37 tools from the Kubernetes MCP Server, categorised by risk level.
View the Kubernetes policy →configuration_contexts_list List all available context names and associated server urls from the kubeconfig file configuration_view Get the current Kubernetes configuration content as a kubeconfig YAML events_list List Kubernetes events (warnings, errors, state changes) for debugging and troubleshooting in the current cluster from all namespaces helm_list List all the Helm releases in the current or provided namespace (or in all namespaces if specified) kcp_workspace_describe Get detailed information about a specific kcp workspace kcp_workspaces_list List all available kcp workspaces in the current cluster kiali_get_metrics Gets lists or detailed info for Kubernetes resources (services, workloads) within the mesh kiali_get_resource_details Gets lists or detailed info for Kubernetes resources (services, workloads) within the mesh kiali_get_traces Gets traces for a specific resource (app, service, workload) in a namespace, or gets detailed information for a specific trace by its ID. If traceI... kiali_mesh_graph Returns the topology of a specific namespaces, health, status of the mesh and namespaces. Includes a mesh health summary overview with aggregated c... kiali_workload_logs Get logs for a specific workload's pods in a namespace. Only requires namespace and workload name - automatically discovers pods and containers. Op... namespaces_list List all the Kubernetes namespaces in the current cluster nodes_log Get logs from a Kubernetes node (kubelet, kube-proxy, or other system logs). This accesses node logs through the Kubernetes API proxy to the kubelet nodes_stats_summary Get detailed resource usage statistics from a Kubernetes node via the kubelet's Summary API. Provides comprehensive metrics including CPU, memory, ... nodes_top List the resource consumption (CPU and memory) as recorded by the Kubernetes Metrics Server for the specified Kubernetes Nodes or all nodes in the ... pods_get Get a Kubernetes Pod in the current or provided namespace with the provided name pods_list List all the Kubernetes pods in the current cluster from all namespaces pods_list_in_namespace List all the Kubernetes pods in the specified namespace in the current cluster pods_log Get the logs of a Kubernetes Pod in the current or provided namespace with the provided name pods_top List the resource consumption (CPU and memory) as recorded by the Kubernetes Metrics Server for the specified Kubernetes Pods in the all namespaces... projects_list List all the OpenShift projects in the current cluster resources_get Get a Kubernetes resource in the current cluster by providing its apiVersion, kind, optionally the namespace, and its name resources_list List Kubernetes resources and objects in the current cluster by providing their apiVersion and kind and optionally the namespace and label selector targets_list List all available targets vm_clone Clone a KubeVirt VirtualMachine by creating a VirtualMachineClone resource. This creates a copy of the source VM with a new name using the KubeVirt... helm_install Install (deploy) a Helm chart to create a release in the current or provided namespace 2/5 kiali_manage_istio_config Creates, patches, or deletes Istio configuration objects (Gateways, VirtualServices, etc.) 2/5 kiali_manage_istio_config_read Lists or gets Istio configuration objects (Gateways, VirtualServices, etc.) 2/5 resources_create_or_update Create or update a Kubernetes resource in the current cluster by providing a YAML or JSON representation of the resource 2/5 vm_create Create a VirtualMachine in the cluster with the specified configuration, automatically resolving instance types, preferences, and container disk im... 2/5 helm_uninstall Uninstall a Helm release in the current or provided namespace 4/5 pods_delete Delete a Kubernetes Pod in the current or provided namespace with the provided name 4/5 resources_delete Delete a Kubernetes resource in the current cluster by providing its apiVersion, kind, optionally the namespace, and its name 4/5 pods_exec Execute a command in a Kubernetes Pod (shell access, run commands in container) in the current or provided namespace with the provided name and com... 3/5 pods_run Run a Kubernetes Pod in the current or provided namespace with the provided container image and optional name 3/5 resources_scale Get or update the scale of a Kubernetes resource in the current cluster by providing its apiVersion, kind, name, and optionally the namespace. If t... 3/5 vm_lifecycle Manage VirtualMachine lifecycle: start, stop, or restart a VM 3/5 The Kubernetes MCP server exposes 37 tools across 4 categories: Read, Write, Destructive, Execute.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the Kubernetes server.
Kubernetes tools are categorised as Read (25), Write (5), Destructive (3), Execute (4). Each category has a recommended default policy.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept