Available Tools

Complete reference for all Kyverno MCP tools

Overview

Kyverno MCP provides several tools that AI assistants can use to interact with Kyverno and Kubernetes. Each tool is designed for specific operations and returns structured data.

Context Management Tools

list_contexts

Lists all available Kubernetes contexts from your kubeconfig.

Purpose: Discover available Kubernetes clusters/contexts

Example Request:

List all my available Kubernetes contexts

Example Response:

{
  "contexts": [
    {
      "name": "production-cluster",
      "cluster": "prod-k8s",
      "user": "admin@prod"
    },
    {
      "name": "staging-cluster",
      "cluster": "staging-k8s",
      "user": "admin@staging"
    }
  ],
  "current": "production-cluster"
}

switch_context

Switches to a different Kubernetes context.

Purpose: Change the active Kubernetes cluster

Parameters:

  • context: The name of the context to switch to

Example Request:

Switch to the staging-cluster context

Example Response:

{
  "message": "Switched to context: staging-cluster",
  "previous": "production-cluster",
  "current": "staging-cluster"
}

Policy Management Tools

apply_policies

Applies Kyverno policies from various sources.

Purpose: Deploy policies to enforce security and compliance

Parameters:

  • source: The source of policies
    • Curated sets: pod-security, rbac-best-practices, kubernetes-best-practices, all
    • Git repository: https://github.com/org/repo
    • Local path: /path/to/policies
  • namespace: (Optional) Target namespace for policies

Example Requests:

  1. Apply curated pod security policies:
Apply pod security policies to my cluster
  1. Apply policies from a Git repository:
Apply policies from https://github.com/myorg/kyverno-policies
  1. Apply all curated policies:
Apply all best practice policies to the cluster

Example Response:

{
  "message": "Successfully applied 15 policies",
  "policies": [
    "disallow-privileged-containers",
    "require-run-as-non-root",
    "restrict-volume-types"
  ],
  "source": "pod-security"
}

Monitoring Tools

show_violations

Displays policy violations from PolicyReport and ClusterPolicyReport resources.

Purpose: Monitor compliance and identify issues

Parameters:

  • namespace: (Optional) Filter violations by namespace
  • severity: (Optional) Filter by severity level

Example Requests:

  1. Show all violations:
Show me all policy violations in the cluster
  1. Show violations in a specific namespace:
Show policy violations in the production namespace

Example Response:

{
  "violations": [
    {
      "policy": "disallow-privileged-containers",
      "resource": "pod/webapp-xyz",
      "namespace": "production",
      "severity": "high",
      "message": "Privileged containers are not allowed",
      "timestamp": "2024-01-15T10:30:00Z"
    },
    {
      "policy": "require-resource-limits",
      "resource": "deployment/backend",
      "namespace": "staging",
      "severity": "medium",
      "message": "Container 'api' does not have resource limits set"
    }
  ],
  "summary": {
    "total": 2,
    "high": 1,
    "medium": 1,
    "low": 0
  }
}

What this tool provides:

  • Current violation snapshots from PolicyReport CRs
  • Individual violation details (policy, resource, namespace, severity, message)
  • Basic timestamps for when violations occurred
  • Summary counts by severity level

What this tool does NOT provide:

  • Historical violation data or trends over time
  • Policy set categorization (e.g., which violations belong to “kubernetes-best-practices”)
  • Aggregation capabilities (e.g., violation counts by namespace)
  • PolicyReport metadata (creation times, report metadata)
  • Trend analysis or time-based patterns

Note: If Kyverno is not installed, this tool will provide installation instructions.

Documentation Tool

help

Provides built-in documentation and guidance.

Purpose: Access Kyverno documentation and troubleshooting help

Parameters:

  • topic: The help topic
    • installation: Kyverno installation guide
    • troubleshooting: Common issues and solutions

Example Requests:

  1. Get installation help:
Show me how to install Kyverno
  1. Get troubleshooting help:
Help me troubleshoot Kyverno issues

Example Response:

{
  "topic": "installation",
  "content": "To install Kyverno using Helm:\n\n1. Add the Kyverno Helm repository:\n   helm repo add kyverno https://kyverno.github.io/kyverno/\n\n2. Install Kyverno:\n   helm install kyverno kyverno/kyverno -n kyverno --create-namespace\n\n..."
}

Tool Usage Best Practices

1. Context Awareness

Always verify the current context before performing operations:

What Kubernetes context am I currently using?

2. Check Before Apply

Review violations before applying new policies:

First show me current violations, then apply pod security policies

3. Gradual Policy Adoption

Start with specific policy sets before applying all:

Apply rbac-best-practices first, then we'll add more policies

4. Test Policy Impact

Test policies to understand their impact on existing resources:

Apply pod security policies and show me what violations occur

Error Handling

All tools include comprehensive error handling:

  • Missing Kyverno: Installation instructions are provided
  • Invalid Context: List of valid contexts is shown
  • Policy Conflicts: Detailed conflict information is returned
  • Network Issues: Clear error messages with retry suggestions

Integration Examples

Complete Security Audit

1. List my Kubernetes contexts
2. Switch to production-cluster
3. Show me all policy violations
4. Apply pod security policies
5. Show me the updated violations

Multi-Cluster Management

For each of my clusters:
1. Switch to the cluster context
2. Check for policy violations
3. Apply rbac-best-practices if needed

Next Steps