Cluster Onboarding
To onboard a cluster with Nirmata,
Click on the Add Cluster
button on the Clusters
panel. If you are trying out NPM for the first time, it is highly recommended to use the default onboarding process instead of the manual onboarding flow.
Onboarding
This workflow requires nctl
. Refer to the documentation for installation.
- Enter the cluster name (required) and labels (optional).
- After entering the cluster information, click on
Select Compliance Standards
to proceed to the next step. The Pod Security Standards Baseline is added by default. It is highly recommended to opt for Pod Security Standards Restricted and RBAC Best Practices to improve the overall security posture of the cluster. Select the set of policies to be configured on the cluster as default policy sets. These policies will be deployed in audit mode. After selecting the policy sets, click onAdd Cluster
to proceed to the final step.
- Use the
nctl login
command to login to NPM. If the token is not auto generated, visit the profile page and click onGenerate API Key
button to generate the token.
Once the command has run successfully, it will display a message notifying that:
Validating user credentials...done!
Wrote configuration to /home/username/.nirmata/config
Next, copy the nctl clusters add
command displayed in the final step from the web UI. Run this command to add your cluster to NPM.
- After running the above command, a confirmation message will be displayed, notifying that Nirmata Opertor has been deployed successfully on the cluster. Following this, the policy sets selected in the previous step will become ready.
Next, you can click on
I Have Run the Command
in the web UI to complete the onboarding process and navigate to the Clusters dashboard. The new cluster added can be seen in the dashboard.
Legacy Onboarding
This workflow is now deprecated and will soon be removed in a future release.
- Enter the cluster name and add any labels to this cluster.
- Download the
nirmata-kube-controller.yaml
and deploy in the target cluster. - Follow the instructions on the UI to install the Kyverno Operator
- Verify all components are up and running and policies deployed.
Once the cluster is connected, you should be able to view any policy violations detected on your cluster. You will also see the recommended adapter to be installed.
To troubleshoot Nirmata Kubernetes Controller please go through this troubleshooting guide. Contact Nirmata Support if the problem persists.
NOTE: If the Kyverno version is not supported, you will be prompted to install the supported version.