Remediator Configuration

Remediator Configuration

The Remediator Agent can run in several modes.

Multi-Cluster Support

ArgoCD Hub Mode

Refer to the official ArgoCD documentation to setup ArgoCD in the hub cluster and register spoke cluster.

Here is an example repository containing an ArgoCD Application. Deploy this application onto the target cluster.

Apply the following Remediator CR:

apiVersion: serviceagents.nirmata.io/v1alpha1
kind: Remediator
metadata:
  name: remediator-argo-hub
  namespace: nirmata
spec:
  environment:
    localCluster: false
    argoCD:
      hub: true
  target:
    argoAppSelector:
      allApps: true
  remediation:
    triggers:
      - schedule:
          crontab: "0 */6 * * *"
    llmConfigRef:
      name: remediator-agent-llm
      namespace: nirmata
    actions:
      - type: CreatePR
        toolRef:
          name: toolconfig-sample
          namespace: nirmata

Local Cluster Mode

If you are not using ArgoCD for deployments, specify the repository to namespace configuration using a ConfigMap.

Create the configmap in nirmata namespace:

apiVersion: v1
kind: ConfigMap
metadata:
  name: repo-namespace-mapping
  namespace: nirmata
data:
  mapping: |
    [
      {
        "repo": "https://github.com/nirmata/demo-remediator",
        "branch": "main",
        "path": "apps/nginx",
        "targetNamespace": "default"
      }
    ]

Apply the Remediator CR.

apiVersion: serviceagents.nirmata.io/v1alpha1
kind: Remediator
metadata:
  name: remediator-local-cluster
  namespace: nirmata
spec:
  environment:
    localCluster: true
    localClusterConfig:
      repoNamespaceMappingRef:
        name: repo-namespace-mapping
        namespace: nirmata
        key: mapping
    argoCD:
      hub: false
  remediation:
    triggers:
      - schedule:
          crontab: "0 */6 * * *"
    llmConfigRef:
      name: remediator-agent-llm
      namespace: nirmata
    actions:
      - type: CreatePR
        toolRef:
          name: toolconfig-sample
          namespace: nirmata

Advanced Settings

Specify target clusters:

Use the spec.target field to specify cluster names or server URLs.

target:
  clusterNames:
    - argocd-spoke
    - production-cluster
  clusterServerUrls:
    - "https://production-cluster.example.com"

Specify target Argo applications:

Use the spec.target.argoAppSelector field to specify target applications, or use labelSelector to select specific applications.

target:
  argoAppSelector:
    names:
      - nginx-demo
    labelSelector:
      matchLabels:
        team: platform
        environment: production
      matchExpressions:
        - key: criticality
          operator: In
          values: ["high", "critical"]

NOTE: Set spec.target.argoAppSelector.allApps: true if you want to remediate all Argo applications. If allApps is true, it will override all other selection logic.

Filter violations for specific policies:

You can filter by policy severity using the spec.remediation.filters.policySelector field.

remediation:
  filters:
    policySelector:
      matchSeverity:
        - high
        - critical