add
nctl add
Add Cluster Command
To onboard a Kubernetes cluster to the Nirmata Policy Manager, use the add command.
nctl add cluster --cluster-name <cluster-name>
This will install the Kyverno Operator, and also deploy the following PolicySets:
- Pod Security Standards (Baseline)
- Pod Security Standards (Restricted)
- RBAC Best Practices
If you wish to only onboard the cluster without deploying the Kyverno Operator and related components, use the
--register-onlyflag.
Command Options
| Flags | Shorthand | Description |
|---|---|---|
--cluster-id <string> |
-i |
the NPM cluster Id of cluster to be updated (Needed if cluster name is not unique) |
--cluster-name <string> |
name of the cluster to onboard is required (not needed if onboarding token is provided) | |
--help |
-h |
help for add sub-command |
--insecure |
allow connection to an address with a self-signed or non-verifiable certificate (not recommended) | |
--kube-context <string> |
see the kube context from configured kubeconfig. Default is the current or sole context | |
--kubeconfig <string> |
shows the kubeconfig path (defaults to $HOME/.kube/kubeconfig) | |
--kyverno-version <string> |
specify Kyverno version(default “1.10”) | |
--namespace string |
-n |
specify the namespace to install Kyverno operator(default “nirmata-system”) |
--onboarding-token <string> |
the cluster onboarding token | |
--register-only |
only register cluster by installing Nirmata related components, don’t install Kyverno operator | |
--release <string> |
-r |
operator helm chart release name (default “kyverno-operator”) |
--token <string> |
Nirmata API Key (env NIRMATA_TOKEN) | |
--url <string> |
Nirmata server base URL (env NIRMATA_URL) | |
--values-file <string> |
-f |
the cluster onboarding parameter YAML file |