Cluster Onboarding

To onboard a cluster with Nirmata, Click on the Add Cluster button on the Clusters panel. If you are trying out NPM for the first time, it is highly recommended to use the default onboarding process instead of the manual onboarding flow.

Onboarding

This workflow requires nctl. Refer to the documentation for installation.

  1. Enter the cluster name (required) and labels (optional).

image

  1. After entering the cluster information, click on Select Compliance Standards to proceed to the next step. The Pod Security Standards Baseline is added by default. It is highly recommended to opt for Pod Security Standards Restricted and RBAC Best Practices to improve the overall security posture of the cluster. Select the set of policies to be configured on the cluster as default policy sets. These policies will be deployed in audit mode. After selecting the policy sets, click on Add Cluster to proceed to the final step.

image

  1. Use the nctl login command to login to NPM. If the token is not auto generated, visit the profile page and click on Generate API Key button to generate the token.

image

Once the command has run successfully, it will display a message notifying that:

Validating user credentials...done!
Wrote configuration to /home/username/.nirmata/config

Next, copy the nctl clusters add command displayed in the final step from the web UI. Run this command to add your cluster to NPM.

  1. After running the above command, a confirmation message will be displayed, notifying that Nirmata Opertor has been deployed successfully on the cluster. Following this, the policy sets selected in the previous step will become ready. Next, you can click on I Have Run the Command in the web UI to complete the onboarding process and navigate to the Clusters dashboard. The new cluster added can be seen in the dashboard.

image

Legacy Onboarding

This workflow is now deprecated and will soon be removed in a future release.

  1. Enter the cluster name and add any labels to this cluster.
  2. Download the nirmata-kube-controller.yaml and deploy in the target cluster.
  3. Follow the instructions on the UI to install the Kyverno Operator
  4. Verify all components are up and running and policies deployed.

Once the cluster is connected, you should be able to view any policy violations detected on your cluster. You will also see the recommended adapter to be installed.

To troubleshoot Nirmata Kubernetes Controller please go through this troubleshooting guide. Contact Nirmata Support if the problem persists.

NOTE: If the Kyverno version is not supported, you will be prompted to install the supported version.

Nirmata Kube Controller