Available Tools

Complete reference for all Kyverno MCP tools

Overview

Kyverno MCP provides several tools that AI assistants can use to interact with Kyverno and Kubernetes. Each tool is designed for specific operations and returns structured data.

Context Management Tools

list_contexts

Lists all available Kubernetes contexts from your kubeconfig.

Purpose: Discover available Kubernetes clusters/contexts

Example Request:

List all my available Kubernetes contexts
```text

**Example Response**:
```json
{
  "contexts": [
    {
      "name": "production-cluster",
      "cluster": "prod-k8s",
      "user": "admin@prod"
    },
    {
      "name": "staging-cluster",
      "cluster": "staging-k8s",
      "user": "admin@staging"
    }
  ],
  "current": "production-cluster"
}
```json

### switch_context

Switches to a different Kubernetes context.

**Purpose**: Change the active Kubernetes cluster

**Parameters**:
- `context`: The name of the context to switch to

**Example Request**:
```text
Switch to the staging-cluster context
```text

**Example Response**:
```json
{
  "message": "Switched to context: staging-cluster",
  "previous": "production-cluster",
  "current": "staging-cluster"
}
```json

## Policy Management Tools

### apply_policies

Applies Kyverno policies from various sources.

**Purpose**: Deploy policies to enforce security and compliance

**Parameters**:
- `source`: The source of policies
  - Curated sets: `pod-security`, `rbac-best-practices`, `kubernetes-best-practices`, `all`
  - Git repository: `https://github.com/org/repo`
  - Local path: `/path/to/policies`
- `namespace`: (Optional) Target namespace for policies

**Example Requests**:

1. Apply curated pod security policies:
```text
Apply pod security policies to my cluster
```text

2. Apply policies from a Git repository:
```text
Apply policies from https://github.com/myorg/kyverno-policies
```text

3. Apply all curated policies:
```text
Apply all best practice policies to the cluster
```text

**Example Response**:
```json
{
  "message": "Successfully applied 15 policies",
  "policies": [
    "disallow-privileged-containers",
    "require-run-as-non-root",
    "restrict-volume-types"
  ],
  "source": "pod-security"
}
```json

## Monitoring Tools

### show_violations

Displays policy violations from PolicyReport and ClusterPolicyReport resources.

**Purpose**: Monitor compliance and identify issues

**Parameters**:
- `namespace`: (Optional) Filter violations by namespace
- `severity`: (Optional) Filter by severity level

**Example Requests**:

1. Show all violations:
```text
Show me all policy violations in the cluster
```text

2. Show violations in a specific namespace:
```text
Show policy violations in the production namespace
```text

**Example Response**:
```json
{
  "violations": [
    {
      "policy": "disallow-privileged-containers",
      "resource": "pod/webapp-xyz",
      "namespace": "production",
      "severity": "high",
      "message": "Privileged containers are not allowed",
      "timestamp": "2024-01-15T10:30:00Z"
    },
    {
      "policy": "require-resource-limits",
      "resource": "deployment/backend",
      "namespace": "staging",
      "severity": "medium",
      "message": "Container 'api' does not have resource limits set"
    }
  ],
  "summary": {
    "total": 2,
    "high": 1,
    "medium": 1,
    "low": 0
  }
}
```json

**What this tool provides**:
- Current violation snapshots from PolicyReport CRs
- Individual violation details (policy, resource, namespace, severity, message)
- Basic timestamps for when violations occurred
- Summary counts by severity level

**What this tool does NOT provide**:
- Historical violation data or trends over time
- Policy set categorization (e.g., which violations belong to "kubernetes-best-practices")
- Aggregation capabilities (e.g., violation counts by namespace)
- PolicyReport metadata (creation times, report metadata)
- Trend analysis or time-based patterns

**Note**: If Kyverno is not installed, this tool will provide installation instructions.

## Documentation Tool

### help

Provides built-in documentation and guidance.

**Purpose**: Access Kyverno documentation and troubleshooting help

**Parameters**:
- `topic`: The help topic
  - `installation`: Kyverno installation guide
  - `troubleshooting`: Common issues and solutions

**Example Requests**:

1. Get installation help:
```text
Show me how to install Kyverno
```text

2. Get troubleshooting help:
```text
Help me troubleshoot Kyverno issues
```bash

**Example Response**:
```json
{
  "topic": "installation",
  "content": "To install Kyverno using Helm:\n\n1. Add the Kyverno Helm repository:\n   helm repo add kyverno https://kyverno.github.io/kyverno/\n\n2. Install Kyverno:\n   helm install kyverno kyverno/kyverno -n kyverno --create-namespace\n\n..."
}
```json

## Tool Usage Best Practices

### 1. Context Awareness
Always verify the current context before performing operations:

What Kubernetes context am I currently using?


### 2. Check Before Apply
Review violations before applying new policies:
```text
First show me current violations, then apply pod security policies

3. Gradual Policy Adoption

Start with specific policy sets before applying all:

Apply rbac-best-practices first, then we'll add more policies

4. Test Policy Impact

Test policies to understand their impact on existing resources:

Apply pod security policies and show me what violations occur

Error Handling

All tools include comprehensive error handling:

  • Missing Kyverno: Installation instructions are provided
  • Invalid Context: List of valid contexts is shown
  • Policy Conflicts: Detailed conflict information is returned
  • Network Issues: Clear error messages with retry suggestions

Integration Examples

Complete Security Audit


### Multi-Cluster Management
```text

## Next Steps

- Learn about [Configuration Options](configuration.md)
- Check out [Troubleshooting Guide](troubleshooting.md)