☁️ Cloud & DevOps

Kubernetes Policy Management: GitOps, Kyverno, and AI

📅 April 2, 2026

Marcus Cole

Cloud & DevOps Lead

Platform engineer who's been through every infrastructure era — bare metal, VMs, containers, serverless. Has strong opinions about YAML files and even stronger opinions about over-engineering.

GitOps governanceArgo CD policiesAWS DevOps agentsKubernetes admission controllersKyverno audit mode

We have all been there. It is 3 AM, your pager is screaming, and you are staring at a terminal trying to understand why production just went dark. You check the logs, and there it is: someone merged a pull request that deployed a pod with requests: memory: 64Gi instead of 64Mi. The node choked, the scheduler panicked, and your system cascaded into failure.

We built GitOps pipelines to stop manual errors. We adopted Argo CD so our infrastructure would be declarative and self-healing. But here is the hard truth about automation: if you do not define what is allowed, automation just becomes a highly efficient engine for deploying mistakes.

Today, the CNCF highlighted the integration of Kyverno with Argo CD for GitOps policy-as-code. On the exact same day, AWS announced the general availability of new AI agents designed to automate DevOps tasks and penetration testing.

The industry is telling you to go faster. They want you to use AI to write your manifests and agents to deploy them. But as a pragmatist, I am telling you to check your brakes before you upgrade your engine.

Let's talk about Kubernetes policy management, why tools like Kyverno are not optional anymore, and how to survive the incoming wave of automated DevOps agents without losing your weekends.

The Reality Check: Paving the Cow Paths

Look at your current CI/CD pipeline. If you are using Argo CD, your cluster state lives in Git. This is a massive improvement over running kubectl apply from a laptop. But GitOps only ensures that what is in Git matches what is in the cluster. It does not care if what is in Git is actually a good idea.

Argo CD will happily sync a Deployment that runs as the root user. It will gladly deploy a LoadBalancer that exposes your internal database to the public internet.

Now, add the recent AWS announcement into the mix. AWS is providing AI agents to "manage DevOps workflows." Other platforms are doing the same. We are moving from humans writing bad YAML to machines generating and applying YAML at machine speed. If your cluster lacks foundational guardrails, these new tools will simply pave the cow paths, automating bad practices and misconfigurations at a scale we have never seen.

The Core Problem: Speed Without Brakes

The bottleneck in modern infrastructure is no longer deployment velocity. The bottleneck is validation and governance.

Think of a shipping harbor. Argo CD is the massive automated crane moving shipping containers from the trucks (Git) onto the cargo ships (Kubernetes). It is incredibly efficient. But without customs inspectors checking the manifests, that crane will happily load contraband, hazardous materials, or overweight containers that will eventually sink the ship.

Kyverno is the customs inspector.

When you introduce AI agents into this ecosystem, you are essentially adding a fleet of automated, self-driving trucks delivering containers to the port. If you do not have a customs inspector (policy engine) in place before those trucks arrive, you have lost control of your harbor.

Under the Hood: Admission Controllers

Before we look at how to fix this, we need to understand how Kubernetes actually handles resource creation. There is no magic here. It is just an API server processing HTTP requests.

When Argo CD (or an AWS AI Agent, or a human) submits a resource to Kubernetes, it goes through a specific pipeline inside the kube-apiserver.

Think of the API server like a restaurant kitchen order system.

1. Authentication/Authorization: The waiter checks if you are actually a customer and if you are allowed to order from the VIP menu (RBAC).
2. Mutating Admission: The sous-chef looks at your order and automatically adds side dishes that come with the meal, even if you didn't explicitly ask for them (e.g., Kyverno injecting default resource limits or labels).
3. Validating Admission: The head chef looks at the final ticket. If you ordered a raw chicken sandwich, the chef rejects the ticket because it violates the restaurant's health and safety policies. This is where Kyverno's Validate rules live.

Kyverno hooks into this exact mechanism. It does not care if the request came from a senior engineer, an Argo CD sync loop, or a shiny new AWS AI agent. If the payload violates the policy, the API server rejects it before it ever reaches etcd.

The Pragmatic Solution: Guardrails Before Engines

So, how do we actually implement this without breaking our existing workflows? The worst thing you can do is install a policy engine and immediately set it to block resources. You will break production, your developers will hate you, and the tool will be uninstalled by Friday.

Here is the pragmatic approach to Kubernetes policy management.

1. Start in Audit Mode

Kyverno policies have two modes: Audit and Enforce. Always start in Audit mode.

In Audit mode, when a bad resource is submitted, Kyverno allows it to pass but generates a PolicyReport. This is critical. You need to know how broken your current baseline is before you start enforcing rules. If you turn on Enforce for "require resource limits" today, I guarantee half of your next deployments will fail.

Let the system run in Audit mode for two weeks. Review the reports. Fix the underlying Helm charts and Git repositories. Only when the audit reports are clean do you flip the switch to Enforce.

2. Manage Policies via GitOps

If you are using Argo CD for your workloads, use it for your policies too. Kyverno policies are just native Kubernetes Custom Resource Definitions (CRDs).

By keeping your policies in Git, you create a transparent, auditable trail of your security posture. When a developer asks, "Why did my deployment fail?", you can point them directly to the policy in the Git repository. The CNCF article accurately highlights that this creates a self-documenting security perimeter.

3. Treat AI Agents as Junior Developers

When evaluating tools like the new AWS DevOps agents, strip away the marketing. Underneath the AI branding, an agent is just a script executing API calls using an IAM role.

Do not give these agents cluster-admin privileges. Treat them exactly as you would a newly hired junior engineer. Give them tightly scoped RBAC permissions, and let Kyverno act as their senior reviewer. If the AI agent hallucinates and tries to deploy a pod with privileged host access, Kyverno will silently reject the request, saving you from a potential security breach.

Comparing the Clients

To understand why policies are the great equalizer, look at how different "clients" interact with your cluster:

Client Type	Speed of Execution	Auditability	Risk of Misconfiguration	Mitigation Strategy
Human Operator (`kubectl`)	Slow	Poor (unless strictly logging)	High (typos, fatigue)	Revoke direct cluster access.
GitOps (Argo CD)	Fast	Excellent (Git history)	Medium (propagates bad code)	Kyverno Validating Webhooks.
AI Agent (AWS, etc.)	Instantaneous	Varies by vendor	High (hallucinations, logic errors)	Strict RBAC + Kyverno Enforce mode.

Notice that regardless of the client, the mitigation strategy always points back to cluster-level enforcement. You cannot rely on the client to police itself.

What You Should Do Next

Technology is just a tool for solving problems, and right now, the problem is complexity outpacing human review. Do not get distracted by the shiny new AI agents until your foundation is solid.

1. Deploy Kyverno today, but do nothing else. Install the baseline Pod Security Standards (PSS) policies from the official Helm chart, and set them strictly to Audit mode.
2. Review the Policy Reports. Look at the generated reports in your cluster. You will likely be surprised by how many deployments are running without proper security contexts or resource limits.
3. Fix the source. Go back to your Git repositories and update your manifests to comply with the policies.
4. Flip the switch. Once a namespace is clean, change the policy from Audit to Enforce.

Only after you have built these guardrails should you consider letting an AI agent loose in your environments.

There is no perfect system. There are only recoverable systems.

FAQ

Why use Kyverno instead of OPA Gatekeeper?

Both are excellent tools. Pragmatically, Kyverno is often easier for operators because policies are written in native Kubernetes YAML rather than Rego (a specialized language used by OPA). If your team already knows Kubernetes manifests, the learning curve for Kyverno is practically zero. The best code is code you don't write, and the best policy language is the one you already know.

Will Kyverno slow down my Argo CD syncs?

Technically, yes, by a few milliseconds. Kyverno operates as an admission webhook, meaning the API server must wait for Kyverno's response before persisting the object to etcd. However, in a healthy cluster, this latency is negligible and entirely worth the trade-off for the security guarantees it provides.

How do I handle emergency fixes if Kyverno blocks my deployment?

In a true "break-glass" emergency, you should have a dedicated emergency ServiceAccount that is explicitly excluded from Kyverno policies via the exclude block in the policy definition. This ensures that a cluster administrator can bypass policies to restore service, while still maintaining an audit trail of who used the emergency account.

Should AI agents be allowed to write Kyverno policies?

AI agents can assist in drafting the YAML for policies, but they should never be allowed to apply policies directly to the cluster without human review. Policies are the ultimate guardrails of your system; allowing an automated agent to redefine its own guardrails defeats the purpose of having them.