--- title: "Available Tools" description: "Complete reference for all Kyverno MCP tools" diataxis: how-to applies_to: product: "kyverno" audience: ["platform-engineer","devsecops"] last_updated: 2026-03-25 url: https://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/available-tools/ --- ## Overview Kyverno MCP provides several tools that AI assistants can use to interact with Kyverno and Kubernetes. Each tool is designed for specific operations and returns structured data. ## Context Management Tools ### list_contexts Lists all available Kubernetes contexts from your kubeconfig. **Purpose**: Discover available Kubernetes clusters/contexts **Example Request**: ```text List all my available Kubernetes contexts ```text **Example Response**: ```json { "contexts": [ { "name": "production-cluster", "cluster": "prod-k8s", "user": "admin@prod" }, { "name": "staging-cluster", "cluster": "staging-k8s", "user": "admin@staging" } ], "current": "production-cluster" } ```json ### switch_context Switches to a different Kubernetes context. **Purpose**: Change the active Kubernetes cluster **Parameters**: - `context`: The name of the context to switch to **Example Request**: ```text Switch to the staging-cluster context ```text **Example Response**: ```json { "message": "Switched to context: staging-cluster", "previous": "production-cluster", "current": "staging-cluster" } ```json ## Policy Management Tools ### apply_policies Applies Kyverno policies from various sources. **Purpose**: Deploy policies to enforce security and compliance **Parameters**: - `source`: The source of policies - Curated sets: `pod-security`, `rbac-best-practices`, `kubernetes-best-practices`, `all` - Git repository: `https://github.com/org/repo` - Local path: `/path/to/policies` - `namespace`: (Optional) Target namespace for policies **Example Requests**: 1. Apply curated pod security policies: ```text Apply pod security policies to my cluster ```text 2. Apply policies from a Git repository: ```text Apply policies from https://github.com/myorg/kyverno-policies ```text 3. Apply all curated policies: ```text Apply all best practice policies to the cluster ```text **Example Response**: ```json { "message": "Successfully applied 15 policies", "policies": [ "disallow-privileged-containers", "require-run-as-non-root", "restrict-volume-types" ], "source": "pod-security" } ```json ## Monitoring Tools ### show_violations Displays policy violations from PolicyReport and ClusterPolicyReport resources. **Purpose**: Monitor compliance and identify issues **Parameters**: - `namespace`: (Optional) Filter violations by namespace - `severity`: (Optional) Filter by severity level **Example Requests**: 1. Show all violations: ```text Show me all policy violations in the cluster ```text 2. Show violations in a specific namespace: ```text Show policy violations in the production namespace ```text **Example Response**: ```json { "violations": [ { "policy": "disallow-privileged-containers", "resource": "pod/webapp-xyz", "namespace": "production", "severity": "high", "message": "Privileged containers are not allowed", "timestamp": "2024-01-15T10:30:00Z" }, { "policy": "require-resource-limits", "resource": "deployment/backend", "namespace": "staging", "severity": "medium", "message": "Container 'api' does not have resource limits set" } ], "summary": { "total": 2, "high": 1, "medium": 1, "low": 0 } } ```json **What this tool provides**: - Current violation snapshots from PolicyReport CRs - Individual violation details (policy, resource, namespace, severity, message) - Basic timestamps for when violations occurred - Summary counts by severity level **What this tool does NOT provide**: - Historical violation data or trends over time - Policy set categorization (e.g., which violations belong to "kubernetes-best-practices") - Aggregation capabilities (e.g., violation counts by namespace) - PolicyReport metadata (creation times, report metadata) - Trend analysis or time-based patterns **Note**: If Kyverno is not installed, this tool will provide installation instructions. ## Documentation Tool ### help Provides built-in documentation and guidance. **Purpose**: Access Kyverno documentation and troubleshooting help **Parameters**: - `topic`: The help topic - `installation`: Kyverno installation guide - `troubleshooting`: Common issues and solutions **Example Requests**: 1. Get installation help: ```text Show me how to install Kyverno ```text 2. Get troubleshooting help: ```text Help me troubleshoot Kyverno issues ```bash **Example Response**: ```json { "topic": "installation", "content": "To install Kyverno using Helm:\n\n1. Add the Kyverno Helm repository:\n helm repo add kyverno https://kyverno.github.io/kyverno/\n\n2. Install Kyverno:\n helm install kyverno kyverno/kyverno -n kyverno --create-namespace\n\n..." } ```json ## Tool Usage Best Practices ### 1. Context Awareness Always verify the current context before performing operations: ``` What Kubernetes context am I currently using? ```text ### 2. Check Before Apply Review violations before applying new policies: ```text First show me current violations, then apply pod security policies ``` ### 3. Gradual Policy Adoption Start with specific policy sets before applying all: ```text Apply rbac-best-practices first, then we'll add more policies ``` ### 4. Test Policy Impact Test policies to understand their impact on existing resources: ```text Apply pod security policies and show me what violations occur ``` ## Error Handling All tools include comprehensive error handling: - **Missing Kyverno**: Installation instructions are provided - **Invalid Context**: List of valid contexts is shown - **Policy Conflicts**: Detailed conflict information is returned - **Network Issues**: Clear error messages with retry suggestions ## Integration Examples ### Complete Security Audit ```text ### Multi-Cluster Management ```text ## Next Steps - Learn about [Configuration Options](configuration.md) - Check out [Troubleshooting Guide](troubleshooting.md)