Cluster-aware AI agents inside an air-gap
Self-hosted Starling MCP inside a fully isolated K8s environment. Claude Desktop running on jumphost workstations, scoped read-only access to cluster state. Zero outbound traffic from the workload network.
Replaced an internal tooling project that had been in flight for 18 months.
A defense contractor wanted agentic Kubernetes operations but the cluster network had no outbound internet access. Hosted SaaS was a non-starter; a daemon that phoned home was a non-starter; anything that touched the kubeconfig outside the perimeter was a non-starter.
Self-hosted Starling MCP via the published Helm chart fit cleanly. The MCP endpoint is reachable only from the workload network. Engineers run Claude Desktop on jumphost workstations, point it at the in-cluster endpoint, and ask the cluster questions in plain English. Audit ledger writes to the contractor's own BigQuery dataset, never ours.
Three weeks from chart-install to production use. Least-privilege RBAC was the default; the only override was to allow `kubectl rollout restart` on a specific deployment, gated by a webhook approval.
It's the first AI tool that survived our security review on the first pass.
Could this be your team?
Every engagement starts with a 30-minute scoping call. We'll walk through the data shape, blast-radius constraints, and which tier of advisory or product fits.