Cluster Deployment Options

Choose how Nirmata Control Hub manages resources in your cluster — read-only or read-write permission modes.

Applies to: Nirmata Control Hub 4.0 and later

Choose whether to allow Nirmata to deploy custom resources directly to your cluster or manage them using your own GitOps and Continuous Delivery tools.

Read-Only

Nirmata will not deploy Policies or Policy Exceptions to your cluster. You retain complete control and deploy these resources yourself using your own tools (Argo CD, Flux, kubectl, etc.).

Nirmata still provides full visibility: compliance reports, violation dashboards, and monitoring all function normally.

Best for: Teams with strict GitOps requirements or existing CD pipelines.

Read-Write

Nirmata deploys Policies and Policy Exceptions directly to your cluster. This enables one-click policy set deployment, automated remediations, and full use of the Agent Hub.

Note: We recommend enabling SSO and MFA when using Read-Write mode, since Nirmata has direct write access to cluster resources.

Best for: Teams that want to manage policies through the Nirmata UI or AI agents.

Changing the Permission Mode

You can change the permission mode after onboarding:

  1. Navigate to the Clusters page in Nirmata Control Hub.
  2. Click on the cluster name.
  3. Go to Settings.
  4. Toggle the permission mode and save.