# k8s AIops > Governed Kubernetes ops — 15 MCP tools with audit, budget, undo guards. - **Type:** MCP server - **Install:** `agentstack add mcp-aiops-tools-k8s-aiops` - **Verified:** Yes — security-reviewed for prompt injection and unsafe behavior - **Seller:** [AIops-tools](https://agentstack.voostack.com/s/aiops-tools) - **Installs:** 0 - **Category:** [Cloud & Infrastructure](https://agentstack.voostack.com/c/cloud-infrastructure) - **Latest version:** 0.1.0 - **License:** MIT - **Upstream author:** [AIops-tools](https://github.com/AIops-tools) - **Source:** https://github.com/AIops-tools/K8s-AIops ## Install ```sh agentstack add mcp-aiops-tools-k8s-aiops ``` Requires the [AgentStack CLI](https://agentstack.voostack.com/docs/cli). Works with Claude Code, Cursor, and any MCP-compatible agent. ## About # k8s-aiops (preview) > **Disclaimer**: This is a community-maintained open-source project and is **not > affiliated with, endorsed by, or sponsored by the Cloud Native Computing > Foundation, the Kubernetes project, or k3s/Rancher.** "Kubernetes" and "k3s" are > trademarks of their respective owners. Source code is publicly auditable at > [github.com/AIops-tools/K8s-AIops](https://github.com/AIops-tools/K8s-AIops) under > the MIT license. Governed Kubernetes operations for AI agents — **51 MCP tools**, every one wrapped with the bundled `@governed_tool` harness: a local unified audit log under `~/.k8s-aiops/`, policy engine, token/runaway budget guard, undo-token recording, and graduated-autonomy risk tiers. Coverage spans pods, deployments, statefulsets, daemonsets, replicasets, jobs/cronjobs, services, ingresses, endpoints, configmaps, secrets (names/keys only), PVCs/PVs/storageclasses, nodes, namespaces, events, rollouts (status/history/undo/pause/resume/set-image), pod/node describe, pod/node top, and a cluster health summary. > **Standalone**: the governance harness is bundled in the package > (`k8s_aiops.governance`) — k8s-aiops has no external skill-family dependency. > Preview: common cluster operations, not yet exhaustive. ## What works Any cluster a kubeconfig can reach: standard Kubernetes, **k3s**, **EKS**, **GKE**, **AKS**, kind, minikube. Authentication (client certs, tokens, EKS/GKE/AKS exec plugins) is delegated entirely to the kubeconfig. ## Quick Start ```bash uv tool install k8s-aiops # Friendly onboarding wizard — registers your kube contexts as named targets: k8s-aiops init # Or skip it — uses your current kube-context out of the box: k8s-aiops doctor k8s-aiops pod list k8s-aiops deployment list -n default ``` To define named targets (multiple clusters/contexts), create `~/.k8s-aiops/config.yaml`: ```yaml targets: - name: prod # used as -t prod context: prod-eks # a context in your kubeconfig (omit for current-context) namespace: default # optional default namespace # kubeconfig: /path/to/alt/kubeconfig # optional explicit path - name: lab context: k3s-lab ``` No secrets live in this file — credentials come from the kubeconfig. ## MCP ```jsonc { "command": "k8s-aiops", "args": ["mcp"], "env": { "K8S_AIOPS_CONFIG": "~/.k8s-aiops/config.yaml" } } ``` ## Audit & Safety - Every tool call is logged to `~/.k8s-aiops/audit.db` (local SQLite; relocate with `K8S_AIOPS_HOME`). - Reversible writes record an inverse undo descriptor (`scale_deployment` → scale-back to previous; `cordon_node` ↔ `uncordon_node`). - `delete_deployment` is `risk_level=high`; CLI destructive commands require double confirmation and support `--dry-run`. - All API text passes through `sanitize()` (prompt-injection defense). See `skills/k8s-aiops/SKILL.md` and `SECURITY.md` for details. ## Companion Skills | If you want… | Use | |--------------|-----| | Kubernetes pods / deployments / nodes | **k8s-aiops** (this) | | Hypervisor VM lifecycle | a hypervisor ops skill | | Backup & restore | a backup ops skill | ## Contributing & feature requests This is a preview — coverage is intentionally focused. **Missing a device, action, or feature you need?** Open an issue or pull request at [github.com/AIops-tools/K8s-AIops](https://github.com/AIops-tools/K8s-AIops/issues) — feature requests, contributions, and comments are all welcome. ## License MIT — [github.com/AIops-tools/K8s-AIops](https://github.com/AIops-tools/K8s-AIops) ## Source & license This open-source MCP server is cataloged on AgentStack and links to its original source — we do not rehost the code. - **Author:** [AIops-tools](https://github.com/AIops-tools) - **Source:** [AIops-tools/K8s-AIops](https://github.com/AIops-tools/K8s-AIops) - **License:** MIT Install and usage instructions live in the source repository linked above. ## Pricing - **Free** — Free ## Versions - **0.1.0** — security scan: passed — Imported from the upstream source. ## Links - Listing page: https://agentstack.voostack.com/l/mcp-aiops-tools-k8s-aiops - Seller: https://agentstack.voostack.com/s/aiops-tools - Browse the marketplace: https://agentstack.voostack.com/browse --- Listed on AgentStack — the marketplace for AI agent skills and MCP servers. Every listing is security-reviewed. Creators keep 70%.