Onboarding with ArgoCD

Onboarding a cluster in NPM with the help of ArgoCD involves the installation of Nirmata Enterprise for Kyverno (N4K) with ArgoCD and cluster-registrator.

Prerequisites

  • Helm: Refer to the official docs for installation.
  • ArgoCD: ArgoCD should be up and running. Refer to the official ArgoCD documentation for installation.
  • Git Repository: Must have access to the Nirmata git repository.
  • NPM Dashboard: Must have access to Nirmata Policy Manager (NPM) dashboard. Refer to this link to start a free trial.

N4K installation

Nirmata N4K can be installed in two ways:

  • Using Helm template
  • Using Git Repository (more customizable with values.yaml)

Installing N4K with ArgoCd using Helm template

Follow the below steps to install N4k with ArgoCd using Helm template:

  1. Installation of N4K with ArgoCD requires a values.yaml file, which is used for configuring customer specifications. For each N4K version, there is a release chart that contains the values.yaml file. Refer to the values.yaml file for N4K version 1.11 here.
  2. Now, clone the chart repository locally to update the values.yaml file.
  3. After cloning, update the following parameters in the values.yaml file:
    a. Add the License Key. The license key for N4K is available in the UI. For assistance, you can contact support@nirmata.com.
    b. Change the repository being used.
    c. Add the registry details in the secrets.
    d. Add the necessary Labels and Annotations.
    e. Ensure that the values.yaml file mentions the enableWebhook parameter as false. This is applicable only for installation with ArgoCD.
  4. Now, copy the modified values.yaml file.
  5. Next, create the helm template by executing the following command:
helm template nirmata-kyverno-operator nirmata/nirmata-kyverno-operator -n nirmata-kyverno-operator --create-namespace -f values.yaml --version <version> --include-crds > nirmata-helm-template.yaml
  1. After creating the nirmata-helm-template.yaml, delete or comment out the last pre-delete-hook.yaml file found at the end of the template yaml file.

Note: This is applicable only for N4K installing with ArgoCD.

  1. Additionally, under nirmata-kyverno-operator/templates/cr-kyverno.yaml in the nirmata-helm-template.yaml file, add the below secret:
spec:
    secrets: operator-params
  1. Now, create a local git repository by the name nirmata-kyverno-operator.
  2. Next, copy the helm template of the nirmata-kyverno-operator directory available locally, commit, and push it to the newly created git repository.
  3. After this, create a new application in ArgoCD with the name nirmata-kyverno-operator. Also, set nirmata-kyverno-operator as the namespace.
  4. Now that the application is created, the manifest file needs to be updated. In the manifest file, update the below section by giving the helm valueFiles reference and syncOptions.
project: default
source:
    repoURL: 'https://github.com/user/nirmata-kyverno-operator.git'
    path: nirmata-kyverno-operator
    targetRevision: HEAD
helm:
    valueFiles:
        - values.yaml
destination:
    server: 'https://kubernetes.default.svc'
    namespace: nirmata-system
syncPolicy:
    syncOptions:
        - CreateNamespace=true
        - ServerSideApply=true
        - ApplyOutOfSyncOnly=true
  1. Finally, click on the SYNC button in the ArgoCD UI to sync up all the resources. This will install the resources into the cluster.

Installing N4K with ArgoCd using Git Repository

The following steps will help you install N4K with ArgoCD using the git repository. This method is more customizable with the values.yaml file.

  1. Installation of N4K with ArgoCD requires a values.yaml file, which is used for configuring customer specifications. For each N4K version, there is a release chart that contains the values.yaml file. Refer to the values.yaml file for N4K version 1.11 here.
  2. Firstly, create a local git repository by the name nirmata-kyverno-operator.
  3. Now, clone the nirmata-kyverno-operator helm chart found in the Nirmata Kyverno Charts and copy the contents to the locally created git repository.
  4. Next, update the following parameters in the values.yaml file locally:
    a. Add the License Key. The license key for N4K is available in the UI. For assistance, you can contact support@nirmata.com.
    b. Change the repository being used.
    c. Add the registry details in the secrets.
    d. Add the necessary Labels and Annotations.
    e. Ensure that the values.yaml file mentions the enableWebhook parameter as false. This is applicable only for installation with ArgoCD.
  5. After modifying the values.yaml file locally with the necessary changes, replace the existing values.yaml in the local repository with the modified one.
  6. Next, create a new application in ArgoCD with the name nirmata-kyverno-operator. Also, set nirmata-system as the namespace.
  7. Now that the application is created, the manifest file needs to be updated. In the manifest file, update the below section by giving the helm valueFiles reference and syncOptions.
project: default
source:
    repoURL: 'https://github.com/user/nirmata-kyverno-operator.git'
    path: nirmata-kyverno-operator
    targetRevision: HEAD
helm:
    valueFiles:
        - values.yaml
destination:
    server: 'https://kubernetes.default.svc'
    namespace: nirmata-system
syncPolicy:
    syncOptions:
        - CreateNamespace=true
        - ServerSideApply=true
        - ApplyOutOfSyncOnly=true
  1. Finally, click on the SYNC button in the ArgoCD UI to sync up all the resources. This will install the resources into the cluster.

Nirmata Cluster-Registrator installation

Follow along with the below steps to install the Nirmata Cluster-Registrator:

  1. Log in to the Nirmata Policy Manaager and go to Settings>Profile. An API key will be already generated in the profile page. Copy the API key for using by clicking the key button. If no API-key is found, generate a new API key and copy it by clicking on the Generate API Key button located on the right-hand top section of the page.

image

  1. Next, add the API Key to the values.yaml file along with the cluster name. These are the two necessary parameters required for the cluster-registrator installation. The values.yaml file for cluster-registrator can be found here.

  2. Now, create a new application in ArgoCD with the name nirmata-cluster-registrator.

  3. After this, click on the SYNC button in the ArgoCD UI to sync up all the resources.

  4. Now, head over to NPM and go to Menu>Clusters to verify the creation of the cluster correctly.

image

  1. Alternatively, execute the following command in the terminal to verify the successful installation of the cluster-registrator by confirming that there are no errors found in the logs:
kubectl logs job/nirmata-cluster-registrator -n nirmata -f