Why Kubernetes Security Needed a Bridge
Kubernetes security is powerful—but notoriously complex. At Nirmata, we saw teams struggling to implement proper security governance because doing so requires deep expertise in Kubernetes internals and policy management.
That expertise gap introduces real risk. So, we asked a simple question:
How do we preserve Kyverno’s precision while making it accessible to non-experts?
The answer wasn’t simplifying Kyverno itself—it was transforming how people interact with it.
Why We Built an MCP Server
The Model Context Protocol (MCP) changed the game. MCP provides a standardized way for AI assistants to interact with systems like Kubernetes and Kyverno.
By building a Kyverno MCP Server, we created one interface that works with any AI assistant that speaks MCP—whether that’s ChatGPT, Claude, or a custom-built internal assistant.
This means anyone can query their cluster through natural language, asking questions such as:
-
“Does my cluster follow pod security standards?”
-
“Show me RBAC violations in production.”
-
“Which policies am I failing, and why?”
The MCP server translates those plain-language questions into Kyverno operations, runs the evaluations, and returns the results conversationally—bridging the gap between human understanding and machine precision.
How the Nirmata MCP Server Works
We exposed five key capabilities through the MCP interface:
-
Cluster Discovery – View available Kubernetes environments
-
Context Switching – Seamlessly move between clusters in one conversation
-
Policy Application – Scan resources against policies for compliance insights
-
Violation Reporting – Identify issues and explain why they matter
-
Interactive Help – Guide users on what’s possible through MCP
Each capability is implemented as a modular Go component, designed for extensibility as Kyverno and Kubernetes evolve.
The data flow is straightforward but powerful:
-
The AI assistant sends a question through MCP
-
The server translates it into precise Kyverno operations
-
Kyverno evaluates the cluster
-
Results return enriched with context and explanations
This cycle allows natural, ongoing dialogue—turning traditional command-line operations into conversational experiences.
Embedded Policies for Instant Security
To ensure quick value, we embedded three curated policy sets directly into the MCP Server binary:
-
Pod Security Standards
-
RBAC Best Practices
-
General Kubernetes Operational Security
These built-in policies provide strong baselines out of the box, while still allowing customization or user-supplied policies. Teams can begin secure operations immediately—without hunting down YAML files or configuration docs.
Overcoming Key Technical Challenges
Multi-Transport Flexibility
Supporting multiple transport mechanisms (STDIO, HTTP/S, and Server-Sent Events) ensures the MCP Server fits naturally into diverse workflows—from local CLI use to enterprise cloud deployments.
Namespace Filtering
In enterprise-scale clusters, precision matters. Our namespace filtering logic allows scanning only relevant namespaces—critical for performance and compliance reporting at scale.
User-Centric Error Handling
Instead of cryptic errors, the MCP Server provides guided remediation. For example, if Kyverno isn’t installed, users receive clear instructions on how to fix it—dramatically improving usability.
Real-World Use Cases
Early adopters are using the MCP Server across multiple domains:
-
DevSecOps Pipelines – Integrating automated security checks into CI/CD
-
Compliance Auditing – Generating policy reports and tracking remediation
-
Education & Training – Teaching Kubernetes security through real cluster queries
-
Incident Response – Conversationally assessing cluster posture during production events
Teams report that conversational queries save time, reduce errors, and simplify decision-making during critical operations.
Performance and Security Built-In
Performance
Embedded policies and optimized file management deliver fast scan responses—even in large, multi-namespace clusters. Testing confirmed responsiveness remains strong for most real-world workloads.
Security
Every operation respects namespace boundaries and RBAC permissions. The MCP interface does not bypass existing controls, ensuring the same security posture you’d expect from direct Kyverno use.
As the MCP ecosystem evolves, Nirmata continues to refine access control and operational safeguards.
The Bigger Picture: AI Meets Cloud-Native Governance
The Nirmata MCP Server isn’t just about usability—it represents a step toward AI-orchestrated infrastructure management.
As more tools adopt MCP, AI assistants will be able to:
-
Audit policies via Kyverno
-
Correlate monitoring and deployment data
-
Generate unified, cross-system security insights
This creates a future where AI assistants orchestrate governance across entire cloud-native environments—securely and transparently.
By adopting MCP, Nirmata’s implementation is AI-agnostic, compatible with any assistant that follows the protocol—ensuring long-term interoperability.
Getting Started
Deploying the Nirmata MCP Server is simple:
-
Run locally with one command for testing.
-
Deploy in production with HTTPS and your kubeconfig file.
-
Connect any MCP-compatible AI assistant.
The CLI supports:
-
Custom kubeconfig selection
-
Transport configuration (STDIO, HTTP, SSE)
-
TLS certificate setup
-
Namespace filtering
Our open-source documentation guides users through setup, configuration, and integration workflows.
What We Learned
This project reaffirmed a core belief:
The future of infrastructure management isn’t about simplifying systems—it’s about making complexity navigable through better interfaces.
Conversational interfaces like MCP change how engineers interact with tools. They expose new usability challenges, but also bring clarity, standardization, and scalability to policy-driven governance.
By open-sourcing the Nirmata MCP Server for Kyverno, we’re inviting contributors to help build this future—where AI-driven interfaces make Kubernetes security accessible to everyone.
