AUTOMATIONSWITCH
VendorInfrastructure

Azure AKS MCP

by Microsoft Azure

Official Microsoft Azure MCP server for Azure Kubernetes Service. Workload Identity with federated tokens, three access-level guardrails (readonly, readwrite, admin), and a unified two-tool surface (call_az + call_kubectl). Top commit cadence in this batch (10 commits on main in the last 30 days).

132·6 tools·Released APR 2025·MIT
aks-mcp --transport stdio --access-level readonly
Share:

The official Microsoft-maintained MCP server for Azure Kubernetes Service. Workload Identity with federated tokens, three access-level guardrails, and a unified two-tool surface (call_az plus call_kubectl) keep the runtime compact and predictable. Pick this when you run AKS and need an audit-defensible, vendor-supported AI-ops surface for cluster lifecycle, fleet management, and node-level diagnostics. The most actively maintained server in this batch (10 commits on main in the last 30 days, 15 releases over 12 months). Five-step auth chain with strict federated-token-path validation. Three access levels: readonly (default), readwrite, admin. SafeSkill third-party security audit reports 92/100.

Reviewed by M. Nouriel · MAY 2026
// Connect

INSTALL THIS SERVER

Requires authenticationFive-method Azure CLI auth chain: Service Principal, Workload Identity (federated token), User-assigned Managed Identity, System-assigned Managed Identity, Existing Login. Federated token file path strictly validated to /var/run/secrets/azure/tokens/azure-identity-token.
{ "mcpServers": { "aks": { "command": "aks-mcp", "args": [ "--transport", "stdio", "--access-level", "readonly" ], "env": { "AZURE_TENANT_ID": "<your-tenant-id>", "AZURE_SUBSCRIPTION_ID": "<your-subscription-id>" } } } }
PrereqInstall via Go binary release or Docker MCP Catalog (`mcp/aks`). Requires Azure CLI on PATH. Auth resolved through chain: Service Principal (set AZURE_CLIENT_ID + AZURE_CLIENT_SECRET + AZURE_TENANT_ID) > Workload Identity (federated token) > Managed Identity > existing `az login` session. Default access level is `readonly`; set `--access-level readwrite` or `admin` only when needed. SafeSkill verification badge available at safeskill.dev/scan/azure-aks-mcp. Path: ~/Library/Application Support/Claude/claude_desktop_config.json (macOS).
{ "mcpServers": { "aks": { "command": "aks-mcp", "args": [ "--transport", "stdio", "--access-level", "readonly" ], "env": { "AZURE_TENANT_ID": "<your-tenant-id>", "AZURE_SUBSCRIPTION_ID": "<your-subscription-id>" } } } }
{ "mcpServers": { "aks": { "command": "aks-mcp", "args": [ "--transport", "stdio", "--access-level", "readonly" ], "env": { "AZURE_TENANT_ID": "<your-tenant-id>", "AZURE_SUBSCRIPTION_ID": "<your-subscription-id>" } } } }
{ "mcpServers": { "aks": { "command": "aks-mcp", "args": [ "--transport", "stdio", "--access-level", "readonly" ], "env": { "AZURE_TENANT_ID": "<your-tenant-id>", "AZURE_SUBSCRIPTION_ID": "<your-subscription-id>" } } } }
{ "mcpServers": { "aks": { "command": "aks-mcp", "args": [ "--transport", "stdio", "--access-level", "readonly" ], "env": { "AZURE_TENANT_ID": "<your-tenant-id>", "AZURE_SUBSCRIPTION_ID": "<your-subscription-id>" } } } }
// Tools

6 TOOLS AVAILABLE

call_az
Execute any Azure CLI command, scope-gated by access level
Admin
call_kubectl
kubectl wrapper against AKS clusters, scope-gated
Admin
aks_network_resources
VNet, subnet, NSG, route-table, load-balancer info
Read
aks_monitoring
Metrics, resource health, App Insights, control plane logs
Read
collect_aks_node_logs
Kubelet, containerd, kernel, syslog from VMSS nodes
Read
az_fleet
AKS Fleet operations across member clusters
Admin
// Editorial Review

OUR ASSESSMENT

Strengths
  • Official Azure org publication with Microsoft engineering support.
  • Three explicit access levels: readonly, readwrite, admin. Destructive operations gated behind a flag.
  • Five-method authentication chain with strict path validation on federated token files.
  • Unified tools (call_az, call_kubectl) keep the agent tool surface compact.
  • Fleet management for multi-cluster scenarios (az_fleet, az_fleet_member, az_fleet_updaterun); rare in MCP servers today.
  • Built-in monitoring tools wrap Application Insights, control plane logs, resource health.
  • SafeSkill verification badge (92/100) provides third-party safety signal.
  • Active release cadence: 15 releases in 12 months, 10 commits on main in the last 30 days.
Weaknesses
  • Lower star count (132) than community Kubernetes MCP servers; niche audience held up by official-vendor strength.
  • Open OAuth callback bug for Claude.ai (#365) signals rough edges in remote-mode auth.
  • Scope is AKS-only; for non-Azure clusters pair with kubectl-mcp-server or containers/kubernetes-mcp-server.
  • Linux-only for VMSS node log collection at this stage; Windows-node support is a roadmap item.
Security Notes

Authentication uses the Azure CLI auth chain (Workload Identity > Service Principal > Managed Identity > existing session). Federated token file path is strictly validated to a single canonical location (/var/run/secrets/azure/tokens/azure-identity-token); other paths are rejected. Set --access-level readonly for production agents. Reserve admin (which exposes get-credentials) for break-glass operators only. After each login, the server verifies authentication with `az account show --query id -o tsv` before serving requests.

Best For

Platform and SRE teams running Azure Kubernetes Service who need vendor-supported tooling, audit-defensible AI-ops deployments where access-level guardrails matter for compliance, and multi-cluster AKS Fleet operations.

// Technical

TECHNICAL DETAILS

Language
go
Transport
stdiostreamable-http
Clients
Claude DesktopClaude CodeCursorVS CodeWindsurf
License
MIT
GitHub
Azure/aks-mcp · ★ 132
npm
aks-mcp
Last Release
v0.0.17APR 3, 2026
First Released
APR 25, 2025
// Adoption

ADOPTION METRICS

// GitHub Stars
132

// Reading this132 stars and 36 forks. Star count below the 500 threshold; official Azure org placement and SafeSkill 92/100 audit carry the editorial weight.

// Popularity Rank
#17
Globally · #6 in Infrastructure

// Reading thisSixth-ranked in infrastructure. Pair with kubectl-mcp-server or containers/kubernetes-mcp-server for general K8s coverage; pick this for AKS-specific operations.

// How we found this server

SOURCES & VERIFICATION

We don't take any single directory's word for it. Before scoring, we cross-reference 5 public MCP sources, install the server ourselves against the clients we cover, and record when we last re-verified.

01
Discovered
Manual submission
First indexed MAY 1, 2026
02
Cross-referenced
5 directories
PulseMCP, MCP.so, Glama, Smithery, Official MCP Registry
03
Verified against
Claude Desktop, GitHub Copilot, Cursor, VS Code
Installed and tested across clients
04
Last re-checked
MAY 1, 2026
Weekly re-verification
// How other directories see it

The same server, 5 different lenses. We reconcile these signals into our editorial score, which is why our number sometimes diverges from a directory-aggregate star count.

SourceTheir ratingTheir star countTheir downloadsLast synced
AutomationSwitch This page4.5editorial132MAY 1, 2026
PulseMCP— unratedunavailableunavailableMAY 1, 2026
MCP.so— unratedunavailableunavailableMAY 1, 2026
Glama— unratedunavailableunavailableMAY 1, 2026
Smithery— unratedunavailableunavailableMAY 1, 2026
Official MCP Registry— unratedunavailableunavailableMAY 1, 2026

// Counts are directory-reported; we don't adjust them. Discrepancies usually come from different snapshot times or star-caching.

// Alternatives

OTHER INFRASTRUCTURE MCP SERVERS

Community4.5

Kubernetes MCP Server

containers/ org (Red Hat-adjacent)

Native Go MCP server for Kubernetes and OpenShift from the containers/ org. Talks directly to the Kubernetes API server, supports Helm and Tekton, ships with OpenTelemetry observability built in. Distributed as a single native binary plus npm and PyPI packages.

6 tools1,502
Vendor4.5

Sentry MCP Server

Sentry

Sentry's official MCP service. Runs as remote infrastructure at mcp.sentry.dev and ships a Claude Code plugin that auto-delegates Sentry questions. Designed for human-in-the-loop coding agents working through Sentry errors, traces, and performance data.

6 tools671
Community4.3

mcp-server-kubernetes (Flux159)

Flux159 (community)

Community-favourite TypeScript Kubernetes MCP. Uses local kubectl plus Helm v3, distributed via npm, and ships as an mcpb extension for one-click Claude Desktop install. Mature 3.x release stream with consistent monthly cadence.

5 tools1,382
Vendor4.3

Argo CD MCP

Argo Project Labs (donated by Akuity)

Argoproj-Labs-blessed Argo CD MCP server, originally donated by Akuity. Both stdio and HTTP-stream transports out of the box, MCP_READ_ONLY mode for production safety, and a tool surface covering the full Argo CD application lifecycle (list/get/sync/delete plus resource-tree traversal and workload logs).

8 tools416
Community4.2

kubectl MCP Server

Rohit Ghumare (CNCF Ambassador)

CNCF Landscape-listed community kubectl MCP server. 253 tools spanning kubectl, Helm, RBAC audit, cost optimisation, network diagnostics, and a 3D cluster topology UI. Multi-distribution via npm, PyPI, Docker Hub, and GHCR.

7 tools877
Vendor3.8

GKE MCP Server

GoogleCloudPlatform org

Google Kubernetes Engine MCP server in the GoogleCloudPlatform org. Adds GKE-specific tools (cluster management, upgrade risk reports, log queries) plus Gemini CLI extension support. Maintainers explicitly state this is for education and experimentation and is NOT FOR PRODUCTION USE.

8 tools147
// Get in touch

DISCUSS YOUR
MCP REQUIREMENTS.

Evaluating a server, scoping an internal deployment, or working out whether MCP is the right fit at all. Start the conversation and we will point you at the right piece of the ecosystem.

Discuss Your MCP Requirements →