Onboard a Cluster in Nirmata Control Hub

Guide to Onboard a Cluster in NCH

Prerequisites

  • Helm installed on your machine
  • kubectl access to the target cluster
  • A Nirmata account (Create a trial account at try.nirmata.io)

Obtaining Your API Token

To get your API token for cluster onboarding:

  1. Log in to your Nirmata Control Hub account
  2. Navigate to the Settings section in the left toolbar
  3. Expand the Settings tab and click on Profile
  4. In the Profile view, locate the “Generate API Key” button in the top right corner
  5. Click the button and follow the instructions to create your API key
  6. Copy and securely store your API key - you’ll need it during the cluster installation process

Installation Steps

1. Add Nirmata Helm Repository

First, add the Nirmata Helm repository to your local Helm configuration:

helm repo add nirmata https://nirmata.github.io/kyverno-charts/
helm repo update nirmata

2. Install Enterprise Kyverno (N4K)

helm install kyverno nirmata/kyverno \
  -n kyverno \
  --create-namespace \
  --set features.policyExceptions.namespace="kyverno" \
  --set features.policyExceptions.enabled=true \
  --set admissionController.replicas=3 \
  --version 3.3.9

3. Install Kyverno Operator

helm install kyverno-operator nirmata/nirmata-kyverno-operator \
  -n nirmata-system \
  --create-namespace \
  --devel \
  --set enablePolicyset=true \
  --version v0.7.0

4. Install Nirmata Kube Controller

Install the Nirmata Kube Controller with your specific configuration:

helm install nirmata-kube-controller nirmata/nirmata-kube-controller \
  -n nirmata \
  --create-namespace \
  --set nirmataURL=wss://nirmata.io/tunnels \
  --set cluster.name=<your-cluster-name> \
  --set namespace=nirmata \
  --set apiToken=<your-api-token> \
  --set features.policyExceptions.enabled=true \
  --set features.policySets.enabled=true \
  --version=0.2.8

Replace <your-cluster-name> with your desired cluster name and <your-api-token> with your Nirmata API token.

5. Verify Installation

  1. Log in to your Nirmata Control Hub account
  2. Navigate to the Clusters view
  3. Verify that your cluster appears in the list and shows as connected

Cleanup

If you need to remove the cluster from Nirmata Control Hub, follow these steps:

  1. Uninstall the Helm releases:
helm uninstall nirmata-kube-controller -n nirmata
helm uninstall kyverno -n kyverno
helm uninstall kyverno-operator -n nirmata-system
  1. Delete the namespaces:
kubectl delete ns kyverno
kubectl delete ns nirmata-system
kubectl delete ns nirmata

  1. Remove the cluster from Nirmata Console:

    • Log in to Nirmata Control Hub
    • Navigate to the Clusters view
    • Click on the cluster you want to remove
    • Click the “Remove” button to remove it from the Nirmata Console

Troubleshooting

If you encounter any issues during the installation:

  1. Verify that all prerequisites are met
  2. Check that your API token is valid
  3. Ensure your cluster has sufficient resources
  4. Verify network connectivity to Nirmata services

For additional support, please contact Nirmata support or visit our documentation portal.