Nirmata Operator

Overview

The Nirmata Operator is a Kubernetes operator designed to manage Kyverno installations and policies with ease and efficiency. When integrated with Nirmata Control Hub, the Nirmata Operator enables streamlined policy management, security, and compliance for clusters. Key functionalities include managing PolicySets with a GitOps approach, tamper detection and prevention for policies, and continuous monitoring of Kyverno and policies critical to the security of Kubernetes clusters.

Key Features

  • PolicySet Management (GitOps Style)
    • GitOps-based policy management: Enables users to manage PolicySets using Git repositories as the source of truth
    • Automatic Sync: Automatically synchronizes policies from Git repositories, ensuring consistency across clusters
  • Tamper Detection and Prevention
    • Policy Integrity: Detects unauthorized changes to policies and alerts users for preventive action
    • Enforcement Mechanisms: Automatically restores policies to their desired state if tampering is detected, ensuring security compliance
  • Monitoring and Alerts
    • Kyverno Health Monitoring: Monitors Kyverno’s health and performance, alerting when issues arise
    • Policy Status Tracking: Continuously tracks the status of applied policies, providing insights into policy violations and compliance adherence

Installation

Prerequisites

  • Helm 3.0+ must be installed.
  • A Kubernetes cluster with appropriate permissions for installing and managing operators.

Step 1: Install Nirmata Operator

To install the Nirmata Operator using Helm, execute the following command:

helm repo add nirmata https://nirmata.github.io/kyverno-charts/
helm repo update
helm install enterprise-kyverno-operator nirmata/enterprise-kyverno-operator --namespace nirmata-system --create-namespace
```text

>Note: To install RC versions of the Operator chart, use the `--devel` flag in the `helm install` command.

#### Step 2: Verify Installation
Check the status of the Nirmata Operator to ensure it is installed and running:
```bash
kubectl get pods -n nirmata-system
```text