Nirmata Operator

Overview

The Nirmata Operator is a Kubernetes operator designed to manage Kyverno installations and policies with ease and efficiency. Integrated with Nirmata Control Hub (NCH), the Nirmata Operator allows streamlined policy management, security, and compliance for clusters. Key functionalities include managing policysets with a GitOps approach, tamper detection and prevention for policies, and continuous monitoring of Kyverno and policies critical to the security of Kubernetes clusters.

Compatibility with Kyverno

Nirmata Operator ensures compatibility with specific Kyverno versions, allowing for seamless integration and upgrade management. Below is the compatibility matrix:

Enterprise Kyverno Version Supported Nirmata Operator Helm chart Versions
v1.12.5-n4k.nirmata.6 v0.5.2
v1.11.4-n4k.nirmata.10 v0.5.2, v0.4.20
v1.10.7-n4k.nirmata.14 v0.5.2, v0.4.20, v0.3.42

Key Features

  • PolicySet Management (GitOps Style)
    • GitOps-based policy management: Enables users to manage policysets using Git repositories as the source of truth.
    • Automatic Sync: Automatically synchronizes policies from Git repositories, ensuring consistency across clusters.
  • Tamper Detection and Prevention
    • Policy Integrity: Detects unauthorized changes to policies and alerts users for preventive action.
    • Enforcement Mechanisms: Automatically restores policies to the desired state if tampering is detected, ensuring security compliance.
  • Monitoring and Alerts
    • Kyverno Health Monitoring: Monitors Kyverno’s health and performance, alerting when issues arise.
    • Policy Status Tracking: Continuously tracks the status of applied policies, providing insights into policy violations and compliance adherence.

Installation

Prerequisites

  • Helm 3.0+ must be installed.
  • A Kubernetes cluster with appropriate permissions for installing and managing operators.

Step 1: Install Nirmata Operator

To install the Nirmata Operator using Helm, execute the following command:

helm repo add nirmata https://nirmata.github.io/kyverno-charts/
helm repo update
helm install enterprise-kyverno-operator nirmata/enterprise-kyverno-operator --namespace nirmata-system --create-namespace

Note: To install RC versions of the Operator chart, use the --devel flag in the helm install command.

Step 2: Verify Installation

Check the status of the Nirmata Operator to ensure it is installed and running:

kubectl get pods -n nirmata-system