Remediator Configuration

Remediator Configuration

The Remediator Agent can run in several modes.

Multi-Cluster Support

ArgoCD Hub Mode

Refer to the official ArgoCD documentation to setup ArgoCD in the hub cluster and register spoke cluster.

Here is an example repository containing an ArgoCD Application. Deploy this application onto the target cluster.

Apply the following Remediator CR:

apiVersion: serviceagents.nirmata.io/v1alpha1
kind: Remediator
metadata:
  name: remediator-argo-hub
  namespace: nirmata
spec:
  environment:
    type: argoHub
  
  target:
    argoHubTarget:
      argoAppSelector:
        allApps: true
  
  remediation:
    triggers:
      - schedule:
          crontab: "0 */6 * * *"
    llmConfigRef:
      name: remediator-agent-llm
      namespace: nirmata
    actions:
      - type: CreatePR
        toolRef:
          name: toolconfig-sample
          namespace: nirmata

Local Cluster Mode

If you are not using ArgoCD for deployments, specify the repository to namespace configuration using a ConfigMap.

Create the configmap in nirmata namespace:

apiVersion: v1
kind: ConfigMap
metadata:
  name: repo-namespace-mapping
  namespace: nirmata
data:
  mapping: |
    [
      {
        "repo": "https://github.com/nirmata/demo-remediator",
        "branch": "main",
        "path": "apps/nginx",
        "targetNamespace": "default"
      }
    ]

Apply the Remediator CR.

apiVersion: serviceagents.nirmata.io/v1alpha1
kind: Remediator
metadata:
  name: remediator-local-cluster
  namespace: nirmata
spec:
  environment:
    type: localCluster
  
  target:
    localClusterTarget:
      repoNamespaceMappingRef:
        name: repo-namespace-mapping
        namespace: nirmata
        key: mapping
  remediation:
    triggers:
      - schedule:
          crontab: "0 */6 * * *"
    llmConfigRef:
      name: remediator-agent-llm
      namespace: nirmata
    actions:
      - type: CreatePR
        toolRef:
          name: toolconfig-sample
          namespace: nirmata

Advanced Settings

Specify target clusters for ArgoCD Hub Mode:

Use the spec.target.argoHubTarget field to specify cluster names or server URLs.

target:
  argoHubTarget:
    clusterNames:
      - argocd-spoke
      - production-cluster
    clusterServerUrls:
      - "https://production-cluster.example.com"
    argoAppSelector:
      allApps: true

Specify target Argo applications:

Use the spec.target.argoHubTarget.argoAppSelector field to specify target applications, or use labelSelector to select specific applications.

target:
  argoHubTarget:
    argoAppSelector:
      names:
        - nginx-demo
      labelSelector:
        matchLabels:
          team: platform
          environment: production
        matchExpressions:
          - key: criticality
            operator: In
            values: ["high", "critical"]

NOTE: Set spec.target.argoHubTarget.argoAppSelector.allApps: true if you want to remediate all Argo applications. If allApps is true, it will override all other selection logic.

Filter violations for specific policies:

You can filter by policy severity using the spec.remediation.filters.policySelector field.

remediation:
  filters:
    policySelector:
      matchSeverity:
        - high
        - critical