Available Tools
Overview
Kyverno MCP provides several tools that AI assistants can use to interact with Kyverno and Kubernetes. Each tool is designed for specific operations and returns structured data.
Context Management Tools
list_contexts
Lists all available Kubernetes contexts from your kubeconfig.
Purpose: Discover available Kubernetes clusters/contexts
Example Request:
List all my available Kubernetes contexts
Example Response:
{
"contexts": [
{
"name": "production-cluster",
"cluster": "prod-k8s",
"user": "admin@prod"
},
{
"name": "staging-cluster",
"cluster": "staging-k8s",
"user": "admin@staging"
}
],
"current": "production-cluster"
}
switch_context
Switches to a different Kubernetes context.
Purpose: Change the active Kubernetes cluster
Parameters:
context
: The name of the context to switch to
Example Request:
Switch to the staging-cluster context
Example Response:
{
"message": "Switched to context: staging-cluster",
"previous": "production-cluster",
"current": "staging-cluster"
}
Policy Management Tools
apply_policies
Applies Kyverno policies from various sources.
Purpose: Deploy policies to enforce security and compliance
Parameters:
source
: The source of policies- Curated sets:
pod-security
,rbac-best-practices
,kubernetes-best-practices
,all
- Git repository:
https://github.com/org/repo
- Local path:
/path/to/policies
- Curated sets:
namespace
: (Optional) Target namespace for policies
Example Requests:
- Apply curated pod security policies:
Apply pod security policies to my cluster
- Apply policies from a Git repository:
Apply policies from https://github.com/myorg/kyverno-policies
- Apply all curated policies:
Apply all best practice policies to the cluster
Example Response:
{
"message": "Successfully applied 15 policies",
"policies": [
"disallow-privileged-containers",
"require-run-as-non-root",
"restrict-volume-types"
],
"source": "pod-security"
}
Monitoring Tools
show_violations
Displays policy violations from PolicyReport and ClusterPolicyReport resources.
Purpose: Monitor compliance and identify issues
Parameters:
namespace
: (Optional) Filter violations by namespaceseverity
: (Optional) Filter by severity level
Example Requests:
- Show all violations:
Show me all policy violations in the cluster
- Show violations in a specific namespace:
Show policy violations in the production namespace
Example Response:
{
"violations": [
{
"policy": "disallow-privileged-containers",
"resource": "pod/webapp-xyz",
"namespace": "production",
"severity": "high",
"message": "Privileged containers are not allowed",
"timestamp": "2024-01-15T10:30:00Z"
},
{
"policy": "require-resource-limits",
"resource": "deployment/backend",
"namespace": "staging",
"severity": "medium",
"message": "Container 'api' does not have resource limits set"
}
],
"summary": {
"total": 2,
"high": 1,
"medium": 1,
"low": 0
}
}
What this tool provides:
- Current violation snapshots from PolicyReport CRs
- Individual violation details (policy, resource, namespace, severity, message)
- Basic timestamps for when violations occurred
- Summary counts by severity level
What this tool does NOT provide:
- Historical violation data or trends over time
- Policy set categorization (e.g., which violations belong to “kubernetes-best-practices”)
- Aggregation capabilities (e.g., violation counts by namespace)
- PolicyReport metadata (creation times, report metadata)
- Trend analysis or time-based patterns
Note: If Kyverno is not installed, this tool will provide installation instructions.
Documentation Tool
help
Provides built-in documentation and guidance.
Purpose: Access Kyverno documentation and troubleshooting help
Parameters:
topic
: The help topicinstallation
: Kyverno installation guidetroubleshooting
: Common issues and solutions
Example Requests:
- Get installation help:
Show me how to install Kyverno
- Get troubleshooting help:
Help me troubleshoot Kyverno issues
Example Response:
{
"topic": "installation",
"content": "To install Kyverno using Helm:\n\n1. Add the Kyverno Helm repository:\n helm repo add kyverno https://kyverno.github.io/kyverno/\n\n2. Install Kyverno:\n helm install kyverno kyverno/kyverno -n kyverno --create-namespace\n\n..."
}
Tool Usage Best Practices
1. Context Awareness
Always verify the current context before performing operations:
What Kubernetes context am I currently using?
2. Check Before Apply
Review violations before applying new policies:
First show me current violations, then apply pod security policies
3. Gradual Policy Adoption
Start with specific policy sets before applying all:
Apply rbac-best-practices first, then we'll add more policies
4. Test Policy Impact
Test policies to understand their impact on existing resources:
Apply pod security policies and show me what violations occur
Error Handling
All tools include comprehensive error handling:
- Missing Kyverno: Installation instructions are provided
- Invalid Context: List of valid contexts is shown
- Policy Conflicts: Detailed conflict information is returned
- Network Issues: Clear error messages with retry suggestions
Integration Examples
Complete Security Audit
1. List my Kubernetes contexts
2. Switch to production-cluster
3. Show me all policy violations
4. Apply pod security policies
5. Show me the updated violations
Multi-Cluster Management
For each of my clusters:
1. Switch to the cluster context
2. Check for policy violations
3. Apply rbac-best-practices if needed
Next Steps
- Learn about Configuration Options
- Check out Troubleshooting Guide