How do I start an Operant 7-day free trial for a staging Kubernetes cluster?

Most teams want to validate Operant on real traffic, not toy clusters—but they also don’t want to experiment first in production. A staging Kubernetes cluster is the right place to prove that Operant’s Runtime AI Application Defense Platform can actually block attacks and contain agentic workflows inline, without a three‑month “observability project.”

Below is a practical, operator‑level walkthrough for starting a 7‑day free trial of Operant on a staging Kubernetes cluster, including what to prepare, how to deploy via Helm, and what to validate during the trial.

---

What the 7‑Day Trial Actually Gives You

Before you touch YAML, it helps to be clear about what you’re spinning up.

In a staging Kubernetes cluster, the Operant 7‑day free trial lets you:

• Discover your “cloud within the cloud”

  • Live inventory of APIs, services, agents, MCP connections, and east–west traffic.
  • Works across all major K8s platforms: EKS, AKS, GKE, OpenShift, Rancher RKE2, vanilla Kubernetes, and standalone containers.

• Detect real attacks and misbehavior in runtime

  • Prompt injection and jailbreak attempts across AI apps and agents.
  • API abuse patterns aligned to OWASP Top 10 for APIs and LLMs.
  • Ghost/zombie APIs and rogue/unmanaged agents in your staging environment.

• Defend inline, not just observe

  • Active blocking, rate limiting, and microsegmentation for APIs and services.
  • Inline auto‑redaction of sensitive data flowing through AI and API calls.
  • Trust zones and allow/deny lists for MCP tools, APIs, and identities.

And you get this with single‑step Helm install, zero instrumentation, zero integrations, and time‑to‑value under 5 minutes on a live cluster.

---

Prerequisites for Using Operant on a Staging Kubernetes Cluster

You don’t need to re‑architect anything, but you should line up a few basics first.

1. Choose the Right Staging Cluster

Operant supports:

• Managed K8s: AWS EKS, Azure AKS, Google GKE, Rancher RKE2, OpenShift
• Vanilla K8s and standalone containers

For a meaningful trial, pick a staging cluster that:

• Receives realistic pre‑prod traffic: CI/CD deployments, staging AI apps, internal tools.
• Exposes APIs, services, and/or AI workloads similar to prod (REST/gRPC APIs, MCP servers/clients, LLM apps, agentic workflows).
• Has network access to Operant’s control plane endpoints (if using a SaaS‑hosted control plane).

2. Access and Permissions

You’ll need:

• kubectl access with permissions to:
  • Create namespaces
  • Install Helm charts
  • Create cluster‑wide resources (CRDs, ClusterRoles) if required by your trial profile
• Helm installed on your operator workstation or CI runner.
• Optional but recommended:
  • A dedicated namespace, e.g., operant-system.
  • A service account if your org does not allow using default accounts for controllers.

3. Basic Trial Planning

Decide up front:

• Scope:

  • Start with one namespace (e.g., your main staging app namespace), then expand.
  • Or cover the whole cluster if this is your pre‑prod “mirror of prod.”

• Surfaces to include:

  • API gateways and internal APIs.
  • AI apps and MCP servers/clients.
  • Any agentic workflows (CI agents, SaaS‑integrated agents, dev tools with LLMs).

• Success metrics for the 7 days:

  • Runtime risks discovered (ghost APIs, risky agent calls, exfil paths).
  • Attacks detected and blocked in staging (prompt injection, mis‑routed traffic).
  • How much enforcement you can turn on without breaking valid flows.

---

Step 1: Request Your Operant 7‑Day Free Trial

1. Go to the Operant site

   • Navigate to https://operant.ai.
   • Use the main “Get a Demo” / “Start Now” path to request access.
   • Mention explicitly in the form notes or conversation:
     • You want to start a 7‑day free trial
     • Target environment: staging Kubernetes cluster (name and platform, e.g., “EKS staging in us‑east‑1”).

2. Share minimal environment details (typically during the short intake):

   • K8s platform (EKS/AKS/GKE/OpenShift/RKE2/vanilla).
   • Whether you run AI apps or agents, and if you use MCP or internal toolchains.
   • Any compliance constraints (e.g., PCI/NIST/EU AI Act alignment needs, data residency).

3. Receive trial onboarding materials

   • You’ll get:
     • Access credentials or token for the Operant control plane.
     • Helm repository URL and chart name.
     • A baseline set of runtime policies tuned for staging (usually defaulting to “observe + safe block” so you can ramp up).

If you want to move faster and avoid back‑and‑forth, you can book directly with the Operant team:
Get Started: https://app.apollo.io/#/meet/gn0-0b1-374/30-min

---

Step 2: Prepare Your Staging Cluster for Operant

You don’t need sidecars or app‑level instrumentation, but you should get the cluster ready for a Helm‑based runtime platform.

2.1 Create an Operant Namespace

kubectl create namespace operant-system

If your org enforces specific labels/annotations:

kubectl create namespace operant-system \
  --dry-run=client -o yaml \
  | kubectl apply -f -

…and then patch with your standard labels.

2.2 Confirm Cluster Connectivity

From a pod in your staging cluster:

• Verify outbound HTTPS to Operant’s control plane endpoint (provided in onboarding).
• Confirm DNS resolution for Operant domains.

This is typically one curl from a debug pod:

kubectl run net-debug --rm -it \
  --image=alpine:3.19 \
  --restart=Never \
  -- sh -c "apk add --no-cache curl && curl -I https://<operant-endpoint>"

If outbound access is locked down, add an egress rule allowing Operant’s endpoint.

---

Step 3: Install Operant via Helm (Takes < 5 Minutes)

Operant is built to avoid the “month‑long deployment” trap. You install once; it discovers and enforces across your runtime stack.

3.1 Add the Operant Helm Repository

You’ll get the actual repo URL from the Operant team, but conceptually:

helm repo add operant https://helm.operant.ai/charts
helm repo update

3.2 Create a Values File for Staging

Start with a minimal operant-values-staging.yaml:

clusterName: "staging-k8s"
environment: "staging"

controlPlane:
  url: "https://<your-operant-control-plane-url>"
  token: "<OPERANT_API_TOKEN>"

monitoring:
  namespaces:
    - "default"
    - "staging-apps"
  # Or to cover the entire cluster
  # allNamespaces: true

runtimeDefense:
  enableAPIDiscovery: true
  enableAgentDiscovery: true
  enableMCPDiscovery: true

  # Start in audit/monitor mode, then move to enforce
  defaultMode: "observe"   # later: "enforce"

  # Turn on inline auto-redaction for sensitive data
  autoRedaction:
    enabled: true

  apiProtection:
    enabled: true
    rateLimiting: true
    microsegmentation: true

  aiDefense:
    promptInjectionProtection: true
    dataExfiltrationProtection: true

You don’t need to integrate with GitHub or CI/CD for the trial, but if you want to test policy‑as‑code:

integrations:
  github:
    enabled: false  # turn on later to bind to your GitOps

3.3 Install the Operant Chart

helm install operant-runtime operant/operant-platform \
  --namespace operant-system \
  -f operant-values-staging.yaml

Within a couple of minutes you should see:

kubectl get pods -n operant-system

All Operant pods should be in Running or Completed state.

---

Step 4: Verify Operant Is Active in Your Staging Cluster

Once the Helm install is complete, validate that Operant is actually watching and defending your runtime, not just sitting on the side.

4.1 Confirm K8s‑Native Components

Check that controllers and agents are registered:

kubectl get deployments -n operant-system
kubectl get ds -n operant-system
kubectl get crds | grep operant

You should see Operant’s CRDs and runtime components installed cluster‑wide.

4.2 Log In to the Operant Console

Using the URL provided during onboarding:

1. Log in to the Operant console.
2. Select the staging cluster by the clusterName you configured.
3. Within minutes you should see:
   • Discovered APIs and services.
   • Any detected AI apps, agents, and MCP connections.
   • Initial baseline of traffic patterns (north–south and east–west).

If you see an empty view, confirm:

• The cluster has active workloads in monitored namespaces.
• Network egress to the control plane is allowed.

---

Step 5: Turn Trial Time into Signal – What to Test in 7 Days

A 7‑day trial is enough to validate real runtime enforcement if you focus on the right surfaces.

5.1 API & East–West Traffic Protection

In staging, exercise typical and edge flows:

1. Generate API traffic

   • Run your integration tests or staging smoke tests.
   • Hit internal APIs and service‑to‑service paths.

2. In the Operant console, verify:

   • Live API blueprint (discovered endpoints, methods, and consumers).
   • Identification of ghost/zombie APIs not tied to current deployments.
   • Default detection coverage for API OWASP Top 10 patterns.

3. Enable microsegmentation and rate limiting for a subset of services:

   • Start in “observe mode” and inspect potential blocks.
   • Move to “enforce” for low‑risk paths in staging.

This is where you see “API Threat Protection Beyond the WAF” in practice—Operant acts inside the cluster, across east–west traffic, not just at the edge.

5.2 AI Apps, Agents, and MCP Workflows

If your staging cluster runs AI workloads, this is the most high‑leverage part of the trial.

1. Identify in‑cluster AI surfaces:

   • LLM‑backed services.
   • MCP servers/clients and tools.
   • Agentic workflows orchestrating tools and APIs.

2. In the Operant console, verify:

   • MCP Catalog / Registry view—what servers, clients, and tools Operant discovered.
   • Agent inventory—managed and unmanaged agents in the cluster.
   • Trust boundaries between AI apps, APIs, and data stores.

3. Turn on enforcement for:

   • Prompt injection and jailbreak protection for staging AI endpoints.
   • Inline auto‑redaction of sensitive data leaving agent workflows.
   • Allow/deny policies for which agents can call which MCP tools or APIs.

Then intentionally push:

• Adversarial prompts designed to force tools to exfiltrate secrets.
• “0‑click” style flows where a compromised prompt chain tries to hit internal APIs.

Your goal is to see Operant block, rate‑limit, or auto‑redact in real time, not just log a finding.

5.3 Discovery and Shadow Surface Cleanup

Use the trial to map and clean up the “cloud within the cloud” in staging:

• Identify shadow services and unused APIs.
• Flag rogue/unmanaged agents that talk to sensitive APIs.
• Find MCP tools with overly broad access.

Use Operant’s catalog and blueprints to create a cleanup list that your platform/security teams can then mirror in production.

---

Step 6: Optional – Integrate with GitHub and CI/CD (Shift‑Left Guardrails)

If you want to see how runtime defense ties into your GitOps/DevSecOps posture, you can enable lightweight integrations even inside the 7‑day window.

6.1 GitHub Integration (Policy as Code)

Operant integrates with GitHub to apply policy‑as‑code across environments:

• Validate that new services, APIs, or agent workflows conform to:
  • Required authentication/authorization patterns.
  • Trust zone boundaries.
  • Allowed MCP tools and AI models.

During the trial, you can:

1. Turn on the GitHub integration in the Operant console.
2. Point it at a staging‑focused repo or environment branch.
3. Use it to block insecure manifests from reaching your staging cluster.

6.2 CI/CD Guardrails

Integrating Operant into CI/CD lets you:

• Run checks before deploying to staging.
• Prevent unsafe configuration from ever hitting the runtime.

Even a single pipeline integration during the trial demonstrates how runtime insights (e.g., risky APIs or agent flows discovered in staging) can be enforced earlier in the lifecycle.

---

Step 7: Evaluate Trial Outcomes and Plan Production Rollout

By the end of 7 days, you should have concrete answers to three questions:

1. What did Operant discover that other tools missed?

   • Ghost/zombie APIs, unmanaged agents, risky MCP tools, unexpected exfil paths.

2. What did Operant actively block or contain?

   • Prompt injection or jailbreak attempts.
   • Misrouted east–west traffic.
   • Unauthorized agent/tool usage or data exfiltration.

3. How hard was it to deploy and operate?

   • Single‑step Helm install.
   • No app code changes, no sidecars, no “month of instrumentation.”
   • Policies you could actually turn to “enforce,” not just “audit.”

Use these answers to make the production call:

• Keep your Helm configuration as‑is and point it at your production clusters (EKS/AKS/GKE/OpenShift, etc.).
• Expand integration with GitHub and CI/CD to enforce policy‑as‑code across dev → staging → prod.
• Extend the same runtime AI and API defenses across agents embedded in SaaS/dev tools and MCP workflows beyond K8s.

---

Summary: Fast Path to a Real Operant Trial on Staging

To start an Operant 7‑day free trial for a staging Kubernetes cluster:

1. Request trial access via the Operant site or book a session directly.
2. Prepare your staging cluster (namespace, permissions, outbound access).
3. Install via Helm with a simple values file—no instrumentation, no integrations required.
4. Verify discovery and runtime defense in the Operant console.
5. Actively test API protection, AI/agent defenses, and MCP controls during the trial window.
6. Optionally tie in GitHub/CI/CD to see how runtime defense feeds policy‑as‑code.
7. Use your findings to roll Operant into production with confidence.

If you want to see this live on your own staging cluster instead of reading about it in docs, the fastest path is to get on a call with the Operant team and walk through the Helm install together:

Get Started: https://app.apollo.io/#/meet/gn0-0b1-374/30-min