// Multi-cluster Kubernetes dashboard with AI-powered operations via MCP server and 10+ built-in agent skills
| name | kubestellar-console |
| description | Multi-cluster Kubernetes dashboard with AI-powered operations via MCP server and 10+ built-in agent skills |
| category | devops |
| risk | critical |
| source | community |
| source_repo | kubestellar/console |
| source_type | community |
| date_added | 2026-04-27 |
| author | kubestellar |
| tags | ["kubernetes","multi-cluster","mcp","dashboard","cncf","devops","observability"] |
| tools | ["claude","cursor","gemini","codex"] |
| license | Apache-2.0 |
| license_source | https://github.com/kubestellar/console/blob/main/LICENSE |
| plugin | {"setup":{"type":"manual","summary":"Requires kc-agent binary (brew tap kubestellar/tap && brew install kc-agent)","docs":"https://github.com/kubestellar/console#quick-start"}} |
KubeStellar Console is an open-source multi-cluster Kubernetes dashboard (CNCF project) with AI-powered operations. It ships with kc-agent, an MCP server that bridges coding agents to kubeconfig and Kubernetes APIs, plus 10+ built-in agent skills for development, testing, and operations.
brew tap kubestellar/tap && brew install kc-agent
kc-agent
This bridges the active kubeconfig context to any MCP-compatible coding agent. Do not start it from a cluster-admin or write-capable context unless the user explicitly accepts that risk.
The project ships with agent skills accessible via CLAUDE.md and AGENTS.md:
kc-agent bridges your active kubeconfig context to MCP-compatible agents. If that context carries cluster-admin, write permissions, or secret read access, agents inherit those capabilities.kc-agent uses. Start kc-agent only after switching KUBECONFIG/context to dedicated least-privilege credentials and verifying them.resources='*', because it includes sensitive objects such as Secrets. Prefer an explicit non-secret resource list and verify access before starting the MCP server:
kubectl create serviceaccount kc-agent -n default
kubectl create clusterrole kc-agent-readonly \
--verb=get,list,watch \
--resource=pods,services,deployments.apps,replicasets.apps,statefulsets.apps,daemonsets.apps,namespaces,nodes,events,configmaps
kubectl create clusterrolebinding kc-agent-readonly \
--clusterrole=kc-agent-readonly \
--serviceaccount=default:kc-agent
kubectl auth can-i get secrets --as=system:serviceaccount:default:kc-agent
kubectl auth can-i list pods --as=system:serviceaccount:default:kc-agent
can-i command must return no; the second should return yes. Then create or select a kubeconfig that actually authenticates as that ServiceAccount before running kc-agent.kc-agent on a public network without authentication.kc-agent) installed separately via Homebrew.Run Bumblebee supply-chain inventory and exposure scans on macOS/Linux to detect compromised packages, extensions, and MCP host configs.
Fast, modern JavaScript/TypeScript development with the Bun runtime, inspired by [oven-sh/bun](https://github.com/oven-sh/bun).
Conduct comprehensive security assessments of cloud infrastructure across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
Harden Docker/container images and runtime deployments with secure base images, non-root users, CVE scanning, SBOM/signing, seccomp/AppArmor, and Kubernetes pod security controls. Use for Dockerfile security reviews, container CVEs, image scanning, distroless images, or production hardening.
Guide developers through setting up development environments with proper tools, dependencies, and configurations
This skill enables makepad-skills to self-improve continuously during development.