Kyverno · Capability

Kyverno Policy Reporter API

The Kyverno Policy Reporter REST API provides endpoints for querying PolicyReport and ClusterPolicyReport custom resources generated by Kyverno. It exposes policy results, status counts, and resource-level violation data, serving as the backend for the Policy Reporter UI. The API enables programmatic access to policy compliance status across namespaces and clusters.

Run with Naftiko KyvernoAPI

What You Can Do

GET
Gethealthz — Kyverno Health check
/healthz
GET
Listtargets — Kyverno List notification targets
/api/v1/targets
GET
Listnamespaces — Kyverno List namespaces with policy reports
/api/v1/namespaces
GET
Listsources — Kyverno List policy sources
/api/v1/sources
GET
Listpolicies — Kyverno List policies
/api/v1/policies
GET
Listrules — Kyverno List policy rules
/api/v1/rules
GET
Listcategories — Kyverno List policy categories
/api/v1/categories
GET
Listpolicyreports — Kyverno List namespaced policy reports
/api/v1/policy-reports
GET
Listclusterpolicyreports — Kyverno List cluster-scoped policy reports
/api/v1/cluster-policy-reports
GET
Listnamespacescopedresults — Kyverno List namespace-scoped policy results
/api/v1/namespace-scoped/results
GET
Listclusterscopedresults — Kyverno List cluster-scoped policy results
/api/v1/cluster-scoped/results
GET
Getnamespacescopedsummary — Kyverno Get namespace-scoped result summary
/api/v1/namespace-scoped/summary
GET
Getclusterscopedsummary — Kyverno Get cluster-scoped result summary
/api/v1/cluster-scoped/summary

MCP Tools

gethealthz

Kyverno Health check

read-only idempotent
listtargets

Kyverno List notification targets

read-only idempotent
listnamespaces

Kyverno List namespaces with policy reports

read-only idempotent
listsources

Kyverno List policy sources

read-only idempotent
listpolicies

Kyverno List policies

read-only idempotent
listrules

Kyverno List policy rules

read-only idempotent
listcategories

Kyverno List policy categories

read-only idempotent
listpolicyreports

Kyverno List namespaced policy reports

read-only idempotent
listclusterpolicyreports

Kyverno List cluster-scoped policy reports

read-only idempotent
listnamespacescopedresults

Kyverno List namespace-scoped policy results

read-only idempotent
listclusterscopedresults

Kyverno List cluster-scoped policy results

read-only idempotent
getnamespacescopedsummary

Kyverno Get namespace-scoped result summary

read-only idempotent
getclusterscopedsummary

Kyverno Get cluster-scoped result summary

read-only idempotent

Capability Spec

kyverno-capability.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Kyverno Policy Reporter API
  description: The Kyverno Policy Reporter REST API provides endpoints for querying PolicyReport and ClusterPolicyReport custom
    resources generated by Kyverno. It exposes policy results, status counts, and resource-level violation data, serving as
    the backend for the Policy Reporter UI. The API enables programmatic access to policy compliance status across namespaces
    and clusters.
  tags:
  - Kyverno
  - API
  created: '2026-05-06'
  modified: '2026-05-06'
capability:
  consumes:
  - type: http
    namespace: kyverno
    baseUri: http://localhost:8080
    description: Kyverno Policy Reporter API HTTP API.
    resources:
    - name: healthz
      path: /healthz
      operations:
      - name: gethealthz
        method: GET
        description: Kyverno Health check
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-targets
      path: /api/v1/targets
      operations:
      - name: listtargets
        method: GET
        description: Kyverno List notification targets
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-namespaces
      path: /api/v1/namespaces
      operations:
      - name: listnamespaces
        method: GET
        description: Kyverno List namespaces with policy reports
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-sources
      path: /api/v1/sources
      operations:
      - name: listsources
        method: GET
        description: Kyverno List policy sources
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-policies
      path: /api/v1/policies
      operations:
      - name: listpolicies
        method: GET
        description: Kyverno List policies
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-rules
      path: /api/v1/rules
      operations:
      - name: listrules
        method: GET
        description: Kyverno List policy rules
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-categories
      path: /api/v1/categories
      operations:
      - name: listcategories
        method: GET
        description: Kyverno List policy categories
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-policy-reports
      path: /api/v1/policy-reports
      operations:
      - name: listpolicyreports
        method: GET
        description: Kyverno List namespaced policy reports
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-cluster-policy-reports
      path: /api/v1/cluster-policy-reports
      operations:
      - name: listclusterpolicyreports
        method: GET
        description: Kyverno List cluster-scoped policy reports
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-namespace-scoped-results
      path: /api/v1/namespace-scoped/results
      operations:
      - name: listnamespacescopedresults
        method: GET
        description: Kyverno List namespace-scoped policy results
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-cluster-scoped-results
      path: /api/v1/cluster-scoped/results
      operations:
      - name: listclusterscopedresults
        method: GET
        description: Kyverno List cluster-scoped policy results
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-namespace-scoped-summary
      path: /api/v1/namespace-scoped/summary
      operations:
      - name: getnamespacescopedsummary
        method: GET
        description: Kyverno Get namespace-scoped result summary
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v1-cluster-scoped-summary
      path: /api/v1/cluster-scoped/summary
      operations:
      - name: getclusterscopedsummary
        method: GET
        description: Kyverno Get cluster-scoped result summary
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
  exposes:
  - type: rest
    port: 8080
    namespace: kyverno-rest
    description: REST adapter for Kyverno Policy Reporter API.
    resources:
    - path: /healthz
      name: gethealthz
      operations:
      - method: GET
        name: gethealthz
        description: Kyverno Health check
        call: kyverno.gethealthz
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v1/targets
      name: listtargets
      operations:
      - method: GET
        name: listtargets
        description: Kyverno List notification targets
        call: kyverno.listtargets
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v1/namespaces
      name: listnamespaces
      operations:
      - method: GET
        name: listnamespaces
        description: Kyverno List namespaces with policy reports
        call: kyverno.listnamespaces
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v1/sources
      name: listsources
      operations:
      - method: GET
        name: listsources
        description: Kyverno List policy sources
        call: kyverno.listsources
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v1/policies
      name: listpolicies
      operations:
      - method: GET
        name: listpolicies
        description: Kyverno List policies
        call: kyverno.listpolicies
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v1/rules
      name: listrules
      operations:
      - method: GET
        name: listrules
        description: Kyverno List policy rules
        call: kyverno.listrules
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v1/categories
      name: listcategories
      operations:
      - method: GET
        name: listcategories
        description: Kyverno List policy categories
        call: kyverno.listcategories
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v1/policy-reports
      name: listpolicyreports
      operations:
      - method: GET
        name: listpolicyreports
        description: Kyverno List namespaced policy reports
        call: kyverno.listpolicyreports
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v1/cluster-policy-reports
      name: listclusterpolicyreports
      operations:
      - method: GET
        name: listclusterpolicyreports
        description: Kyverno List cluster-scoped policy reports
        call: kyverno.listclusterpolicyreports
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v1/namespace-scoped/results
      name: listnamespacescopedresults
      operations:
      - method: GET
        name: listnamespacescopedresults
        description: Kyverno List namespace-scoped policy results
        call: kyverno.listnamespacescopedresults
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v1/cluster-scoped/results
      name: listclusterscopedresults
      operations:
      - method: GET
        name: listclusterscopedresults
        description: Kyverno List cluster-scoped policy results
        call: kyverno.listclusterscopedresults
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v1/namespace-scoped/summary
      name: getnamespacescopedsummary
      operations:
      - method: GET
        name: getnamespacescopedsummary
        description: Kyverno Get namespace-scoped result summary
        call: kyverno.getnamespacescopedsummary
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v1/cluster-scoped/summary
      name: getclusterscopedsummary
      operations:
      - method: GET
        name: getclusterscopedsummary
        description: Kyverno Get cluster-scoped result summary
        call: kyverno.getclusterscopedsummary
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    port: 9090
    namespace: kyverno-mcp
    transport: http
    description: MCP adapter for Kyverno Policy Reporter API for AI agent use.
    tools:
    - name: gethealthz
      description: Kyverno Health check
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: kyverno.gethealthz
      outputParameters:
      - type: object
        mapping: $.
    - name: listtargets
      description: Kyverno List notification targets
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: kyverno.listtargets
      outputParameters:
      - type: object
        mapping: $.
    - name: listnamespaces
      description: Kyverno List namespaces with policy reports
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: kyverno.listnamespaces
      outputParameters:
      - type: object
        mapping: $.
    - name: listsources
      description: Kyverno List policy sources
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: kyverno.listsources
      outputParameters:
      - type: object
        mapping: $.
    - name: listpolicies
      description: Kyverno List policies
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: kyverno.listpolicies
      outputParameters:
      - type: object
        mapping: $.
    - name: listrules
      description: Kyverno List policy rules
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: kyverno.listrules
      outputParameters:
      - type: object
        mapping: $.
    - name: listcategories
      description: Kyverno List policy categories
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: kyverno.listcategories
      outputParameters:
      - type: object
        mapping: $.
    - name: listpolicyreports
      description: Kyverno List namespaced policy reports
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: kyverno.listpolicyreports
      outputParameters:
      - type: object
        mapping: $.
    - name: listclusterpolicyreports
      description: Kyverno List cluster-scoped policy reports
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: kyverno.listclusterpolicyreports
      outputParameters:
      - type: object
        mapping: $.
    - name: listnamespacescopedresults
      description: Kyverno List namespace-scoped policy results
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: kyverno.listnamespacescopedresults
      outputParameters:
      - type: object
        mapping: $.
    - name: listclusterscopedresults
      description: Kyverno List cluster-scoped policy results
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: kyverno.listclusterscopedresults
      outputParameters:
      - type: object
        mapping: $.
    - name: getnamespacescopedsummary
      description: Kyverno Get namespace-scoped result summary
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: kyverno.getnamespacescopedsummary
      outputParameters:
      - type: object
        mapping: $.
    - name: getclusterscopedsummary
      description: Kyverno Get cluster-scoped result summary
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: kyverno.getclusterscopedsummary
      outputParameters:
      - type: object
        mapping: $.