Official Homebrew tap for KubeStellar tools.
brew tap kubestellar/tap
brew install kubectl-claudeAI-powered multi-cluster Kubernetes management for Claude Code.
1. Claude Code Plugin (Recommended)
Install as a Claude Code plugin for the best experience:
/plugin marketplace add kubestellar/claude-plugins
Then go to /plugin → Discover → Install kubectl-claude.
2. kubectl Plugin
kubectl claude clusters list
kubectl claude clusters health
kubectl claude "show me failing pods"3. MCP Server
kubectl-claude --mcp-server| Command | Description |
|---|---|
/k8s-health |
Check health of all Kubernetes clusters |
/k8s-issues |
Find issues across clusters (pods, deployments, events) |
/k8s-analyze |
Comprehensive namespace analysis |
/k8s-security |
Security audit (privileged, root, host access) |
/k8s-rbac |
Analyze RBAC permissions for a subject |
/k8s-audit-kubeconfig |
Audit kubeconfig clusters and recommend cleanup |
/k8s-ownership |
Set up resource ownership tracking with OPA Gatekeeper |
Cluster Management
list_clusters- Discover clusters from kubeconfigget_cluster_health- Check cluster health statusget_nodes- List cluster nodes with statusaudit_kubeconfig- Audit all clusters for connectivity and recommend cleanup
Workloads
get_pods,get_deployments,get_services,get_eventsdescribe_pod,get_pod_logs
RBAC Analysis
get_roles,get_cluster_roles,get_role_bindings,get_cluster_role_bindingscan_i,analyze_subject_permissions,describe_role
Diagnostics
find_pod_issues- CrashLoopBackOff, ImagePullBackOff, OOMKilled, pendingfind_deployment_issues- Stuck rollouts, unavailable replicascheck_resource_limits- Missing CPU/memory limitscheck_security_issues- Privileged containers, root users, host networkanalyze_namespace- Comprehensive namespace analysisget_warning_events- Warning events onlyfind_resource_owners- Find who owns/manages resources via managedFields, labels
OPA Gatekeeper Policy
check_gatekeeper- Check if Gatekeeper is installedget_ownership_policy_status- Get policy config and violation countlist_ownership_violations- List resources missing ownership labelsinstall_ownership_policy- Install ownership policy (dryrun/warn/enforce)set_ownership_policy_mode- Change enforcement modeuninstall_ownership_policy- Remove the policy
Add to ~/.claude/settings.json:
{
"permissions": {
"allow": [
"mcp__plugin_kubectl-claude_kubectl-claude__*"
]
}
}Ask Claude Code:
- "List my Kubernetes clusters"
- "Find pods with issues in the production namespace"
- "Check for security misconfigurations"
- "What permissions does the admin service account have?"
- "Audit my kubeconfig and show stale clusters"
Local agent for KubeStellar Console - bridges your browser to your kubeconfig and Claude Code CLI.
brew tap kubestellar/tap
brew install kc-agent# Start the agent (runs on localhost:8585)
kc-agent
# Or run as a background service
brew services start kubestellar/tap/kc-agent| Environment Variable | Description | Default |
|---|---|---|
KC_ALLOWED_ORIGINS |
Comma-separated list of allowed origins for CORS | localhost only |
KC_AGENT_TOKEN |
Optional shared secret for authentication | (none) |
If you're running the console on a custom domain:
# Single origin
KC_ALLOWED_ORIGINS="https://my-console.example.com" kc-agent
# Multiple origins
KC_ALLOWED_ORIGINS="https://console1.example.com,https://console2.example.com" kc-agentAdd to your shell profile (~/.zshrc or ~/.bashrc):
export KC_ALLOWED_ORIGINS="https://my-console.example.com"Then restart:
brew services restart kubestellar/tap/kc-agent- Origin Validation: Only allows connections from configured origins
- Localhost Only: Binds to
127.0.0.1- not accessible from other machines - Optional Token Auth: Can require a shared secret via
KC_AGENT_TOKEN - Command Allowlist: Only permits safe kubectl commands
Apache License 2.0