kyverno
Overview
The kyverno MCP server is a Model Context Protocol (MCP) server that enables AI assistants and agents to interact directly with Kyverno, the Kubernetes-native policy engine. It allows AI-driven workflows to inspect policies, validate resources, analyze policy outcomes, and reason about compliance — bringing Kubernetes governance and policy context directly into AI-assisted operations.
This server is especially useful for platform engineering, security, and compliance workflows where understanding why resources are allowed, blocked, or mutated is critical.
Transport
stdio
Tools
Key Capabilities
- Policy visibility — Explore Kyverno policies, rules, and configurations programmatically.
- Compliance analysis — Inspect validation results and policy outcomes for Kubernetes resources.
- Security and governance insight — Understand enforcement, audit, and mutation behavior across clusters.
- Troubleshooting support — Help AI assistants explain why a resource was denied, mutated, or flagged.
- Platform decision support — Enable policy-aware recommendations during deployment or review workflows.
How It Works
The kyverno MCP server runs as a local or in-cluster MCP service and connects to Kyverno through the Kubernetes API and Kyverno’s policy reporting mechanisms. AI clients communicate with the server over the MCP protocol to request policy and compliance context as part of broader reasoning workflows.
The server mediates access to Kyverno’s policy data, handling authentication, scoping, and response normalization before returning structured results that AI assistants can reason over. All access respects Kubernetes RBAC and namespace boundaries, ensuring policy insights align with existing permissions.
By exposing Kyverno through MCP, the server enables AI-driven workflows such as policy explanation, compliance checks, and governance-aware troubleshooting — helping teams reason about Kubernetes policy behavior conversationally and safely within a single AI environment.