Concepts

Core Concepts and Terminology

Remediator Agent

A Kubernetes application that automatically finds and fixes policy violations using AI. It runs as a background service and creates pull requests with proposed fixes.

Policy Violations

Security, compliance, or configuration problems in your Kubernetes resources. Examples include missing resource limits, incorrect security settings, or outdated configurations. A Kyverno (Cluster)PolicyReport with a result status of fail.

Custom Resources

Three configuration objects you create to set up the agent:

Remediator: Main configuration defining what to scan, when to run, and what actions to take
LLMConfig: AI provider settings (like AWS Bedrock or OpenAI. Defaults to Nirmata AI)
ToolConfig: Integration settings for external tools (GitHub credentials, etc.)

Targets

What the agent monitors for violations:

Clusters: Specific Kubernetes clusters by name
Applications: ArgoCD applications you want to monitor
Namespaces: Specific namespaces within clusters

Environment Types

How the agent discovers what to scan:

Hub Mode: Uses ArgoCD to manage multiple clusters from a central location
Local Mode: Scans the same cluster where the agent is installed

Actions

What the agent does when it finds violations:

Create Pull Request: Opens a PR in your Git repository with the fix
Dry Run: Shows what would be changed without making any modifications

Schedules & Triggers

When the agent runs:

Cron Schedule: Set specific times (like daily at midnight)
Manual Trigger: Run on-demand

Git Integration

How the agent connects Kubernetes resources to their source code:

Repository Mapping: Links your K8s manifests to Git repositories
Branch Creation: Makes new branches for proposed changes
Pull Request Management: Creates and updates PRs with fixes

Remediation Plans

AI-generated proposals that include:

What file needs to be changed
The specific changes to make
Plain-English explanation of why the change fixes the violation