Kyverno MCP Server on Nirmata Documentationhttps://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/Recent content in Kyverno MCP Server on Nirmata DocumentationHugoenGetting Startedhttps://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/getting-started/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/getting-started/<h2 id="quick-start">Quick Start</h2> <p>This guide will help you get started with Kyverno MCP in minutes.</p> <h3 id="prerequisites">Prerequisites</h3> <p>Before you begin, ensure you have:</p> <ul> <li>Access to a Kubernetes cluster</li> <li>A valid kubeconfig file</li> <li>Kyverno installed in your cluster (optional, but recommended)</li> </ul> <h3 id="step-1-install-kyverno-mcp">Step 1: Install Kyverno MCP</h3> <p>Choose your preferred installation method:</p> <h4 id="using-homebrew-macoslinux">Using Homebrew (macOS/Linux)</h4> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>brew tap nirmata/tap </span></span><span style="display:flex;"><span>brew install kyverno-mcp </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">#### Download Binary</span> </span></span><span style="display:flex;"><span>Download the appropriate binary <span style="color:#cf222e">for</span> your platform from the <span style="color:#0550ae">[</span>Nirmata downloads page<span style="color:#0550ae">](</span>https://downloads.nirmata.io/kyverno-mcp/downloads/<span style="color:#0550ae">)</span>. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Step 2: Configure Your MCP Client</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Add Kyverno MCP to your MCP client configuration. For example, in Claude Desktop: </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>1. Open your Claude Desktop configuration file: </span></span><span style="display:flex;"><span> - macOS: <span style="color:#0a3069">`</span>~/Library/Application Support/Claude/claude_desktop_config.json<span style="color:#0a3069">`</span> </span></span><span style="display:flex;"><span> - Windows: <span style="color:#0a3069">`</span>%APPDATA%<span style="color:#0a3069">\C</span>laude<span style="color:#0a3069">\c</span>laude_desktop_config.json<span style="color:#0a3069">`</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>2. Add the Kyverno MCP server: </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>json </span></span><span style="display:flex;"><span><span style="color:#0550ae">{</span> </span></span><span style="display:flex;"><span> <span style="color:#0a3069">&#34;mcpServers&#34;</span>: <span style="color:#0550ae">{</span> </span></span><span style="display:flex;"><span> <span style="color:#0a3069">&#34;kyverno&#34;</span>: <span style="color:#0550ae">{</span> </span></span><span style="display:flex;"><span> <span style="color:#0a3069">&#34;command&#34;</span>: <span style="color:#0a3069">&#34;/path/to/kyverno-mcp&#34;</span>, </span></span><span style="display:flex;"><span> <span style="color:#0a3069">&#34;args&#34;</span>: <span style="color:#0550ae">[</span> </span></span><span style="display:flex;"><span> <span style="color:#0a3069">&#34;--kubeconfig=/path/to/your/kubeconfig&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#0550ae">]</span> </span></span><span style="display:flex;"><span> <span style="color:#0550ae">}</span> </span></span><span style="display:flex;"><span> <span style="color:#0550ae">}</span> </span></span><span style="display:flex;"><span><span style="color:#0550ae">}</span> </span></span></code></pre></div><h3 id="step-3-test-the-connection">Step 3: Test the Connection</h3> <ol> <li>Start your MCP client (e.g., Claude Desktop)</li> <li>Ask about your Kubernetes contexts:</li> </ol> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span>3. The assistant should be able to list your contexts using the `list_contexts` tool </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Step 4: Apply Your First Policy </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Try scanning your cluster with recommended policy sets for pod security, RBAC and Kubernetes best practices: </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span>Scan my cluster for policy violations </span></span></code></pre></div><p>The assistant will use the <code>apply_policies</code> tool to apply curated pod security policies.</p>Usagehttps://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/usage/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/usage/<h2 id="overview">Overview</h2> <p>Kyverno MCP serves two primary use cases that address different stages of the Kubernetes policy management lifecycle. Whether you&rsquo;re proactively assessing cluster security or monitoring existing policy deployments, these scenarios demonstrate how to leverage Kyverno MCP effectively.</p> <h2 id="scenario-1-proactive-assessment">Scenario 1: Proactive Assessment</h2> <p>In this scenario, Kyverno is not installed on your clusters. You can use the Kyverno MCP server to scan cluster resources with recommended or custom policy sets.</p> <h3 id="the-challenge">The Challenge</h3> <p><em>&ldquo;As a DevOps engineer, I want to scan my Kubernetes clusters for policy violations and assess their security posture without needing to install Kyverno or deploy policies to the cluster.&rdquo;</em></p>Installationhttps://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/installation/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/installation/<h2 id="installation-methods">Installation Methods</h2> <p>Kyverno MCP can be installed using several methods depending on your operating system and preferences.</p> <h3 id="prerequisites">Prerequisites</h3> <ul> <li>Go 1.24 or higher (only for building from source)</li> <li>Access to a Kubernetes cluster with a valid kubeconfig</li> <li>Kyverno installed in your cluster (for policy operations)</li> </ul> <h3 id="option-1-homebrew-recommended-for-macoslinux">Option 1: Homebrew (Recommended for macOS/Linux)</h3> <p>The easiest way to install Kyverno MCP on macOS or Linux:</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#57606a"># Add the Nirmata tap</span> </span></span><span style="display:flex;"><span>brew tap nirmata/tap </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a"># Install Kyverno MCP</span> </span></span><span style="display:flex;"><span>brew install kyverno-mcp </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a"># Verify installation</span> </span></span><span style="display:flex;"><span>kyverno-mcp --version </span></span></code></pre></div><h3 id="option-2-pre-built-binaries">Option 2: Pre-built Binaries</h3> <p>Download pre-built binaries for your platform:</p>Available Toolshttps://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/available-tools/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/available-tools/<h2 id="overview">Overview</h2> <p>Kyverno MCP provides several tools that AI assistants can use to interact with Kyverno and Kubernetes. Each tool is designed for specific operations and returns structured data.</p> <h2 id="context-management-tools">Context Management Tools</h2> <h3 id="list_contexts">list_contexts</h3> <p>Lists all available Kubernetes contexts from your kubeconfig.</p> <p><strong>Purpose</strong>: Discover available Kubernetes clusters/contexts</p> <p><strong>Example Request</strong>:</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span>List all my available Kubernetes contexts </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Example Response**: </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> &#34;contexts&#34;: [ </span></span><span style="display:flex;"><span> { </span></span><span style="display:flex;"><span> &#34;name&#34;: &#34;production-cluster&#34;, </span></span><span style="display:flex;"><span> &#34;cluster&#34;: &#34;prod-k8s&#34;, </span></span><span style="display:flex;"><span> &#34;user&#34;: &#34;admin@prod&#34; </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> { </span></span><span style="display:flex;"><span> &#34;name&#34;: &#34;staging-cluster&#34;, </span></span><span style="display:flex;"><span> &#34;cluster&#34;: &#34;staging-k8s&#34;, </span></span><span style="display:flex;"><span> &#34;user&#34;: &#34;admin@staging&#34; </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> ], </span></span><span style="display:flex;"><span> &#34;current&#34;: &#34;production-cluster&#34; </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### switch_context </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Switches to a different Kubernetes context. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Purpose**: Change the active Kubernetes cluster </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Parameters**: </span></span><span style="display:flex;"><span>- `context`: The name of the context to switch to </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Example Request**: </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span>Switch to the staging-cluster context </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Example Response**: </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> &#34;message&#34;: &#34;Switched to context: staging-cluster&#34;, </span></span><span style="display:flex;"><span> &#34;previous&#34;: &#34;production-cluster&#34;, </span></span><span style="display:flex;"><span> &#34;current&#34;: &#34;staging-cluster&#34; </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>## Policy Management Tools </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### apply_policies </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Applies Kyverno policies from various sources. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Purpose**: Deploy policies to enforce security and compliance </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Parameters**: </span></span><span style="display:flex;"><span>- `source`: The source of policies </span></span><span style="display:flex;"><span> - Curated sets: `pod-security`, `rbac-best-practices`, `kubernetes-best-practices`, `all` </span></span><span style="display:flex;"><span> - Git repository: `https://github.com/org/repo` </span></span><span style="display:flex;"><span> - Local path: `/path/to/policies` </span></span><span style="display:flex;"><span>- `namespace`: (Optional) Target namespace for policies </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Example Requests**: </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>1. Apply curated pod security policies: </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span>Apply pod security policies to my cluster </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>2. Apply policies from a Git repository: </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span>Apply policies from https://github.com/myorg/kyverno-policies </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>3. Apply all curated policies: </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span>Apply all best practice policies to the cluster </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Example Response**: </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> &#34;message&#34;: &#34;Successfully applied 15 policies&#34;, </span></span><span style="display:flex;"><span> &#34;policies&#34;: [ </span></span><span style="display:flex;"><span> &#34;disallow-privileged-containers&#34;, </span></span><span style="display:flex;"><span> &#34;require-run-as-non-root&#34;, </span></span><span style="display:flex;"><span> &#34;restrict-volume-types&#34; </span></span><span style="display:flex;"><span> ], </span></span><span style="display:flex;"><span> &#34;source&#34;: &#34;pod-security&#34; </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>## Monitoring Tools </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### show_violations </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Displays policy violations from PolicyReport and ClusterPolicyReport resources. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Purpose**: Monitor compliance and identify issues </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Parameters**: </span></span><span style="display:flex;"><span>- `namespace`: (Optional) Filter violations by namespace </span></span><span style="display:flex;"><span>- `severity`: (Optional) Filter by severity level </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Example Requests**: </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>1. Show all violations: </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span>Show me all policy violations in the cluster </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>2. Show violations in a specific namespace: </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span>Show policy violations in the production namespace </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Example Response**: </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> &#34;violations&#34;: [ </span></span><span style="display:flex;"><span> { </span></span><span style="display:flex;"><span> &#34;policy&#34;: &#34;disallow-privileged-containers&#34;, </span></span><span style="display:flex;"><span> &#34;resource&#34;: &#34;pod/webapp-xyz&#34;, </span></span><span style="display:flex;"><span> &#34;namespace&#34;: &#34;production&#34;, </span></span><span style="display:flex;"><span> &#34;severity&#34;: &#34;high&#34;, </span></span><span style="display:flex;"><span> &#34;message&#34;: &#34;Privileged containers are not allowed&#34;, </span></span><span style="display:flex;"><span> &#34;timestamp&#34;: &#34;2024-01-15T10:30:00Z&#34; </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> { </span></span><span style="display:flex;"><span> &#34;policy&#34;: &#34;require-resource-limits&#34;, </span></span><span style="display:flex;"><span> &#34;resource&#34;: &#34;deployment/backend&#34;, </span></span><span style="display:flex;"><span> &#34;namespace&#34;: &#34;staging&#34;, </span></span><span style="display:flex;"><span> &#34;severity&#34;: &#34;medium&#34;, </span></span><span style="display:flex;"><span> &#34;message&#34;: &#34;Container &#39;api&#39; does not have resource limits set&#34; </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> ], </span></span><span style="display:flex;"><span> &#34;summary&#34;: { </span></span><span style="display:flex;"><span> &#34;total&#34;: 2, </span></span><span style="display:flex;"><span> &#34;high&#34;: 1, </span></span><span style="display:flex;"><span> &#34;medium&#34;: 1, </span></span><span style="display:flex;"><span> &#34;low&#34;: 0 </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**What this tool provides**: </span></span><span style="display:flex;"><span>- Current violation snapshots from PolicyReport CRs </span></span><span style="display:flex;"><span>- Individual violation details (policy, resource, namespace, severity, message) </span></span><span style="display:flex;"><span>- Basic timestamps for when violations occurred </span></span><span style="display:flex;"><span>- Summary counts by severity level </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**What this tool does NOT provide**: </span></span><span style="display:flex;"><span>- Historical violation data or trends over time </span></span><span style="display:flex;"><span>- Policy set categorization (e.g., which violations belong to &#34;kubernetes-best-practices&#34;) </span></span><span style="display:flex;"><span>- Aggregation capabilities (e.g., violation counts by namespace) </span></span><span style="display:flex;"><span>- PolicyReport metadata (creation times, report metadata) </span></span><span style="display:flex;"><span>- Trend analysis or time-based patterns </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Note**: If Kyverno is not installed, this tool will provide installation instructions. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>## Documentation Tool </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### help </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Provides built-in documentation and guidance. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Purpose**: Access Kyverno documentation and troubleshooting help </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Parameters**: </span></span><span style="display:flex;"><span>- `topic`: The help topic </span></span><span style="display:flex;"><span> - `installation`: Kyverno installation guide </span></span><span style="display:flex;"><span> - `troubleshooting`: Common issues and solutions </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Example Requests**: </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>1. Get installation help: </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span>Show me how to install Kyverno </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>2. Get troubleshooting help: </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span>Help me troubleshoot Kyverno issues </span></span><span style="display:flex;"><span>```bash </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Example Response**: </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> &#34;topic&#34;: &#34;installation&#34;, </span></span><span style="display:flex;"><span> &#34;content&#34;: &#34;To install Kyverno using Helm:\n\n1. Add the Kyverno Helm repository:\n helm repo add kyverno https://kyverno.github.io/kyverno/\n\n2. Install Kyverno:\n helm install kyverno kyverno/kyverno -n kyverno --create-namespace\n\n...&#34; </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>## Tool Usage Best Practices </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### 1. Context Awareness </span></span><span style="display:flex;"><span>Always verify the current context before performing operations: </span></span></code></pre></div><p>What Kubernetes context am I currently using?</p>Configurationhttps://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/configuration/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/configuration/<h2 id="configuration-overview">Configuration Overview</h2> <p>Kyverno MCP can be configured through command-line flags and MCP client configuration files. This guide covers all configuration options and best practices.</p> <h2 id="command-line-options">Command Line Options</h2> <h3 id="basic-options">Basic Options</h3> <table> <thead> <tr> <th>Flag</th> <th>Description</th> <th>Default</th> <th>Example</th> </tr> </thead> <tbody> <tr> <td><code>--kubeconfig</code></td> <td>Path to kubeconfig file</td> <td><code>$KUBECONFIG</code> or <code>~/.kube/config</code></td> <td><code>--kubeconfig=/path/to/config</code></td> </tr> <tr> <td><code>--help</code></td> <td>Show help message</td> <td>-</td> <td><code>--help</code></td> </tr> <tr> <td><code>--version</code></td> <td>Show version information</td> <td>-</td> <td><code>--version</code></td> </tr> </tbody> </table> <h3 id="network-options">Network Options</h3> <table> <thead> <tr> <th>Flag</th> <th>Description</th> <th>Default</th> <th>Example</th> </tr> </thead> <tbody> <tr> <td><code>--http-addr</code></td> <td>HTTP(S) server bind address</td> <td>None (stdio mode)</td> <td><code>--http-addr=:8443</code></td> </tr> <tr> <td><code>--tls-cert</code></td> <td>TLS certificate file path</td> <td>None</td> <td><code>--tls-cert=/path/to/cert.pem</code></td> </tr> <tr> <td><code>--tls-key</code></td> <td>TLS private key file path</td> <td>None</td> <td><code>--tls-key=/path/to/key.pem</code></td> </tr> </tbody> </table> <h2 id="mcp-client-configuration">MCP Client Configuration</h2> <h3 id="claude-desktop">Claude Desktop</h3> <p>Location:</p>Troubleshootinghttps://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/troubleshooting/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/troubleshooting/<h2 id="common-issues">Common Issues</h2> <p>This guide covers common issues you might encounter when using Kyverno MCP and their solutions.</p> <h2 id="installation-issues">Installation Issues</h2> <h3 id="command-not-found">Command Not Found</h3> <p><strong>Problem</strong>: After installation, <code>kyverno-mcp</code> command is not found.</p> <p><strong>Solution</strong>:</p> <ol> <li>Check if the binary is in your PATH: <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#6639ba">echo</span> <span style="color:#953800">$PATH</span> </span></span></code></pre></div></li> <li>If using Homebrew, ensure it&rsquo;s properly linked: <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>brew link kyverno-mcp </span></span></code></pre></div></li> <li>For manual installation, add to PATH: <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#6639ba">export</span> <span style="color:#953800">PATH</span><span style="color:#0550ae">=</span><span style="color:#953800">$PATH</span>:/path/to/kyverno-mcp </span></span><span style="display:flex;"><span><span style="color:#6639ba">echo</span> <span style="color:#0a3069">&#39;export PATH=$PATH:/path/to/kyverno-mcp&#39;</span> &gt;&gt; ~/.bashrc </span></span></code></pre></div></li> </ol> <h3 id="permission-denied">Permission Denied</h3> <p><strong>Problem</strong>: Getting &ldquo;permission denied&rdquo; when trying to run kyverno-mcp.</p>