Nirmata on Nirmata Documentationhttps://docs.nirmata.io/Recent content in Nirmata on Nirmata DocumentationHugoenSun, 06 Apr 2025 00:00:00 +0000Configuring Okta as an Identity Provider in Nirmatahttps://docs.nirmata.io/docs/control-hub/identity-access/oidc/okta/Thu, 21 Mar 2024 00:00:00 +0000https://docs.nirmata.io/docs/control-hub/identity-access/oidc/okta/<h2 id="prerequisites">Prerequisites</h2> <ul> <li>Administrative access to your Okta organization account or Okta App Integration</li> <li>Administrative access to Nirmata account</li> </ul> <h2 id="configuration-steps">Configuration Steps</h2> <h3 id="1-create-a-new-application-in-okta">1. Create a New Application in Okta</h3> <ol> <li>Log in to your Okta Admin Console.</li> <li>In the left sidebar, navigate to <strong>Applications &gt; Applications</strong>.</li> <li>Click <strong>Create Application Integration</strong>.</li> <li>Select <strong>OIDC</strong>.</li> <li>Choose <strong>Web Application</strong> as the platform.</li> <li>Click <strong>Create</strong>.</li> </ol> <h3 id="2-configure-application-settings">2. Configure Application Settings</h3> <ol> <li>In the application settings, fill in the following: <ul> <li><strong>App integration name</strong>: (e.g., Nirmata app)</li> <li><strong>Application type</strong>: Web</li> <li><strong>Grant type configuration:</strong> <ul> <li>Under <strong>Grant type</strong>: <ul> <li>Check <strong>Client Credentials</strong> (under &ldquo;Client acting on behalf of itself&rdquo;).</li> <li>Under <strong>Core grants</strong>, check <strong>Authorization Code</strong>. (Leave <strong>Refresh Token</strong> unchecked unless your use case requires it.)</li> <li>Expand <strong>Advanced</strong>: <ul> <li>Leave all <strong>Okta direct auth API grants</strong> (OTP, OOB, MFA OTP, MFA OOB) unchecked.</li> <li>Under <strong>Other grants</strong>, check <strong>Implicit (hybrid)</strong>. <ul> <li>Check both <strong>Allow ID Token with implicit grant type</strong> and <strong>Allow Access Token with implicit grant type</strong>.</li> </ul> </li> </ul> </li> </ul> </li> </ul> </li> <li><strong>Login redirect URIs</strong>: <ul> <li><strong>Sign-in redirect URIs</strong> <code>https://&lt;nirmata-domain&gt;/security/api/oidc/callback/</code></li> </ul> </li> <li><strong>Sign-out redirect URIs</strong> <code>https://&lt;nirmata-domain&gt;/security/api/oidc/logout/</code></li> </ul> </li> </ol> <p>Click on <strong>Save</strong></p>Nirmata Kube Controllerhttps://docs.nirmata.io/docs/control-hub/cluster/nirmata-kube-controller/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/control-hub/cluster/nirmata-kube-controller/<p>Nirmata Kube Controller is used to register the cluster with the Nirmata platform.</p> <p>The following resources will be deployed to the target cluster.</p> <h3 id="deployment">Deployment</h3> <details> <summary>nirmata-kube-controller</summary> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#0550ae">apiVersion</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>apps/v1<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>Deployment<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">metadata</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata-kube-controller<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">namespace</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">spec</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">replicas</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#0550ae">1</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">selector</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">matchLabels</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">app</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata-kube-controller<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">nirmata.io/container.type</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>system<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">app.kubernetes.io/name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">app.kubernetes.io/instance</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">template</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">metadata</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">labels</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">app</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata-kube-controller<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">nirmata.io/container.type</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>system<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">app.kubernetes.io/name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">app.kubernetes.io/instance</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">spec</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">containers</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">args</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- -token<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- $(TOKEN)<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- -url<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- $(URL)<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- -event-aggregation<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">command</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- /nirmata-kube-controller<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">env</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>TOKEN<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">value</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>6fcee39e-44dc-43a6-9792-468b82fd5a24<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>URL<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">value</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>wss://www.nirmata.io/tunnels<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">image</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ghcr.io/nirmata/nirmata-kube-controller:v3.9.8<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">imagePullPolicy</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>IfNotPresent<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">livenessProbe</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">exec</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">command</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- /nirmata-kube-controller<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata-kube-controller<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">readinessProbe</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">exec</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">command</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- /nirmata-kube-controller<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resources</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">limits</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">memory</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>512Mi<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">requests</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">memory</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>200Mi<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">cpu</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>250m<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">securityContext</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">allowPrivilegeEscalation</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#cf222e">false</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">capabilities</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">drop</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- ALL<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">readOnlyRootFilesystem</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#cf222e">true</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">runAsNonRoot</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#cf222e">true</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">seccompProfile</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">type</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>RuntimeDefault<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">hostNetwork</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#cf222e">false</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">imagePullSecrets</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata-controller-registry-secret<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">securityContext</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">seccompProfile</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">type</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>RuntimeDefault<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">serviceAccountName</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">tolerations</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">effect</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>NoSchedule<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">key</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>node-role.kubernetes.io/master<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">operator</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>Exists<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```text<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;/details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;summary&gt;otel-agent&lt;/summary&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```yaml<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">apiVersion</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>apps/v1<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>Deployment<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">metadata</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>otel-agent<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">namespace</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">labels</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">app</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>opentelemetry<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">component</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>otel-agent<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">app.kubernetes.io/instance</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">app.kubernetes.io/name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">spec</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">selector</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">matchLabels</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">app</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>opentelemetry<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">component</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>otel-agent<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">app.kubernetes.io/instance</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">app.kubernetes.io/name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">template</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">metadata</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">labels</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">app</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>opentelemetry<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">component</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>otel-agent<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">app.kubernetes.io/instance</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">app.kubernetes.io/name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">spec</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">containers</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>otel-agent<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">image</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ghcr.io/nirmata/metrics-agent:0.38.3<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resources</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">limits</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">memory</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>512Mi<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">requests</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">cpu</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>100m<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">memory</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>200Mi<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">securityContext</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">allowPrivilegeEscalation</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#cf222e">false</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">capabilities</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">drop</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- ALL<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">readOnlyRootFilesystem</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#cf222e">true</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">runAsNonRoot</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#cf222e">true</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">seccompProfile</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">type</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>RuntimeDefault<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">livenessProbe</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">httpGet</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">path</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>/metrics<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">port</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#0550ae">8888</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">scheme</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>HTTP<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">readinessProbe</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">httpGet</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">path</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>/metrics<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">port</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#0550ae">8888</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">scheme</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>HTTP<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">volumeMounts</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">mountPath</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>/etc/otel/config.yaml<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>data<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">subPath</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>config.yaml<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">readOnly</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#cf222e">true</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">terminationGracePeriodSeconds</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#0550ae">30</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">volumes</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>data<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">configMap</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>otel-agent-config<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```text<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;/details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#57606a">### ServiceAccount</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;summary&gt;nirmata&lt;/summary&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```yaml<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">apiVersion</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>v1<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ServiceAccount<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">metadata</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">namespace</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">secrets</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata-sa-secret<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```text<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;/details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;summary&gt;nirmata-controller&lt;/summary&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```yaml<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">apiVersion</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>v1<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ServiceAccount<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">metadata</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata-controller<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">namespace</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```text<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;/details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#57606a">### ConfigMap</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;summary&gt;nirmata-kube-controller-config&lt;/summary&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```yaml<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">apiVersion</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>v1<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ConfigMap<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">metadata</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata-kube-controller-config<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">namespace</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">data</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">IgnoreFields</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>metadata.managedFields<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">FilterPatches</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">|-</span><span style="color:#0a3069"> </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> /metadata/resourceVersion </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> /metadata/generation </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> /results/*/timestamp/*</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">IgnoreEvents</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>Normal.PolicyApplied.*<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">WatchedResources</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">|-</span><span style="color:#0a3069"> </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> events.v1. </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> policyreports.v1alpha2.wgpolicyk8s.io </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> clusterpolicyreports.v1alpha2.wgpolicyk8s.io </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> policies.v1.kyverno.io </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> clusterpolicies.v1.kyverno.io </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> policyexceptions.v2alpha1.kyverno.io</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">FilterEvents</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>Warning.PolicyViolation.*,Normal.PolicySkipped.*<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```text<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;/details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;summary&gt;otel-agent-config&lt;/summary&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```yaml<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">apiVersion</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>v1<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ConfigMap<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">metadata</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>otel-agent-config<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">namespace</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">data</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">config.yaml</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">&gt;-</span><span style="color:#0a3069"> </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> receivers: </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> prometheus: </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> config: </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> scrape_configs: </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> - job_name: &#34;kyverno&#34; </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> scrape_interval: 1m </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> static_configs: </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> - targets: [&#34;kyverno-svc-metrics.kyverno.svc.cluster.local:8000&#34;] </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> metric_relabel_configs: </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> - source_labels: [__name__] </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> regex: &#34;(kyverno_admission_review_duration_seconds.*|kyverno_policy_execution_duration_seconds.*|kyverno_policy_results_total|kyverno_policy_rule_info_total|kyverno_admission_requests_total|kyverno_controller_reconcile_total|kyverno_controller_requeue_total|kyverno_controller_drop_total)&#34; </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> action: keep </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> exporters: </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> prometheusremotewrite: </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> endpoint: https://www.nirmata.io/host-gateway/metrics-receiver </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> external_labels: </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> clusterId: 6fcee39e-44dc-43a6-9792-468b82fd5a24 </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> remote_write_queue: </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> queue_size: 2000 </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> num_consumers: 1 </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> timeout: 300s </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> service: </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> pipelines: </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> metrics: </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> receivers: [prometheus] </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"> exporters: [prometheusremotewrite]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```text<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;/details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#57606a">### ClusterRole</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;summary&gt;nirmata:nirmata-privileged&lt;/summary&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">Note</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>This ClusterRole is only needed for NDP<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```yaml<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">apiVersion</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>rbac.authorization.k8s.io/v1<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ClusterRole<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">metadata</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">annotations</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>{}<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata:nirmata-privileged<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">rules</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">apiGroups</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- kyverno.io<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- operator.kyverno.io<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- security.nirmata.io<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">nonResourceURLs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resourceNames</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resources</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- policies<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- clusterpolicies<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- reportchangerequests<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- clusterreportchangerequests<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- kyvernooperators/status<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- kyvernooperators<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- imagekeys<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- imagekeys/finalizers<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- imagekeys/status<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- admissionreports<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- clusteradmissionreports<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- backgroundscanreports<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- clusterbackgroundscanreports<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- policyexceptions<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- cleanuppolicies<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- clustercleanuppolicies<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- kyvernoes<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- kyvernoes/status<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">verbs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0a3069">&#34;*&#34;</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">apiGroups</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">nonResourceURLs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- /metrics<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resourceNames</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resources</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">verbs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- get<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">apiGroups</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0a3069">&#34;*&#34;</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">nonResourceURLs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resourceNames</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resources</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- tokenreviews<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- subjectaccessreviews<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">verbs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- get<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- create<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">apiGroups</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- wgpolicyk8s.io/v1alpha1<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- wgpolicyk8s.io/v1alpha2<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">nonResourceURLs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resourceNames</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resources</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- policyreports<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- clusterpolicyreports<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">verbs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0a3069">&#34;*&#34;</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">apiGroups</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0a3069">&#34;*&#34;</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">nonResourceURLs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resourceNames</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resources</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- policies<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- policies/status<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- clusterpolicies<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- clusterpolicies/status<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- policyreports<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- policyreports/status<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- clusterpolicyreports<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- clusterpolicyreports/status<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- generaterequests<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- generaterequests/status<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- reportchangerequests<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- reportchangerequests/status<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- clusterreportchangerequests<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- clusterreportchangerequests/status<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- updaterequests<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- updaterequests/status<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- admissionreports<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- clusteradmissionreports<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- backgroundscanreports<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- clusterbackgroundscanreports<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">verbs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- create<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- delete<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- get<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- list<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- patch<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- update<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- watch<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- deletecollection<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">apiGroups</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- apiextensions.k8s.io<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">nonResourceURLs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resourceNames</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resources</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- customresourcedefinitions<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">verbs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- delete<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- create<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- get<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- list<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- patch<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- update<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- watch<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">apiGroups</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0a3069">&#34;*&#34;</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">nonResourceURLs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resourceNames</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resources</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- namespaces<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- networkpolicies<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- secrets<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- configmaps<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- resourcequotas<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- limitranges<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- deployments<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- services<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- serviceaccounts<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- roles<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- rolebindings<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- clusterroles<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- clusterrolebindings<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- events<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- mutatingwebhookconfigurations<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- validatingwebhookconfigurations<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- certificatesigningrequests<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- certificatesigningrequests/approval<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- poddisruptionbudgets<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- ingresses<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- ingressclasses<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">verbs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- create<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- update<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- delete<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- list<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- get<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- patch<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- watch<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">apiGroups</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0a3069">&#34;*&#34;</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">nonResourceURLs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resourceNames</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resources</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0a3069">&#34;*&#34;</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">verbs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- get<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- list<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- watch<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- update<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">apiGroups</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- certificates.k8s.io<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">nonResourceURLs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resourceNames</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- kubernetes.io/legacy-unknown<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resources</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- certificatesigningrequests<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- certificatesigningrequests/approval<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- certificatesigningrequests/status<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">verbs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- create<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- delete<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- get<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- update<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- watch<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">apiGroups</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- certificates.k8s.io<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">nonResourceURLs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resourceNames</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- kubernetes.io/legacy-unknown<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resources</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- signers<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">verbs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- approve<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">apiGroups</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- coordination.k8s.io<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">nonResourceURLs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resourceNames</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#1f2328">[]</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resources</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- leases<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">verbs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- create<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- delete<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- get<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- patch<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- update<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```text<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;/details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;summary&gt;nirmata:policyexception-manager&lt;/summary&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```yaml<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">apiVersion</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>rbac.authorization.k8s.io/v1<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ClusterRole<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">metadata</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata:policyexception-manager<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">rules</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>- <span style="color:#0550ae">apiGroups</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- kyverno.io<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resources</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- policies<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- clusterpolicies<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- policyexceptions<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">verbs</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0a3069">&#39;*&#39;</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```text<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;/details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#57606a">### ClusterRoleBindings</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;summary&gt;nirmata-cluster-admin-binding&lt;/summary&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">Note</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>This ClusterRoleBinding is only needed for NDP<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```yaml<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">apiVersion</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>rbac.authorization.k8s.io/v1<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ClusterRoleBinding<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">metadata</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata-cluster-admin-binding<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">roleRef</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">apiGroup</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>rbac.authorization.k8s.io<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ClusterRole<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata:nirmata-privileged<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">subjects</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ServiceAccount<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">namespace</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```text<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;/details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;summary&gt;nirmata-controller-binding&lt;/summary&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```yaml<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">apiVersion</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>rbac.authorization.k8s.io/v1<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ClusterRoleBinding<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">metadata</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata-controller-binding<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">roleRef</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">apiGroup</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>rbac.authorization.k8s.io<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ClusterRole<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>view<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">subjects</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ServiceAccount<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata-controller<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">namespace</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```text<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;/details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;summary&gt;nirmata:policyexception-manager&lt;/summary&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```yaml<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">apiVersion</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>rbac.authorization.k8s.io/v1<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ClusterRoleBinding<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">metadata</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata:policyexception-manager<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">roleRef</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">apiGroup</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>rbac.authorization.k8s.io<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ClusterRole<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata:policyexception-manager<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">subjects</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ServiceAccount<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">namespace</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ServiceAccount<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>kyverno-cleanup-controller<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">namespace</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>kyverno <span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```text<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;/details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#57606a">### RoleBinding</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;summary&gt;nirmata-admin-binding&lt;/summary&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```yaml<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">apiVersion</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>rbac.authorization.k8s.io/v1<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>RoleBinding<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">metadata</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata-admin-binding<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">namespace</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">roleRef</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">apiGroup</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>rbac.authorization.k8s.io<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ClusterRole<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>admin<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">subjects</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>ServiceAccount<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">namespace</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```text<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;/details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#57606a">### Secret</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;details&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;summary&gt;nirmata-sa-secret&lt;/summary&gt;<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```yaml<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">apiVersion</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>v1<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">kind</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>Secret<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">metadata</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata-sa-secret<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">namespace</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">annotations</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">kubernetes.io/service-account.name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>nirmata<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span><span style="color:#0550ae">type</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>kubernetes.io/service-account-token<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>```text<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"></span>&lt;/details&gt;<span style="color:#fff"> </span></span></span></code></pre></div>Quick Starthttps://docs.nirmata.io/docs/nctl/getting-started/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/getting-started/<blockquote> <p><strong>Applies to:</strong> nctl 4.0 and later</p></blockquote> <p>The Nirmata Controller (<code>nctl</code>) is a command line application that makes it easy to scan Kubernetes, Terraform, Dockerfiles and other resources for misconfigurations using default or custom Kyverno policy sets.</p> <p>You can use <code>nctl</code> to apply policies and <strong>shift-left</strong> by applying policies to Kubernetes and IaC resources directly in your code repositories, or to scan Kubernetes clusters without installing a policy engine as an admission controller in each cluster.</p>Image Verification using Nirmatahttps://docs.nirmata.io/docs/control-hub/how-to/verify-image-signing/_index-image-sgning/Sun, 06 Apr 2025 00:00:00 +0000https://docs.nirmata.io/docs/control-hub/how-to/verify-image-signing/_index-image-sgning/<h2 id="table-of-contents">Table of Contents</h2> <ol> <li><a href="https://docs.nirmata.io/docs/control-hub/how-to/verify-image-signing/_index-image-sgning/#steps-for-image-verification">Steps for Image Verification</a></li> <li><a href="https://docs.nirmata.io/docs/control-hub/how-to/verify-image-signing/_index-image-sgning/#prerequisites">Prerequisites</a></li> <li><a href="https://docs.nirmata.io/docs/control-hub/how-to/verify-image-signing/_index-image-sgning/#sign-image-using-cosign">Sign Image using cosign</a></li> <li><a href="https://docs.nirmata.io/docs/control-hub/how-to/verify-image-signing/_index-image-sgning/#configure-kyverno-to-use-a-custom-certificate-for-imageregistry">Configure Kyverno to use a custom certificate for ImageRegistry (Optional)</a></li> <li><a href="https://docs.nirmata.io/docs/control-hub/how-to/verify-image-signing/_index-image-sgning/#verify-image-using-kyverno">Verify Image using Kyverno</a></li> </ol> <h2 id="steps-for-image-verification">Steps for Image Verification</h2> <p>Below are the steps to verify images before deployment to Kubernetes runtime environments:</p> <ol> <li>Deploy Enterprise Kyverno to the Workload cluster</li> <li>(Optional) If your local image registry uses a custom CA, configure Kyverno to use this custom CA for verifying locally hosted images</li> <li>Leverage cosign cli to sign the images. Ensure that the node where cosign is installed has the private CA added to its keystore</li> <li>Deploy the image verification Kyverno policy</li> <li>Confirm image verification based on policy pass/fail</li> </ol> <h2 id="prerequisites">Prerequisites</h2> <ul> <li>Install cosign: <a href="https://docs.sigstore.dev/cosign/system_config/installation/">Installation Guide</a></li> <li>(Optional) When using a local registry with a custom certificate authority (CA), retain the full certificate chain for use during configuration</li> </ul> <h2 id="sign-image-using-cosign">Sign Image using cosign</h2> <p>To sign your container images, you&rsquo;ll need to generate a key pair and use it to sign your images. This process ensures the authenticity and integrity of your container images.</p>AWS Asset Discovery Guidehttps://docs.nirmata.io/docs/controllers/nch-cloud/aws-asset-discovery/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/controllers/nch-cloud/aws-asset-discovery/<h2 id="introduction">Introduction</h2> <p>This guide provides a detailed walkthrough for setting up and using the AWS Organisation and Account Discovery feature in Nirmata Cloud Controller. This feature allows for comprehensive discovery of AWS accounts, organisational units (OUs), and EKS clusters within an AWS Organisation. The discovery process follows a hierarchical approach: OUs are discovered first, then accounts within those OUs, and finally EKS clusters within the discovered accounts.</p> <h2 id="prerequisites">Prerequisites</h2> <p>Before you begin, ensure you meet the following prerequisites:</p>GitHub App Integration Overviewhttps://docs.nirmata.io/docs/control-hub/settings/integrations/githubapp/overview/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/control-hub/settings/integrations/githubapp/overview/<blockquote> <p><strong>Applies to:</strong> Nirmata Control Hub 4.0 and later</p></blockquote> <p>The <strong>GitHub App Integration</strong> enables seamless integration between Nirmata and your GitHub repositories. By installing Nirmata&rsquo;s GitHub App, you can enable GitOps workflows, automated policy remediation, and other Git-based operations across your Nirmata platform.</p> <p>This integration is used by:</p> <ul> <li><strong>AI Agents</strong> (e.g., Remediator Agent) for creating pull requests with policy fixes</li> <li><strong>GitOps workflows</strong> for repository synchronization</li> <li><strong>Policy management</strong> for Git-based policy storage</li> <li><strong>Compliance operations</strong> for tracking and remediating violations</li> </ul> <h2 id="benefits">Benefits</h2> <ul> <li><strong>One-Click Installation</strong>: Install Nirmata&rsquo;s GitHub App directly from the UI</li> <li><strong>Enhanced Security</strong>: Uses short-lived tokens with fine-grained permissions</li> <li><strong>Centralized Management</strong>: Manage GitHub integration through Nirmata Control Hub</li> <li><strong>Enterprise Ready</strong>: Designed for organizational use with proper access control</li> <li><strong>Audit Trail</strong>: Complete tracking and logging of all GitHub operations</li> <li><strong>Multi-Organization Support</strong>: Install across multiple GitHub organizations</li> <li><strong>No Secret Management</strong>: No need to manage tokens or keys manually</li> </ul> <h2 id="next-steps">Next Steps</h2> <ul> <li>To install and configure the integration, see <a href="https://docs.nirmata.io/">GitHub App Integration</a>.</li> <li>To understand what the app can and cannot access, see <a href="../permissions/">GitHub App Permissions</a>.</li> </ul>Terraform Cloud Integration Overviewhttps://docs.nirmata.io/docs/control-hub/settings/integrations/terraformintegration/overview/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/control-hub/settings/integrations/terraformintegration/overview/<blockquote> <p><strong>Applies to:</strong> Nirmata Control Hub 4.0 and later</p></blockquote> <p>When a Terraform run reaches the <strong>Plan</strong> stage, <strong>Terraform Cloud</strong> triggers a webhook to the <strong>Nirmata Terraform Service</strong>. This service evaluates the Terraform plan using <strong>NCTL</strong> (Nirmata CLI) and policy sets managed within Nirmata Control Hub. The results are returned to TFC as pass/fail compliance checks.</p> <h2 id="key-components">Key Components</h2> <table> <thead> <tr> <th>Component</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><strong>Nirmata Control Hub Webapp &amp; API</strong></td> <td>Manages integrations, authentication keys, and displays scan results.</td> </tr> <tr> <td><strong>Terraform Service</strong></td> <td>Receives webhooks, fetches policy sets, and invokes NCTL scans.</td> </tr> <tr> <td><strong>NCTL</strong></td> <td>CLI tool that evaluates Terraform plans against Nirmata and Kyverno policy sets.</td> </tr> <tr> <td><strong>TFC Run Task</strong></td> <td>Executes during Terraform plan runs and triggers compliance scans.</td> </tr> </tbody> </table> <h2 id="architecture">Architecture</h2> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span>flowchart TD </span></span><span style="display:flex;"><span> A[TFC Run Task Triggered] --&gt; B[Nirmata Terraform Service (Webhook)] </span></span><span style="display:flex;"><span> B --&gt; C[Policy Fetch (from Nirmata Control Hub / Git)] </span></span><span style="display:flex;"><span> C --&gt; D[NCTL Policy Scan] </span></span><span style="display:flex;"><span> D --&gt; E[Results sent to Terraform Cloud &amp; Nirmata Control Hub] </span></span></code></pre></div><p><strong>Flow Summary:</strong> <code>Terraform Cloud Run → Webhook (Terraform Service) → Policy Fetch (Nirmata Control Hub/Git) → NCTL Scan → Results → TFC/Nirmata Control Hub</code></p>Accounthttps://docs.nirmata.io/docs/control-hub/settings/account/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/control-hub/settings/account/<p>Users can verify their Nirmata subscription details in <strong>Settings &gt; Account</strong>. In the subscription section, the following details are available:</p> <ul> <li>Type</li> <li>Start Date</li> <li>License Key</li> </ul> <p>Users can also view their Nirmata Quotas and Usage details in <strong>Settings &gt; Account</strong>. The Quotas and Usage section displays the following metrics:</p> <ul> <li>Clusters</li> <li>Nodes</li> <li>Pods</li> <li>Namespaces</li> </ul> <h2 id="ai-usage">AI Usage</h2> <p>Users can monitor their AI usage and credits in the <strong>AI Usage</strong> tab within <strong>Settings &gt; Account</strong>. This section provides detailed tracking of AI-powered feature consumption, including:</p>Getting Startedhttps://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/getting-started/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/getting-started/<h2 id="quick-start">Quick Start</h2> <p>This guide will help you get started with Kyverno MCP in minutes.</p> <h3 id="prerequisites">Prerequisites</h3> <p>Before you begin, ensure you have:</p> <ul> <li>Access to a Kubernetes cluster</li> <li>A valid kubeconfig file</li> <li>Kyverno installed in your cluster (optional, but recommended)</li> </ul> <h3 id="step-1-install-kyverno-mcp">Step 1: Install Kyverno MCP</h3> <p>Choose your preferred installation method:</p> <h4 id="using-homebrew-macoslinux">Using Homebrew (macOS/Linux)</h4> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>brew tap nirmata/tap </span></span><span style="display:flex;"><span>brew install kyverno-mcp </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">#### Download Binary</span> </span></span><span style="display:flex;"><span>Download the appropriate binary <span style="color:#cf222e">for</span> your platform from the <span style="color:#0550ae">[</span>Nirmata downloads page<span style="color:#0550ae">](</span>https://downloads.nirmata.io/kyverno-mcp/downloads/<span style="color:#0550ae">)</span>. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Step 2: Configure Your MCP Client</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Add Kyverno MCP to your MCP client configuration. For example, in Claude Desktop: </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>1. Open your Claude Desktop configuration file: </span></span><span style="display:flex;"><span> - macOS: <span style="color:#0a3069">`</span>~/Library/Application Support/Claude/claude_desktop_config.json<span style="color:#0a3069">`</span> </span></span><span style="display:flex;"><span> - Windows: <span style="color:#0a3069">`</span>%APPDATA%<span style="color:#0a3069">\C</span>laude<span style="color:#0a3069">\c</span>laude_desktop_config.json<span style="color:#0a3069">`</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>2. Add the Kyverno MCP server: </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>json </span></span><span style="display:flex;"><span><span style="color:#0550ae">{</span> </span></span><span style="display:flex;"><span> <span style="color:#0a3069">&#34;mcpServers&#34;</span>: <span style="color:#0550ae">{</span> </span></span><span style="display:flex;"><span> <span style="color:#0a3069">&#34;kyverno&#34;</span>: <span style="color:#0550ae">{</span> </span></span><span style="display:flex;"><span> <span style="color:#0a3069">&#34;command&#34;</span>: <span style="color:#0a3069">&#34;/path/to/kyverno-mcp&#34;</span>, </span></span><span style="display:flex;"><span> <span style="color:#0a3069">&#34;args&#34;</span>: <span style="color:#0550ae">[</span> </span></span><span style="display:flex;"><span> <span style="color:#0a3069">&#34;--kubeconfig=/path/to/your/kubeconfig&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#0550ae">]</span> </span></span><span style="display:flex;"><span> <span style="color:#0550ae">}</span> </span></span><span style="display:flex;"><span> <span style="color:#0550ae">}</span> </span></span><span style="display:flex;"><span><span style="color:#0550ae">}</span> </span></span></code></pre></div><h3 id="step-3-test-the-connection">Step 3: Test the Connection</h3> <ol> <li>Start your MCP client (e.g., Claude Desktop)</li> <li>Ask about your Kubernetes contexts:</li> </ol> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span>3. The assistant should be able to list your contexts using the `list_contexts` tool </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Step 4: Apply Your First Policy </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Try scanning your cluster with recommended policy sets for pod security, RBAC and Kubernetes best practices: </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span>Scan my cluster for policy violations </span></span></code></pre></div><p>The assistant will use the <code>apply_policies</code> tool to apply curated pod security policies.</p>GitHub Authentication Guidehttps://docs.nirmata.io/docs/control-hub/agent-hub/service-agents/github-authentication/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/control-hub/agent-hub/service-agents/github-authentication/<h2 id="overview">Overview</h2> <p>Nirmata AI Agents support multiple GitHub authentication methods to integrate with your GitHub repositories. This guide helps you choose the right authentication method and configure it properly.</p> <p><strong>Recommended Method</strong>: Use Nirmata&rsquo;s GitHub App for the simplest, most secure integration. Install it once from Nirmata Control Hub, and it works across all GitOps operations.</p> <h2 id="authentication-methods">Authentication Methods</h2> <h3 id="1-nirmata-github-app-recommended">1. Nirmata GitHub App (Recommended)</h3> <p><strong>Best for</strong>: Production environments and all GitOps operations</p> <p>The Nirmata GitHub App method provides the simplest and most secure authentication. Simply install Nirmata&rsquo;s GitHub App from the Control Hub UI - no need to create your own GitHub App or manage secrets.</p>Installationhttps://docs.nirmata.io/docs/nctl/installation/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/installation/<p>The Nirmata CLI is available on Linux, macOS, and Windows.</p> <h2 id="homebrew">Homebrew</h2> <p>Download and install the latest stable release of the notation CLI on macOS, Linux, or Windows Subsystem for Linux (WSL) using <a href="https://brew.sh/">Homebrew</a>:</p> <h3 id="install">Install</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>brew tap nirmata/tap </span></span><span style="display:flex;"><span>brew install nctl </span></span></code></pre></div><h3 id="verify">Verify</h3> <p>You can verify the <code>nctl</code> installation by checking its version:</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>nctl version </span></span></code></pre></div><h3 id="upgrade">Upgrade</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>brew upgrade nctl </span></span></code></pre></div><h3 id="uninstall">Uninstall</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>brew uninstall nctl </span></span></code></pre></div><p>To remove the Nirmata homebrew tap:</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>brew untap nirmata/tap </span></span></code></pre></div><h2 id="binary-download">Binary download</h2> <p><a href="https://downloads.nirmata.io/nctl/stablereleases/">Download</a> the latest stable release of the Nirmata CLI binary.</p>nctlhttps://docs.nirmata.io/docs/nctl/commands/nctl/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl/<h2 id="nctl">nctl</h2> <p>nctl is the command line interface for Nirmata</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a Kubernetes cluster and analyze and publish the scan results</span> </span></span><span style="display:flex;"><span> nctl scan kubernetes --cluster --analyze --publish </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan Kubernetes manifests, Dockerfiles, and Terraform code in a repository</span> </span></span><span style="display:flex;"><span> nctl scan repository https://github.com/nirmata/demo-resources </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan the current directory</span> </span></span><span style="display:flex;"><span> nctl scan repository </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>bash </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> -h, --help <span style="color:#6639ba">help</span> <span style="color:#cf222e">for</span> nctl </span></span><span style="display:flex;"><span> -v, --v Level number <span style="color:#cf222e">for</span> the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_add/">nctl add</a> - Add resources to Nirmata Control Hub</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_ai/">nctl ai</a> - Agentic AI powered workflows</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_compliance/">nctl compliance</a> - Compliance management commands</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_create/">nctl create</a> - Create policyexceptionrequests</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_edit/">nctl edit</a> - Edit nctl resources</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_exceptions/">nctl exceptions</a> - Manage Kyverno PolicyExceptions</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_get/">nctl get</a> - Get Nirmata Control Hub resources</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_info/">nctl info</a> - Account and User Information</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_login/">nctl login</a> - Provide authentication details to login</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_mappings/">nctl mappings</a> - Work with compliance policy mappings</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_raw/">nctl raw</a> - Direct access to the Nirmata REST API</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_remediate/">nctl remediate</a> - Remediate a resource file or directory for policy violations</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_remove/">nctl remove</a> - Remove Nirmata Control Hub resources</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan/">nctl scan</a> - Scan resources</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_signup/">nctl signup</a> - Create a new Nirmata Control Hub account</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_transform/">nctl transform</a> - Transform resource manifests to json</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_update/">nctl update</a> - Update Nirmata Control Hub resources</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_version/">nctl version</a> - Show version and build information</li> </ul>nctl addhttps://docs.nirmata.io/docs/nctl/commands/nctl_add/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_add/<h2 id="nctl-add">nctl add</h2> <p>Add resources to Nirmata Control Hub</p> <h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for add </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl/">nctl</a> - nctl is the command line interface for Nirmata</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_add_cluster/">nctl add cluster</a> - Add cluster</li> </ul>nctl add clusterhttps://docs.nirmata.io/docs/nctl/commands/nctl_add_cluster/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_add_cluster/<h2 id="nctl-add-cluster">nctl add cluster</h2> <p>Add cluster</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl add cluster <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Add a cluster with a specified name and onboarding token</span> </span></span><span style="display:flex;"><span> nctl add cluster --cluster-name my-cluster --onboarding-token abc123xyz </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Add a cluster using a values file for onboarding parameters</span> </span></span><span style="display:flex;"><span> nctl add cluster -f /path/to/values.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify a custom Helm repository and release name</span> </span></span><span style="display:flex;"><span> nctl add cluster --helm-repo https://custom.repo.com/helm-charts -r custom-release </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Use a private Helm repository with authentication</span> </span></span><span style="display:flex;"><span> nctl add cluster --helm-repo https://private.repo.com/helm-charts -t my-private-repo-token </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Register a cluster without installing the operator</span> </span></span><span style="display:flex;"><span> nctl add cluster --cluster-name my-cluster --register-only </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Deploy Kyverno with a specific version in a custom namespace</span> </span></span><span style="display:flex;"><span> nctl add cluster --kyverno-version 1.12 -n custom-namespace </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Use a custom Kubeconfig file and context for the cluster</span> </span></span><span style="display:flex;"><span> nctl add cluster --kubeconfig /path/to/kubeconfig --kube-context my-context </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify a private container registry</span> </span></span><span style="display:flex;"><span> nctl add cluster --registry-name my-private-registry --registry-username myuser --registry-password mypassword </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Allow connections to an address with a self-signed or unverified certificate (not recommended)</span> </span></span><span style="display:flex;"><span> nctl add cluster --insecure </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>bash </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> --cluster-name string name of the cluster to onboard is required <span style="color:#0550ae">(</span>not needed <span style="color:#cf222e">if</span> onboarding token is provided<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -t, --git-token string token <span style="color:#cf222e">for</span> the operator helm chart in private helm repo </span></span><span style="display:flex;"><span> --helm-repo string operator helm repository name <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;https://nirmata.github.io/kyverno-charts&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -h, --help <span style="color:#6639ba">help</span> <span style="color:#cf222e">for</span> cluster </span></span><span style="display:flex;"><span> --insecure allow connection to a Nirmata server with a insecure certificate <span style="color:#0550ae">(</span>not recommended<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --kube-context string the kube context from configured kubeconfig. Default is the current or sole context </span></span><span style="display:flex;"><span> --kubeconfig string kubeconfig path <span style="color:#0550ae">(</span>defaults to <span style="color:#953800">$HOME</span>/.kube/kubeconfig<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --kyverno-version string Kyverno version 1.11 <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;1.11&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -n, --namespace string operator namespace <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;nirmata-system&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --npm-only npm only mode <span style="color:#cf222e">for</span> the operator </span></span><span style="display:flex;"><span> --onboarding-token string the cluster onboarding token </span></span><span style="display:flex;"><span> --register-only only register cluster, don<span style="color:#f6f8fa;background-color:#82071e">&#39;</span>t install operator </span></span><span style="display:flex;"><span> --registry-name string name of the private registry <span style="color:#0550ae">(</span>no need <span style="color:#cf222e">if</span> images are not pushed to private registry<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --registry-password string password of the private registry <span style="color:#0550ae">(</span>no need <span style="color:#cf222e">if</span> images are not pushed to private registry<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --registry-username string user name of the private registry <span style="color:#0550ae">(</span>no need <span style="color:#cf222e">if</span> images are not pushed to private registry<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -r, --release string operator helm chart release name <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;kyverno-operator&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --token string the Nirmata API Login Key <span style="color:#0550ae">(</span>env NIRMATA_TOKEN<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --url string the Nirmata server base URL <span style="color:#0550ae">(</span>env NIRMATA_URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -f, --values-file string the cluster onboarding parameter YAML file </span></span><span style="display:flex;"><span> --yes bypass manual validation </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options inherited from parent commands</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> -v, --v Level number <span style="color:#cf222e">for</span> the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_add/">nctl add</a> - Add resources to Nirmata Control Hub</li> </ul>nctl aihttps://docs.nirmata.io/docs/nctl/commands/nctl_ai/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_ai/<h2 id="nctl-ai">nctl ai</h2> <p>Agentic AI powered workflows</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl ai <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Run an interactive AI workflow.</span> </span></span><span style="display:flex;"><span> nctl ai </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Run an interactive AI workflow with a specific prompt.</span> </span></span><span style="display:flex;"><span> nctl ai --prompt <span style="color:#0a3069">&#34;generate a Kyverno policy that enforces all pods have a &#39;team&#39; label&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Use a different LLM provider (e.g., Gemini, Anthropic, or Bedrock).</span> </span></span><span style="display:flex;"><span> nctl ai --provider gemini --model gemini-2.5-pro </span></span><span style="display:flex;"><span> nctl ai --provider anthropic --model claude-sonnet-4-20250514 </span></span><span style="display:flex;"><span> nctl ai --provider bedrock --model us.anthropic.claude-sonnet-4-20250514-v1:0 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Allow AI to access additional directories.</span> </span></span><span style="display:flex;"><span> nctl ai --allowed-dirs <span style="color:#0a3069">&#34;/path/to/policies,/tmp&#34;</span> --prompt <span style="color:#0a3069">&#34;create pod security policies in /path/to/policies&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Load custom skills from local path</span> </span></span><span style="display:flex;"><span> nctl ai --skills <span style="color:#0a3069">&#34;/path/to/custom-skill&#34;</span> --prompt <span style="color:#0a3069">&#34;use custom skill&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Resume a previous session.</span> </span></span><span style="display:flex;"><span> nctl ai --resume-session latest </span></span><span style="display:flex;"><span> nctl ai --resume-session 20251125-0120 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># List all available sessions.</span> </span></span><span style="display:flex;"><span> nctl ai --list-sessions </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Use a custom MCP configuration file.</span> </span></span><span style="display:flex;"><span> nctl ai --mcp-config <span style="color:#0a3069">&#34;/path/to/custom/mcp.yaml&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Start nctl as an MCP server for external AI clients.</span> </span></span><span style="display:flex;"><span> nctl ai --mcp-server </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Start MCP server with verbose logging.</span> </span></span><span style="display:flex;"><span> nctl ai --mcp-server -v <span style="color:#0550ae">1</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>bash </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> --allowed-dirs strings additional directories the AI can access <span style="color:#0550ae">(</span>comma-separated, env: NIRMATA_AI_ALLOWED_DIRS<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --delete-session string delete a session by ID </span></span><span style="display:flex;"><span> --force allow destructive operations in non-interactive mode <span style="color:#0550ae">(</span>requires both --prompt and --skip-permission-checks<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -h, --help <span style="color:#6639ba">help</span> <span style="color:#cf222e">for</span> ai </span></span><span style="display:flex;"><span> --insecure allow connection to a Nirmata server with a insecure certificate <span style="color:#0550ae">(</span>not recommended<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --list-sessions list all available sessions </span></span><span style="display:flex;"><span> --max-background-workers int maximum number of background workers that can be spawned in a single tool call <span style="color:#0550ae">(</span>default: 3<span style="color:#0550ae">)</span> <span style="color:#0550ae">(</span>default 3<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --max-tool-calls int maximum number of tool calls to make <span style="color:#0550ae">(</span>default 200<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --mcp-config string path to MCP configuration file <span style="color:#0550ae">(</span>default: ~/.nirmata/nctl/mcp.yaml<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --mcp-server run a MCP <span style="color:#0550ae">(</span>Model Context Protocol<span style="color:#0550ae">)</span> server <span style="color:#cf222e">for</span> Nirmata AI tools </span></span><span style="display:flex;"><span> --mcp-server-port int port to run the MCP <span style="color:#0550ae">(</span>Model Context Protocol<span style="color:#0550ae">)</span> server on when using http transport <span style="color:#0550ae">(</span>default 8080<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --mcp-server-transport string transport to use <span style="color:#cf222e">for</span> the MCP <span style="color:#0550ae">(</span>Model Context Protocol<span style="color:#0550ae">)</span> server <span style="color:#0550ae">(</span>stdio or http<span style="color:#0550ae">)</span> <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;stdio&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --new-session create a new session </span></span><span style="display:flex;"><span> --plan force plan mode <span style="color:#cf222e">for</span> all tasks <span style="color:#0550ae">(</span>even simple ones<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --prompt string prompt <span style="color:#cf222e">for</span> the AI workflow </span></span><span style="display:flex;"><span> --resume-session string ID of session to resume <span style="color:#0550ae">(</span>use <span style="color:#0a3069">&#39;latest&#39;</span> <span style="color:#cf222e">for</span> the most recent session<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --skills strings load custom skills from <span style="color:#6639ba">local</span> paths <span style="color:#0550ae">(</span>comma-separated, env: NIRMATA_AI_SKILLS<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --skip-permission-checks skip permission checks <span style="color:#cf222e">for</span> tools <span style="color:#0550ae">(</span>not recommended<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --token string the Nirmata API Login Key <span style="color:#0550ae">(</span>env NIRMATA_TOKEN<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --url string the Nirmata server base URL <span style="color:#0550ae">(</span>env NIRMATA_URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --usage-details show AI usage details and <span style="color:#6639ba">exit</span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options inherited from parent commands</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> -v, --v Level number <span style="color:#cf222e">for</span> the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl/">nctl</a> - nctl is the command line interface for Nirmata</li> </ul>nctl compliancehttps://docs.nirmata.io/docs/nctl/commands/nctl_compliance/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_compliance/<h2 id="nctl-compliance">nctl compliance</h2> <p>Compliance management commands</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl compliance <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for compliance </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl/">nctl</a> - nctl is the command line interface for Nirmata</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_compliance_audit/">nctl compliance audit</a> - Collect compliance evidence from a Kubernetes cluster</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_compliance_checklist/">nctl compliance checklist</a> - Show compliance checklist with pass/fail status for a standard</li> </ul>nctl compliance audithttps://docs.nirmata.io/docs/nctl/commands/nctl_compliance_audit/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_compliance_audit/<h2 id="nctl-compliance-audit">nctl compliance audit</h2> <p>Collect compliance evidence from a Kubernetes cluster</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl compliance audit <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> <span style="color:#57606a"># Collect SOC2 evidence package</span> </span></span><span style="display:flex;"><span> nctl compliance audit --standard soc2 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Collect NIST 800-53 evidence for specific namespaces</span> </span></span><span style="display:flex;"><span> nctl compliance audit --standard nist-800-53 --namespace production,staging </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Write evidence to a custom directory</span> </span></span><span style="display:flex;"><span> nctl compliance audit --standard soc2 --output-dir /tmp/evidence </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>bash </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> -h, --help <span style="color:#6639ba">help</span> <span style="color:#cf222e">for</span> audit </span></span><span style="display:flex;"><span> --kube-context string the kube context from configured kubeconfig. Default is the current or sole context </span></span><span style="display:flex;"><span> --kubeconfig string kubeconfig path <span style="color:#0550ae">(</span>defaults to <span style="color:#953800">$HOME</span>/.kube/kubeconfig<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --mappings-file string Override path to mappings YAML file </span></span><span style="display:flex;"><span> -o, --output string Output format <span style="color:#cf222e">for</span> the collection summary <span style="color:#0550ae">(</span>text, json, yaml<span style="color:#0550ae">)</span> <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;text&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --output-dir string Directory <span style="color:#cf222e">for</span> evidence output <span style="color:#0550ae">(</span>default: ~/.nirmata/nctl/compliance/evidence/<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --standard string Compliance standard <span style="color:#0550ae">(</span>soc2, nist-800-53, nsa-cisa, iso27001, pci-dss, etc.<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options inherited from parent commands</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> -v, --v Level number <span style="color:#cf222e">for</span> the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_compliance/">nctl compliance</a> - Compliance management commands</li> </ul>nctl compliance checklisthttps://docs.nirmata.io/docs/nctl/commands/nctl_compliance_checklist/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_compliance_checklist/<h2 id="nctl-compliance-checklist">nctl compliance checklist</h2> <p>Show compliance checklist with pass/fail status for a standard</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl compliance checklist <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> <span style="color:#57606a"># Show SOC2 compliance checklist</span> </span></span><span style="display:flex;"><span> nctl compliance checklist --standard soc2 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Show NIST 800-53 checklist in JSON format</span> </span></span><span style="display:flex;"><span> nctl compliance checklist --standard nist-800-53 -o json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Show checklist with custom mappings</span> </span></span><span style="display:flex;"><span> nctl compliance checklist --standard soc2 --mappings-file /path/to/mappings.yaml </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for checklist </span></span><span style="display:flex;"><span> --mappings-file string Override path to mappings YAML file </span></span><span style="display:flex;"><span> -o, --output string Output format (text, json, yaml, openreport) (default &#34;text&#34;) </span></span><span style="display:flex;"><span> --standard string Compliance standard (soc2, nist-800-53, nsa-cisa, iso27001, pci-dss, etc.) </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_compliance/">nctl compliance</a> - Compliance management commands</li> </ul>nctl createhttps://docs.nirmata.io/docs/nctl/commands/nctl_create/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_create/<h2 id="nctl-create">nctl create</h2> <p>Create policyexceptionrequests</p> <h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for create </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl/">nctl</a> - nctl is the command line interface for Nirmata</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_create_pull-request/">nctl create pull-request</a> - Create policyexceptionrequests made in Nirmata Control Hub</li> </ul>nctl create pull-requesthttps://docs.nirmata.io/docs/nctl/commands/nctl_create_pull-request/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_create_pull-request/<h2 id="nctl-create-pull-request">nctl create pull-request</h2> <p>Create policyexceptionrequests made in Nirmata Control Hub</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl create pull-request <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Basic pull-request command </span> </span></span><span style="display:flex;"><span> nctl create pull-request </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify PER name </span> </span></span><span style="display:flex;"><span> nctl create pull-request --per-name your-per-name </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify VCS provider </span> </span></span><span style="display:flex;"><span> nctl create pull-request --provider github </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify both PER name and VCS provider </span> </span></span><span style="display:flex;"><span> nctl create pull-request --per-name your-per-name --provider github </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for pull-request </span></span><span style="display:flex;"><span> --insecure allow connection to a Nirmata server with a insecure certificate (not recommended) </span></span><span style="display:flex;"><span> --per-name string Name of PER to be considered </span></span><span style="display:flex;"><span> -p, --provider string Name of VCS provider to create PER (default &#34;github&#34;) </span></span><span style="display:flex;"><span> --token string the Nirmata API Login Key (env NIRMATA_TOKEN) </span></span><span style="display:flex;"><span> --url string the Nirmata server base URL (env NIRMATA_URL) </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_create/">nctl create</a> - Create policyexceptionrequests</li> </ul>nctl edithttps://docs.nirmata.io/docs/nctl/commands/nctl_edit/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_edit/<h2 id="nctl-edit">nctl edit</h2> <p>Edit nctl resources</p> <h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for edit </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl/">nctl</a> - nctl is the command line interface for Nirmata</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_edit_config/">nctl edit config</a> - Edit nctl configuration file</li> </ul>nctl edit confighttps://docs.nirmata.io/docs/nctl/commands/nctl_edit_config/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_edit_config/<h2 id="nctl-edit-config">nctl edit config</h2> <p>Edit nctl configuration file</p> <h3 id="synopsis">Synopsis</h3> <p>Edit nctl configuration file by opening editor or entering values of repository to add</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl edit config <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Add a repository with a name, type, and authentication details </span> </span></span><span style="display:flex;"><span> nctl edit config --name my-repo --type helm --username example-user --gitToken example-token --file<span style="color:#0550ae">=</span><span style="color:#6639ba">false</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Add a repository with a specific chart repository URL and branch </span> </span></span><span style="display:flex;"><span> nctl edit config --name nirmata/kyverno-charts --chartRepo https://nirmata.github.io/kyverno-charts --branch main --file<span style="color:#0550ae">=</span><span style="color:#6639ba">false</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Add a Helm chart with a name, version, and authentication token </span> </span></span><span style="display:flex;"><span> nctl edit config --chartName my-chart --version 1.2.3 --gitToken example-token --file<span style="color:#0550ae">=</span><span style="color:#6639ba">false</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Add a repository with a branch and authentication token </span> </span></span><span style="display:flex;"><span> nctl edit config --name my-repo --branch dev --gitToken example-token --file<span style="color:#0550ae">=</span><span style="color:#6639ba">false</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Add multiple repository details including username, type, and branch </span> </span></span><span style="display:flex;"><span> nctl edit config --name my-repo --type helm --username example-user --branch main --gitToken example-token --file<span style="color:#0550ae">=</span><span style="color:#6639ba">false</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Add a repository from a specific branch, chart repository, and authentication </span> </span></span><span style="display:flex;"><span> nctl edit config --name my-repo --branch dev --chartRepo https://charts.example.com --username example-user --gitToken example-token --file<span style="color:#0550ae">=</span><span style="color:#6639ba">false</span> </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> --branch string Branch of the repository to add </span></span><span style="display:flex;"><span> --chartName string Name of the chart to add </span></span><span style="display:flex;"><span> --chartRepo string URL of the chart repository to add </span></span><span style="display:flex;"><span> --file enable to open config file in editor to edit config file (default true) </span></span><span style="display:flex;"><span> --gitToken string Git token for authentication to add </span></span><span style="display:flex;"><span> -h, --help help for config </span></span><span style="display:flex;"><span> --name string Name of the repository to add </span></span><span style="display:flex;"><span> --type string Type of the repository to add </span></span><span style="display:flex;"><span> --username string Username for authentication to add </span></span><span style="display:flex;"><span> --version string Version of the chart to add </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_edit/">nctl edit</a> - Edit nctl resources</li> </ul>nctl exceptionshttps://docs.nirmata.io/docs/nctl/commands/nctl_exceptions/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_exceptions/<h2 id="nctl-exceptions">nctl exceptions</h2> <p>Manage Kyverno PolicyExceptions</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl exceptions <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for exceptions </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl/">nctl</a> - nctl is the command line interface for Nirmata</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_exceptions_audit/">nctl exceptions audit</a> - Audit Kyverno PolicyException resources</li> </ul>nctl exceptions audithttps://docs.nirmata.io/docs/nctl/commands/nctl_exceptions_audit/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_exceptions_audit/<h2 id="nctl-exceptions-audit">nctl exceptions audit</h2> <p>Audit Kyverno PolicyException resources</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl exceptions audit <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> <span style="color:#57606a"># Audit all policy exceptions</span> </span></span><span style="display:flex;"><span> nctl exceptions audit </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Show only exceptions older than 90 days</span> </span></span><span style="display:flex;"><span> nctl exceptions audit --older-than <span style="color:#0550ae">90</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Show only expired exceptions</span> </span></span><span style="display:flex;"><span> nctl exceptions audit --expired </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Filter by namespace</span> </span></span><span style="display:flex;"><span> nctl exceptions audit --namespace default </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Output as JSON</span> </span></span><span style="display:flex;"><span> nctl exceptions audit -o json </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> --expired Only show exceptions past their expiry date </span></span><span style="display:flex;"><span> -h, --help help for audit </span></span><span style="display:flex;"><span> --kube-context string the kube context from configured kubeconfig. Default is the current or sole context </span></span><span style="display:flex;"><span> --kubeconfig string kubeconfig path (defaults to $HOME/.kube/kubeconfig) </span></span><span style="display:flex;"><span> --namespace string Filter by namespace (default: all namespaces) </span></span><span style="display:flex;"><span> --older-than int Only show exceptions older than N days </span></span><span style="display:flex;"><span> -o, --output string Output format (text, json, yaml, openreport) (default &#34;text&#34;) </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_exceptions/">nctl exceptions</a> - Manage Kyverno PolicyExceptions</li> </ul>nctl gethttps://docs.nirmata.io/docs/nctl/commands/nctl_get/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_get/<h2 id="nctl-get">nctl get</h2> <p>Get Nirmata Control Hub resources</p> <h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for get </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl/">nctl</a> - nctl is the command line interface for Nirmata</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_get_clusters/">nctl get clusters</a> - Get cluster information</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_get_operator/">nctl get operator</a> - Get Nirmata Kyverno Operator info</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_get_policy-sets/">nctl get policy-sets</a> - Get policy-sets</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_get_policyexceptionrequests/">nctl get policyexceptionrequests</a> - Get PolicyExceptionRequest resources</li> </ul>nctl get clustershttps://docs.nirmata.io/docs/nctl/commands/nctl_get_clusters/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_get_clusters/<h2 id="nctl-get-clusters">nctl get clusters</h2> <p>Get cluster information</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl get clusters <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Examples</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># List all clusters that are onboarded to Nirmata Control Hub </span> </span></span><span style="display:flex;"><span> nctl get clusters </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Get detailed information about a specific cluster </span> </span></span><span style="display:flex;"><span> nctl get clusters &lt;cluster-name&gt; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Show additional details about all clusters </span> </span></span><span style="display:flex;"><span> nctl get clusters --wide </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Allow connections to an address with a self-signed or unverified certificate (not recommended) </span> </span></span><span style="display:flex;"><span> nctl get clusters --insecure </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for clusters </span></span><span style="display:flex;"><span> --insecure allow connection to a Nirmata server with a insecure certificate (not recommended) </span></span><span style="display:flex;"><span> --token string the Nirmata API Login Key (env NIRMATA_TOKEN) </span></span><span style="display:flex;"><span> --url string the Nirmata server base URL (env NIRMATA_URL) </span></span><span style="display:flex;"><span> --wide to show extra cluster details </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_get/">nctl get</a> - Get Nirmata Control Hub resources</li> </ul>nctl get operatorhttps://docs.nirmata.io/docs/nctl/commands/nctl_get_operator/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_get_operator/<h2 id="nctl-get-operator">nctl get operator</h2> <p>Get Nirmata Kyverno Operator info</p> <h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for operator </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_get/">nctl get</a> - Get Nirmata Control Hub resources</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_get_operator_helm-values/">nctl get operator helm-values</a> - Get Nirmata Kyverno Operator Helm Values for further customization</li> </ul>nctl get operator helm-valueshttps://docs.nirmata.io/docs/nctl/commands/nctl_get_operator_helm-values/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_get_operator_helm-values/<h2 id="nctl-get-operator-helm-values">nctl get operator helm-values</h2> <p>Get Nirmata Kyverno Operator Helm Values for further customization</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl get operator helm-values <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for helm-values </span></span><span style="display:flex;"><span> --kube-context string the kube context from configured kubeconfig. Default is the current or sole context </span></span><span style="display:flex;"><span> --kubeconfig string kubeconfig path (defaults to $HOME/.kube/kubeconfig) </span></span><span style="display:flex;"><span> -n, --namespace string namespace in which the operator is deployed (default &#34;nirmata-system&#34;) </span></span><span style="display:flex;"><span> --no-cluster prevent all calls to cluster </span></span><span style="display:flex;"><span> -o, --outputfile string output file to store Helm values </span></span><span style="display:flex;"><span> -r, --release string release name for the helm chart (default &#34;kyverno-operator&#34;) </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_get_operator/">nctl get operator</a> - Get Nirmata Kyverno Operator info</li> </ul>nctl get policy-setshttps://docs.nirmata.io/docs/nctl/commands/nctl_get_policy-sets/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_get_policy-sets/<h2 id="nctl-get-policy-sets">nctl get policy-sets</h2> <p>Get policy-sets</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl get policy-sets <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Get list of Policy Sets available.</span> </span></span><span style="display:flex;"><span> nctl get policy-sets </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for policy-sets </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_get/">nctl get</a> - Get Nirmata Control Hub resources</li> </ul>nctl get policyexceptionrequestshttps://docs.nirmata.io/docs/nctl/commands/nctl_get_policyexceptionrequests/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_get_policyexceptionrequests/<h2 id="nctl-get-policyexceptionrequests">nctl get policyexceptionrequests</h2> <p>Get PolicyExceptionRequest resources</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl get policyexceptionrequests <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Get all policy exception requests</span> </span></span><span style="display:flex;"><span> nctl get policyexceptionrequests </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Get policy exception requests with a specific name</span> </span></span><span style="display:flex;"><span> nctl get policyexceptionrequests --name example-policy </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Get policy exception requests by requester</span> </span></span><span style="display:flex;"><span> nctl get policyexceptionrequests --requested-by npm-automation-devops </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Get policy exception requests filtered by state (approved, rejected, pendingApproval)</span> </span></span><span style="display:flex;"><span> nctl get policyexceptionrequests --state approved </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Get policy exception requests from an insecure server (not recommended)</span> </span></span><span style="display:flex;"><span> nctl get policyexceptionrequests --insecure </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for policyexceptionrequests </span></span><span style="display:flex;"><span> --insecure allow connection to a Nirmata server with a insecure certificate (not recommended) </span></span><span style="display:flex;"><span> --name string Name of policy exception to filter by </span></span><span style="display:flex;"><span> --requested-by string State of policy exception to filter by Requester </span></span><span style="display:flex;"><span> --state string State of policy exception to filter by (approved, rejected, pendingApproval) </span></span><span style="display:flex;"><span> --token string the Nirmata API Login Key (env NIRMATA_TOKEN) </span></span><span style="display:flex;"><span> --url string the Nirmata server base URL (env NIRMATA_URL) </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_get/">nctl get</a> - Get Nirmata Control Hub resources</li> </ul>nctl infohttps://docs.nirmata.io/docs/nctl/commands/nctl_info/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_info/<h2 id="nctl-info">nctl info</h2> <p>Account and User Information</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl info <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for info </span></span><span style="display:flex;"><span> --insecure allow connection to a Nirmata server with a insecure certificate (not recommended) </span></span><span style="display:flex;"><span> --token string the Nirmata API Login Key (env NIRMATA_TOKEN) </span></span><span style="display:flex;"><span> --url string the Nirmata server base URL (env NIRMATA_URL) </span></span><span style="display:flex;"><span> --userid string user id (email) </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl/">nctl</a> - nctl is the command line interface for Nirmata</li> </ul>nctl loginhttps://docs.nirmata.io/docs/nctl/commands/nctl_login/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_login/<h2 id="nctl-login">nctl login</h2> <p>Provide authentication details to login</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl login <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -f, --file string the configuration file (defaults to $HOME/.nirmata/config) </span></span><span style="display:flex;"><span> -h, --help help for login </span></span><span style="display:flex;"><span> --insecure allow connection to a Nirmata server with a insecure certificate (not recommended) </span></span><span style="display:flex;"><span> --token string the Nirmata API Login Key (env NIRMATA_TOKEN) </span></span><span style="display:flex;"><span> --url string the Nirmata server base URL (env NIRMATA_URL) </span></span><span style="display:flex;"><span> --userid string user id (email) </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl/">nctl</a> - nctl is the command line interface for Nirmata</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_login_git/">nctl login git</a> - Sign in to your git provider</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_login_nch/">nctl login nch</a> - Sign in to Nirmata Control Hub</li> </ul>nctl login githttps://docs.nirmata.io/docs/nctl/commands/nctl_login_git/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_login_git/<h2 id="nctl-login-git">nctl login git</h2> <p>Sign in to your git provider</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl login git <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Login to Git provider (GitHub, GitLab, Bitbucket) using a token</span> </span></span><span style="display:flex;"><span> nctl login git --provider github --username myuser --token ghp_xxx </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Login to GitLab with a custom domain and authentication token</span> </span></span><span style="display:flex;"><span> nctl login git --provider gitlab --domain gitlab.example.com --username myuser --token glpat_xxx </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Login to Bitbucket using a username and token</span> </span></span><span style="display:flex;"><span> nctl login git --provider bitbucket --username myuser --token bitbucket_xxx </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Login to a self-hosted GitLab instance with a domain</span> </span></span><span style="display:flex;"><span> nctl login git --provider gitlab --domain gitlab.mycompany.com </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Login interactively to Git (prompt for username and token)</span> </span></span><span style="display:flex;"><span> nctl login git --provider github </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> --domain string custom domain for the VCS </span></span><span style="display:flex;"><span> -h, --help help for git </span></span><span style="display:flex;"><span> --provider string git provider (defaults to github) (default &#34;github&#34;) </span></span><span style="display:flex;"><span> --token string git authentication token </span></span><span style="display:flex;"><span> --username string user id (email) </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_login/">nctl login</a> - Provide authentication details to login</li> </ul>nctl login nchhttps://docs.nirmata.io/docs/nctl/commands/nctl_login_nch/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_login_nch/<h2 id="nctl-login-nch">nctl login nch</h2> <p>Sign in to Nirmata Control Hub</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl login nch <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Login to Nirmata Control Hub using an email and API key</span> </span></span><span style="display:flex;"><span> nctl login nch --userid user@example.com --token my-api-key </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Login to Nirmata using a specific server URL</span> </span></span><span style="display:flex;"><span> nctl login nch --userid user@example.com --token my-api-key --url https://nirmata.example.com </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Login using a configuration file</span> </span></span><span style="display:flex;"><span> nctl login nch --file /path/to/config.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Login interactively (prompt for email and API key)</span> </span></span><span style="display:flex;"><span> nctl login nch </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -f, --file string the configuration file (defaults to $HOME/.nirmata/config) </span></span><span style="display:flex;"><span> -h, --help help for nch </span></span><span style="display:flex;"><span> --insecure allow connection to a Nirmata server with a insecure certificate (not recommended) </span></span><span style="display:flex;"><span> --token string the Nirmata API Login Key (env NIRMATA_TOKEN) </span></span><span style="display:flex;"><span> --url string the Nirmata server base URL (env NIRMATA_URL) </span></span><span style="display:flex;"><span> --userid string user id (email) </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_login/">nctl login</a> - Provide authentication details to login</li> </ul>nctl mappingshttps://docs.nirmata.io/docs/nctl/commands/nctl_mappings/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_mappings/<h2 id="nctl-mappings">nctl mappings</h2> <p>Work with compliance policy mappings</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl mappings <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for mappings </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl/">nctl</a> - nctl is the command line interface for Nirmata</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_mappings_get/">nctl mappings get</a> - Get control mappings for a compliance standard or policy</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_mappings_list/">nctl mappings list</a> - List available compliance standards</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_mappings_path/">nctl mappings path</a> - Print the path to the mappings file, or the policy directory path within kyverno-policies</li> </ul>nctl mappings gethttps://docs.nirmata.io/docs/nctl/commands/nctl_mappings_get/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_mappings_get/<h2 id="nctl-mappings-get">nctl mappings get</h2> <p>Get control mappings for a compliance standard or policy</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl mappings get <span style="color:#0550ae">[</span>standard<span style="color:#0550ae">]</span> <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Examples</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Get all policy→control mappings for SOC2</span> </span></span><span style="display:flex;"><span> nctl mappings get soc2 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Look up which standards and controls a specific policy covers</span> </span></span><span style="display:flex;"><span> nctl mappings get --policy restrict-cluster-admin-binding </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># JSON output</span> </span></span><span style="display:flex;"><span> nctl mappings get soc2 -o json </span></span><span style="display:flex;"><span> nctl mappings get --policy restrict-cluster-admin-binding -o json </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for get </span></span><span style="display:flex;"><span> --mappings-file string Override path to mappings YAML file </span></span><span style="display:flex;"><span> -o, --output string Output format (text, json, yaml) (default &#34;text&#34;) </span></span><span style="display:flex;"><span> --policy string Look up a specific policy by name across all standards </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_mappings/">nctl mappings</a> - Work with compliance policy mappings</li> </ul>nctl mappings listhttps://docs.nirmata.io/docs/nctl/commands/nctl_mappings_list/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_mappings_list/<h2 id="nctl-mappings-list">nctl mappings list</h2> <p>List available compliance standards</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl mappings list <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> <span style="color:#57606a"># List all available compliance standards</span> </span></span><span style="display:flex;"><span> nctl mappings list </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Filter to a single standard</span> </span></span><span style="display:flex;"><span> nctl mappings list --standard soc2 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># List in JSON format</span> </span></span><span style="display:flex;"><span> nctl mappings list -o json </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for list </span></span><span style="display:flex;"><span> --mappings-file string Override path to mappings YAML file </span></span><span style="display:flex;"><span> -o, --output string Output format (text, json, yaml) (default &#34;text&#34;) </span></span><span style="display:flex;"><span> --standard string Filter to a single compliance standard </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_mappings/">nctl mappings</a> - Work with compliance policy mappings</li> </ul>nctl mappings pathhttps://docs.nirmata.io/docs/nctl/commands/nctl_mappings_path/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_mappings_path/<h2 id="nctl-mappings-path">nctl mappings path</h2> <p>Print the path to the mappings file, or the policy directory path within kyverno-policies</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl mappings path <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> <span style="color:#57606a"># Print the path to the embedded (cached) mappings file</span> </span></span><span style="display:flex;"><span> nctl mappings path </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Show the directory path for a specific policy within kyverno-policies</span> </span></span><span style="display:flex;"><span> nctl mappings path --policy restrict-cluster-admin-binding </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for path </span></span><span style="display:flex;"><span> --mappings-file string Path to a custom mappings YAML file </span></span><span style="display:flex;"><span> --policy string Show the directory path for a specific policy within kyverno-policies </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_mappings/">nctl mappings</a> - Work with compliance policy mappings</li> </ul>nctl rawhttps://docs.nirmata.io/docs/nctl/commands/nctl_raw/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_raw/<h2 id="nctl-raw">nctl raw</h2> <p>Direct access to the Nirmata REST API</p> <h3 id="synopsis">Synopsis</h3> <p>The raw command allows querying Nirmata REST API endpoints.</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl raw &lt;path&gt; <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Basic GET request </span> </span></span><span style="display:flex;"><span> nctl raw /path --url https://example.com </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># GET request with authentication </span> </span></span><span style="display:flex;"><span> nctl raw /path --url https://example.com --token your-api-token </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># GET request allowing insecure connection </span> </span></span><span style="display:flex;"><span> nctl raw /path --url https://example.com --insecure </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># GET request with json data in a file </span> </span></span><span style="display:flex;"><span> nctl raw /path --url https://example.com --file data.json </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -d, --data string JSON data string </span></span><span style="display:flex;"><span> -f, --file string JSON data file </span></span><span style="display:flex;"><span> -h, --help help for raw </span></span><span style="display:flex;"><span> --insecure allow connection to an address with a self-signed or non-verifiable certificate (not recommended) </span></span><span style="display:flex;"><span> -m, --method string the HTTP method (default &#34;GET&#34;) </span></span><span style="display:flex;"><span> --token string Nirmata API Login Key (env NIRMATA_TOKEN) </span></span><span style="display:flex;"><span> --url string Nirmata server base URL (env NIRMATA_URL) </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl/">nctl</a> - nctl is the command line interface for Nirmata</li> </ul>nctl remediatehttps://docs.nirmata.io/docs/nctl/commands/nctl_remediate/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_remediate/<h2 id="nctl-remediate">nctl remediate</h2> <p>Remediate a resource file or directory for policy violations</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl remediate &lt;resource file or directory&gt; <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> --cluster-policies Use policies from a cluster (default false) </span></span><span style="display:flex;"><span> --details Show result details for violating resources (default true) </span></span><span style="display:flex;"><span> --file string[=&#34;scan-report&#34;] Output file (if --file is used without a value, defaults to &#39;scan-report&#39;) </span></span><span style="display:flex;"><span> -h, --help help for remediate </span></span><span style="display:flex;"><span> --no-color disable the colors for the stdout reports </span></span><span style="display:flex;"><span> -o, --output string Output format (text, json, yaml, scan-report, sarif) (default &#34;text&#34;) </span></span><span style="display:flex;"><span> --patch Update the source file with the remediated resource (default true) </span></span><span style="display:flex;"><span> -p, --policies strings Path to policy files </span></span><span style="display:flex;"><span> --policy-sets strings Policy set names (comma separated e.g., &#34;pss-baseline, pss-restricted, rbac-best-practices&#34;) </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl/">nctl</a> - nctl is the command line interface for Nirmata</li> </ul>nctl removehttps://docs.nirmata.io/docs/nctl/commands/nctl_remove/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_remove/<h2 id="nctl-remove">nctl remove</h2> <p>Remove Nirmata Control Hub resources</p> <h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for remove </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl/">nctl</a> - nctl is the command line interface for Nirmata</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_remove_cluster/">nctl remove cluster</a> - Remove cluster</li> </ul>nctl remove clusterhttps://docs.nirmata.io/docs/nctl/commands/nctl_remove_cluster/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_remove_cluster/<h2 id="nctl-remove-cluster">nctl remove cluster</h2> <p>Remove cluster</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl remove cluster <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Remove a cluster using its name</span> </span></span><span style="display:flex;"><span> nctl remove cluster --cluster-name my-cluster </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Remove a cluster using its unique cluster ID (Overrides name if provided)</span> </span></span><span style="display:flex;"><span> nctl remove cluster --cluster-id my-cluster-id </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Deregister a cluster from Nirmata Control Hub without uninstalling components</span> </span></span><span style="display:flex;"><span> nctl remove cluster --cluster-name my-cluster --deregister-only </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Remove only the operator from the cluster without removing other components</span> </span></span><span style="display:flex;"><span> nctl remove cluster --cluster-name my-cluster --remove-operator-only </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Forcefully remove a cluster, ignoring the kube-system namespace UID check</span> </span></span><span style="display:flex;"><span> nctl remove cluster --cluster-name my-cluster --force </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Remove a cluster by specifying a custom kubeconfig file and context</span> </span></span><span style="display:flex;"><span> nctl remove cluster --cluster-name my-cluster --kubeconfig /path/to/kubeconfig --kube-context my-context </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Remove a cluster while allowing connection to an address with a self-signed or unverified certificate (not recommended)</span> </span></span><span style="display:flex;"><span> nctl remove cluster --cluster-name my-cluster --insecure </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Remove a cluster using Nirmata credentials</span> </span></span><span style="display:flex;"><span> nctl remove cluster --cluster-name my-cluster --token my-nirmata-token --url https://nirmata.example.com </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>bash </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> --cluster-id string the Nirmata Control Hub cluster Id of cluster to be removed <span style="color:#0550ae">(</span>Overrides name. Needed <span style="color:#cf222e">if</span> cluster name is not unique<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --cluster-name string the Nirmata Control Hub cluster name of cluster to be removed </span></span><span style="display:flex;"><span> --crd-release string release name <span style="color:#cf222e">for</span> the operator CRD helm chart <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;kyverno-operator-crd&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --deregister-only only deresgisters cluster from nch </span></span><span style="display:flex;"><span> --force force remove cluster ignoring empty kube-system namespace uid check </span></span><span style="display:flex;"><span> -h, --help <span style="color:#6639ba">help</span> <span style="color:#cf222e">for</span> cluster </span></span><span style="display:flex;"><span> --insecure allow connection to a Nirmata server with a insecure certificate <span style="color:#0550ae">(</span>not recommended<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --kube-context string the kube context from configured kubeconfig. Default is the current or sole context </span></span><span style="display:flex;"><span> --kubeconfig string kubeconfig path <span style="color:#0550ae">(</span>defaults to <span style="color:#953800">$HOME</span>/.kube/kubeconfig<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -n, --namespace string namespace in which the operator is deployed <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;nirmata-system&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --release string release name <span style="color:#cf222e">for</span> the operator helm chart <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;kyverno-operator&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --remove-operator-only remove only operator from cluster, removes all components by default </span></span><span style="display:flex;"><span> --timeout duration <span style="color:#6639ba">time</span> to <span style="color:#6639ba">wait</span> <span style="color:#cf222e">until</span> the operation terminates <span style="color:#0550ae">(</span>default 10m0s<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --token string the Nirmata API Login Key <span style="color:#0550ae">(</span>env NIRMATA_TOKEN<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --url string the Nirmata server base URL <span style="color:#0550ae">(</span>env NIRMATA_URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options inherited from parent commands</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> -v, --v Level number <span style="color:#cf222e">for</span> the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_remove/">nctl remove</a> - Remove Nirmata Control Hub resources</li> </ul>nctl scanhttps://docs.nirmata.io/docs/nctl/commands/nctl_scan/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_scan/<h2 id="nctl-scan">nctl scan</h2> <p>Scan resources</p> <h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a Kubernetes cluster and analyze and publish the scan results</span> </span></span><span style="display:flex;"><span> nctl scan kubernetes --cluster --analyze --publish </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan Kubernetes manifests, Dockerfiles, and Terraform code in a repository</span> </span></span><span style="display:flex;"><span> nctl scan repository https://github.com/nirmata/demo-resources </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan the current directory</span> </span></span><span style="display:flex;"><span> nctl scan repository </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for scan </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl/">nctl</a> - nctl is the command line interface for Nirmata</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_compliance/">nctl scan compliance</a> - Run a compliance scan against a Kubernetes cluster</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_dockerfile/">nctl scan dockerfile</a> - scan dockerfile resources</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_github-actions/">nctl scan github-actions</a> - Scan GitHub Actions workflow files for security vulnerabilities</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_helm/">nctl scan helm</a> - scan helm-charts</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_json/">nctl scan json</a> - scan json resources</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_kubernetes/">nctl scan kubernetes</a> - scan kubernetes resources</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_prompt/">nctl scan prompt</a> - [Experimental] scan LLM prompts</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_repository/">nctl scan repository</a> - scan files in a git repository</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_skills/">nctl scan skills</a> - [Experimental] scan agent skills</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_terraform/">nctl scan terraform</a> - scan terraform resources</li> </ul>nctl scan compliancehttps://docs.nirmata.io/docs/nctl/commands/nctl_scan_compliance/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_scan_compliance/<h2 id="nctl-scan-compliance">nctl scan compliance</h2> <p>Run a compliance scan against a Kubernetes cluster</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl scan compliance <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> <span style="color:#57606a"># Run a SOC2 compliance scan (fetches policies from github.com/nirmata/kyverno-policies by default)</span> </span></span><span style="display:flex;"><span> nctl scan compliance --standard soc2 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan specific namespaces</span> </span></span><span style="display:flex;"><span> nctl scan compliance --standard nist-800-53 --namespace production,staging </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Output results as JSON</span> </span></span><span style="display:flex;"><span> nctl scan compliance --standard soc2 -o json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Use a local kyverno-policies checkout instead of fetching from GitHub</span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># (set once in ~/.nirmata/nctl/nctl_config.yaml: compliance.policies-root: /path/to/kyverno-policies)</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Override with specific policy paths or GitHub URLs</span> </span></span><span style="display:flex;"><span> nctl scan compliance --standard soc2 <span style="color:#0a3069">\ </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"></span> -p github.com/nirmata/kyverno-policies/best-practices-k8s <span style="color:#0a3069">\ </span></span></span><span style="display:flex;"><span><span style="color:#0a3069"></span> -p github.com/nirmata/kyverno-policies/compliance/cis/common </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for compliance </span></span><span style="display:flex;"><span> --kube-context string the kube context from configured kubeconfig. Default is the current or sole context </span></span><span style="display:flex;"><span> --kubeconfig string kubeconfig path (defaults to $HOME/.kube/kubeconfig) </span></span><span style="display:flex;"><span> --mappings-file string Override path to mappings YAML file </span></span><span style="display:flex;"><span> --namespace stringArray Namespaces to scan (comma-separated or repeated flag) </span></span><span style="display:flex;"><span> -o, --output string Output format (text, json, yaml, openreport) (default &#34;text&#34;) </span></span><span style="display:flex;"><span> -p, --policies strings Policy paths to scan (local path or github URL; comma-separated or repeated). Overrides the default mappings-derived policy set. </span></span><span style="display:flex;"><span> --standard string Compliance standard (soc2, nist-800-53, nsa-cisa, iso27001, pci-dss, etc.) </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan/">nctl scan</a> - Scan resources</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_compliance_diff/">nctl scan compliance diff</a> - Diff two compliance snapshots</li> </ul>nctl scan compliance diffhttps://docs.nirmata.io/docs/nctl/commands/nctl_scan_compliance_diff/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_scan_compliance_diff/<h2 id="nctl-scan-compliance-diff">nctl scan compliance diff</h2> <p>Diff two compliance snapshots</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl scan compliance diff <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> <span style="color:#57606a"># Diff latest vs previous scan</span> </span></span><span style="display:flex;"><span> nctl scan compliance diff --standard soc2 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Diff latest vs 30 days ago</span> </span></span><span style="display:flex;"><span> nctl scan compliance diff --standard soc2 --days <span style="color:#0550ae">30</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Diff two specific snapshots</span> </span></span><span style="display:flex;"><span> nctl scan compliance diff --standard soc2 --from 20240101-100000 --to 20240115-100000 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Output as JSON</span> </span></span><span style="display:flex;"><span> nctl scan compliance diff --standard soc2 -o json </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> --days int Compare latest snapshot vs N days ago </span></span><span style="display:flex;"><span> --from string Snapshot ID to compare from (older) </span></span><span style="display:flex;"><span> -h, --help help for diff </span></span><span style="display:flex;"><span> -o, --output string Output format (text, json, yaml) (default &#34;text&#34;) </span></span><span style="display:flex;"><span> --standard string Compliance standard to diff </span></span><span style="display:flex;"><span> --to string Snapshot ID to compare to (newer, defaults to latest) </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_compliance/">nctl scan compliance</a> - Run a compliance scan against a Kubernetes cluster</li> </ul>nctl scan dockerfilehttps://docs.nirmata.io/docs/nctl/commands/nctl_scan_dockerfile/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_scan_dockerfile/<h2 id="nctl-scan-dockerfile">nctl scan dockerfile</h2> <p>scan dockerfile resources</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl scan dockerfile <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a Dockerfile with a specific policy file and resource directory </span> </span></span><span style="display:flex;"><span> nctl scan dockerfile --policies /path/to/sample-policy.yaml -r /path/to/sample-resources/ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a Dockerfile with a policies from a GitHub repository </span> </span></span><span style="display:flex;"><span> nctl scan dockerfile --policies https://github.com/nirmata/kyverno-policies/tree/main/dockerfile-best-practices -r /path/to/sample-resources/ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan and output a JSON report </span> </span></span><span style="display:flex;"><span> nctl scan dockerfile --policies /path/to/sample-policy.yaml -r /path/to/sample-resources/ --scan-report /path/to/scan-report.json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan and add a custom report source ID </span> </span></span><span style="display:flex;"><span> nctl scan dockerfile --policies /path/to/sample-policy.yaml -r /path/to/sample-resources/ --report-sourceid sample-source-id </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan with violations in audit mode reported as warnings instead of failures </span> </span></span><span style="display:flex;"><span> nctl scan dockerfile --policies /path/to/sample-policy.yaml -r /path/to/sample-resources/ --audit-as-warn </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan and display remediation suggestions </span> </span></span><span style="display:flex;"><span> nctl scan dockerfile --policies /path/to/sample-policy.yaml -r /path/to/sample-resources/ --remediate display </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan and overwrite files with remediation </span> </span></span><span style="display:flex;"><span> nctl scan dockerfile --policies /path/to/sample-policy.yaml -r /path/to/sample-resources/ --remediate overwrite </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a Dockerfile and output results to console in JSON format</span> </span></span><span style="display:flex;"><span> nctl scan dockerfile --policies /path/to/sample-policy.yaml -r /path/to/sample-resources/ -o json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify output format and save results to a file with default name (scan-report.json)</span> </span></span><span style="display:flex;"><span> nctl scan dockerfile --policies /path/to/sample-policy.yaml -r /path/to/sample-resources/ -o json --file </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify output format and save results to a file with user defined name</span> </span></span><span style="display:flex;"><span> nctl scan dockerfile --policies /path/to/sample-policy.yaml -r /path/to/sample-resources/ -o json --file<span style="color:#0550ae">=</span>user-defined-name.json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>bash </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> --audit-as-warn Report violations from policies in audit mode as warnings instead of failures </span></span><span style="display:flex;"><span> --details Show result details <span style="color:#cf222e">for</span> violating resources <span style="color:#0550ae">(</span>default <span style="color:#6639ba">true</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --file string<span style="color:#0550ae">[=</span><span style="color:#0a3069">&#34;scan-report&#34;</span><span style="color:#0550ae">]</span> Output file <span style="color:#0550ae">(</span><span style="color:#cf222e">if</span> --file is used without a value, defaults to <span style="color:#0a3069">&#39;scan-report&#39;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --git-token string Git authentication token <span style="color:#0550ae">(</span><span style="color:#cf222e">for</span> Git URLs in --policies<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --git-username string Git username <span style="color:#0550ae">(</span><span style="color:#cf222e">for</span> Git URLs in --policies<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -h, --help <span style="color:#6639ba">help</span> <span style="color:#cf222e">for</span> dockerfile </span></span><span style="display:flex;"><span> --no-color disable the colors <span style="color:#cf222e">for</span> the stdout reports </span></span><span style="display:flex;"><span> -o, --output string Output format <span style="color:#0550ae">(</span>text, json, yaml, scan-report, sarif<span style="color:#0550ae">)</span> <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;text&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -p, --policies strings Path to policy files <span style="color:#0550ae">(</span><span style="color:#6639ba">local</span> path, github URL, helm URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --publish Publish reports </span></span><span style="display:flex;"><span> --publish-token string scan reports publish token </span></span><span style="display:flex;"><span> --remediate string Remediate resources <span style="color:#0550ae">(</span><span style="color:#0a3069">&#39;show&#39;</span>, <span style="color:#0a3069">&#39;patch&#39;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --report-sourceid string Add <span style="color:#6639ba">source</span> id <span style="color:#cf222e">for</span> report created <span style="color:#cf222e">for</span> <span style="color:#6639ba">local</span> scan </span></span><span style="display:flex;"><span> -r, --resources strings Path to resource files <span style="color:#0550ae">(</span><span style="color:#6639ba">local</span> path, github URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --scan-report string Output scan report file <span style="color:#0550ae">(</span>in JSON format<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options inherited from parent commands</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> -v, --v Level number <span style="color:#cf222e">for</span> the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan/">nctl scan</a> - Scan resources</li> </ul>nctl scan github-actionshttps://docs.nirmata.io/docs/nctl/commands/nctl_scan_github-actions/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_scan_github-actions/<h2 id="nctl-scan-github-actions">nctl scan github-actions</h2> <p>Scan GitHub Actions workflow files for security vulnerabilities</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl scan github-actions <span style="color:#0550ae">[</span>path<span style="color:#0550ae">]</span> <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Examples</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan the current directory for GitHub Actions workflows</span> </span></span><span style="display:flex;"><span> nctl scan github-actions </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a specific local repository path</span> </span></span><span style="display:flex;"><span> nctl scan github-actions /path/to/repo </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan with additional custom policies on top of the built-in set</span> </span></span><span style="display:flex;"><span> nctl scan github-actions --policies ./my-policies --severity high </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Output SARIF for GitHub Code Scanning integration</span> </span></span><span style="display:flex;"><span> nctl scan github-actions --output sarif &gt; results.sarif </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Publish results to Nirmata Control Hub</span> </span></span><span style="display:flex;"><span> nctl scan github-actions --publish </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan and save a JSON report</span> </span></span><span style="display:flex;"><span> nctl scan github-actions --scan-report ./report.json </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> --audit-as-warn Report violations from policies in audit mode as warnings instead of failures </span></span><span style="display:flex;"><span> --details Show result details for violating resources (default true) </span></span><span style="display:flex;"><span> --file string[=&#34;scan-report&#34;] Output file (if --file is used without a value, defaults to &#39;scan-report&#39;) </span></span><span style="display:flex;"><span> --git-token string Git authentication token (for Git URLs in --policies) </span></span><span style="display:flex;"><span> --git-username string Git username (for Git URLs in --policies) </span></span><span style="display:flex;"><span> -h, --help help for github-actions </span></span><span style="display:flex;"><span> --no-color disable the colors for the stdout reports </span></span><span style="display:flex;"><span> -o, --output string Output format (text, json, yaml, scan-report, sarif) (default &#34;text&#34;) </span></span><span style="display:flex;"><span> -p, --policies strings Path to policy files (optional; bundled defaults used when omitted) </span></span><span style="display:flex;"><span> --publish Publish reports </span></span><span style="display:flex;"><span> --publish-token string scan reports publish token </span></span><span style="display:flex;"><span> --remediate string Remediate resources (&#39;show&#39;, &#39;patch&#39;) </span></span><span style="display:flex;"><span> --report-sourceid string Add source id for report created for local scan </span></span><span style="display:flex;"><span> --scan-report string Output scan report file (in JSON format) </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan/">nctl scan</a> - Scan resources</li> </ul>nctl scan helmhttps://docs.nirmata.io/docs/nctl/commands/nctl_scan_helm/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_scan_helm/<h2 id="nctl-scan-helm">nctl scan helm</h2> <p>scan helm-charts</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl scan helm <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Examples</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a Helm chart from a local path</span> </span></span><span style="display:flex;"><span> nctl scan helm -r /path/to/helm-chart </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a Helm chart with a specific policy set</span> </span></span><span style="display:flex;"><span> nctl scan helm -r /path/to/helm-chart --policy-sets pss-baseline,pss-restricted </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a Helm chart with local and remote policy files</span> </span></span><span style="display:flex;"><span> nctl scan helm -r /path/to/helm-chart -p /path/to/policy.yaml,https://github.com/example/policy.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a Helm chart and output results to console</span> </span></span><span style="display:flex;"><span> nctl scan helm -r /path/to/helm-chart -o json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify output format and save results to a file with default name (scan-report.json)</span> </span></span><span style="display:flex;"><span> nctl scan helm -r /path/to/helm-chart -o json --file </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify output format and save results to a file with user defined name</span> </span></span><span style="display:flex;"><span> nctl scan helm -r /path/to/helm-chart -o json --file<span style="color:#0550ae">=</span>user-defined-name.json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Enable detailed result view for violating resources</span> </span></span><span style="display:flex;"><span> nctl scan helm -r /path/to/helm-chart --details </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Disable color in the scan report output</span> </span></span><span style="display:flex;"><span> nctl scan helm -r /path/to/helm-chart --no-color </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> --audit-as-warn Report violations from policies in audit mode as warnings instead of failures </span></span><span style="display:flex;"><span> --details Show result details <span style="color:#cf222e">for</span> violating resources <span style="color:#0550ae">(</span>default <span style="color:#6639ba">true</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --file string<span style="color:#0550ae">[=</span><span style="color:#0a3069">&#34;scan-report&#34;</span><span style="color:#0550ae">]</span> Output file <span style="color:#0550ae">(</span><span style="color:#cf222e">if</span> --file is used without a value, defaults to <span style="color:#0a3069">&#39;scan-report&#39;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --git-token string Git authentication token <span style="color:#0550ae">(</span><span style="color:#cf222e">for</span> Git URLs in --policies<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --git-username string Git username <span style="color:#0550ae">(</span><span style="color:#cf222e">for</span> Git URLs in --policies<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -h, --help <span style="color:#6639ba">help</span> <span style="color:#cf222e">for</span> helm </span></span><span style="display:flex;"><span> --insecure allow connection to a Nirmata server with a insecure certificate <span style="color:#0550ae">(</span>not recommended<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --no-color disable the colors <span style="color:#cf222e">for</span> the stdout reports </span></span><span style="display:flex;"><span> -o, --output string Output format <span style="color:#0550ae">(</span>text, json, yaml, scan-report, sarif<span style="color:#0550ae">)</span> <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;text&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -p, --policies strings Path to policy files <span style="color:#0550ae">(</span><span style="color:#6639ba">local</span> path, github URL, helm URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --policy-sets strings Comma-separated policy <span style="color:#6639ba">set</span> names <span style="color:#0550ae">(</span>pss-baseline, pss-restricted, rbac-best-practices<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --policy-view Use with --details to reverse the view from resource-&gt;policy to policy-&gt;resource </span></span><span style="display:flex;"><span> --publish Publish reports </span></span><span style="display:flex;"><span> --publish-token string scan reports publish token </span></span><span style="display:flex;"><span> --report-sourceid string Add <span style="color:#6639ba">source</span> id <span style="color:#cf222e">for</span> report created <span style="color:#cf222e">for</span> <span style="color:#6639ba">local</span> scan </span></span><span style="display:flex;"><span> -r, --resources strings Path to resource files <span style="color:#0550ae">(</span><span style="color:#6639ba">local</span> path, github URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --token string the Nirmata API Login Key <span style="color:#0550ae">(</span>env NIRMATA_TOKEN<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --url string the Nirmata server base URL <span style="color:#0550ae">(</span>env NIRMATA_URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --values string File containing values <span style="color:#cf222e">for</span> policy variables </span></span><span style="display:flex;"><span> --values-file strings Path to values files </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options inherited from parent commands</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> -v, --v Level number <span style="color:#cf222e">for</span> the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan/">nctl scan</a> - Scan resources</li> </ul>nctl scan jsonhttps://docs.nirmata.io/docs/nctl/commands/nctl_scan_json/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_scan_json/<h2 id="nctl-scan-json">nctl scan json</h2> <p>scan json resources</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl scan json <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Basic scan with required resource and policy file</span> </span></span><span style="display:flex;"><span> nctl scan json -r path/to/file -p path/to/policy </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan with audit mode enabled (violations reported as warnings)</span> </span></span><span style="display:flex;"><span> nctl scan json -r path/to/file -p path/to/policy --audit-as-warn </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan with detailed results for violating resources</span> </span></span><span style="display:flex;"><span> nctl scan json -r path/to/file -p path/to/policy --details </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Generate a scan report in JSON format</span> </span></span><span style="display:flex;"><span> nctl scan json -r path/to/file -p path/to/policy -o json --scan-report scan-report.json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a JSON file and output results to console</span> </span></span><span style="display:flex;"><span> nctl scan json -r /path/to/file.json -p /path/to/policy -o json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify output format and save results to a file with default name (scan-report.json)</span> </span></span><span style="display:flex;"><span> nctl scan json -r /path/to/file.json -p /path/to/policy -o json --file </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify output format and save results to a file with user defined name</span> </span></span><span style="display:flex;"><span> nctl scan json -r /path/to/file.json -p /path/to/policy -o json --file<span style="color:#0550ae">=</span>user-defined-name.json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Disable colored output in the terminal</span> </span></span><span style="display:flex;"><span> nctl scan json -r path/to/file -p path/to/policy --no-color </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>bash </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> --audit-as-warn Report violations from policies in audit mode as warnings instead of failures </span></span><span style="display:flex;"><span> --details Show result details <span style="color:#cf222e">for</span> violating resources <span style="color:#0550ae">(</span>default <span style="color:#6639ba">true</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --file string<span style="color:#0550ae">[=</span><span style="color:#0a3069">&#34;scan-report&#34;</span><span style="color:#0550ae">]</span> Output file <span style="color:#0550ae">(</span><span style="color:#cf222e">if</span> --file is used without a value, defaults to <span style="color:#0a3069">&#39;scan-report&#39;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --git-token string Git authentication token <span style="color:#0550ae">(</span><span style="color:#cf222e">for</span> Git URLs in --policies<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --git-username string Git username <span style="color:#0550ae">(</span><span style="color:#cf222e">for</span> Git URLs in --policies<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -h, --help <span style="color:#6639ba">help</span> <span style="color:#cf222e">for</span> json </span></span><span style="display:flex;"><span> --insecure allow connection to a Nirmata server with a insecure certificate <span style="color:#0550ae">(</span>not recommended<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --no-color disable the colors <span style="color:#cf222e">for</span> the stdout reports </span></span><span style="display:flex;"><span> -o, --output string Output format <span style="color:#0550ae">(</span>text, json, yaml, scan-report, sarif<span style="color:#0550ae">)</span> <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;text&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -p, --policies strings Path to policy files <span style="color:#0550ae">(</span><span style="color:#6639ba">local</span> path, github URL, helm URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --publish Publish reports </span></span><span style="display:flex;"><span> --publish-token string scan reports publish token </span></span><span style="display:flex;"><span> --remediate string Remediate resources <span style="color:#0550ae">(</span><span style="color:#0a3069">&#39;show&#39;</span>, <span style="color:#0a3069">&#39;patch&#39;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --report-sourceid string Add <span style="color:#6639ba">source</span> id <span style="color:#cf222e">for</span> report created <span style="color:#cf222e">for</span> <span style="color:#6639ba">local</span> scan </span></span><span style="display:flex;"><span> -r, --resources strings Path to resource files <span style="color:#0550ae">(</span><span style="color:#6639ba">local</span> path, github URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --scan-report string Output scan report file <span style="color:#0550ae">(</span>in JSON format<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --token string the Nirmata API Login Key <span style="color:#0550ae">(</span>env NIRMATA_TOKEN<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --url string the Nirmata server base URL <span style="color:#0550ae">(</span>env NIRMATA_URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options inherited from parent commands</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> -v, --v Level number <span style="color:#cf222e">for</span> the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan/">nctl scan</a> - Scan resources</li> </ul>nctl scan kuberneteshttps://docs.nirmata.io/docs/nctl/commands/nctl_scan_kubernetes/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_scan_kubernetes/<h2 id="nctl-scan-kubernetes">nctl scan kubernetes</h2> <p>scan kubernetes resources</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl scan kubernetes <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Examples</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a Kubernetes cluster and analyze the scan results</span> </span></span><span style="display:flex;"><span> nctl scan kubernetes --cluster --analyze </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a Kubernetes cluster and publish scan results</span> </span></span><span style="display:flex;"><span> nctl scan kubernetes --cluster --publish </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan Kubernetes resources from a local file with a specific policy</span> </span></span><span style="display:flex;"><span> nctl scan kubernetes --resources ./resource.yaml --policies ./policy.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan resources in a specific namespace using a policy set</span> </span></span><span style="display:flex;"><span> nctl scan kubernetes --namespace default --policy-sets pss-baseline </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a Kubernetes cluster using cluster policies and exceptions</span> </span></span><span style="display:flex;"><span> nctl scan kubernetes --cluster --cluster-policies --cluster-exceptions </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan Kubernetes resources and output results to console in JSON format</span> </span></span><span style="display:flex;"><span> nctl scan kubernetes --cluster -o json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify output format and save results to a file with default name (scan-report.json)</span> </span></span><span style="display:flex;"><span> nctl scan kubernetes --cluster -o json --file </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify output format and save results to a file with user defined name</span> </span></span><span style="display:flex;"><span> nctl scan kubernetes --cluster -o json --file<span style="color:#0550ae">=</span>user-defined-name.json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan with a specific kubeconfig and context</span> </span></span><span style="display:flex;"><span> nctl scan kubernetes --kubeconfig /path/to/kubeconfig --kube-context my-context </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Output the scan results in JSON format with detailed violations</span> </span></span><span style="display:flex;"><span> nctl scan kubernetes --resources ./resource.yaml --policies ./policy.yaml --details -o json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan resources while allowing insecure connections (not recommended)</span> </span></span><span style="display:flex;"><span> nctl scan kubernetes --resources ./resource.yaml --insecure </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan and show remediation suggestions for violating resources</span> </span></span><span style="display:flex;"><span> nctl scan kubernetes --resources ./resource.yaml --remediate </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> --analyze Analyze cluster using AI </span></span><span style="display:flex;"><span> --audit-as-warn Report violations from policies in audit mode as warnings instead of failures </span></span><span style="display:flex;"><span> --cluster Scan resources in a cluster using cluster policies and exceptions <span style="color:#0550ae">(</span>default value <span style="color:#6639ba">false</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --cluster-exceptions Use exceptions from a cluster <span style="color:#0550ae">(</span>default value <span style="color:#6639ba">false</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --cluster-name string Override name of cluster <span style="color:#cf222e">while</span> publishing report to Nirmata Control Hub </span></span><span style="display:flex;"><span> --cluster-policies Use policies from a cluster <span style="color:#0550ae">(</span>default value <span style="color:#6639ba">false</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --cluster-resources Use resources from a cluster <span style="color:#0550ae">(</span>default value <span style="color:#6639ba">false</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --continue-on-fail If <span style="color:#6639ba">set</span> to true, will <span style="color:#cf222e">continue</span> to apply policies on the next resource upon failure to apply to the current resource instead of exiting out </span></span><span style="display:flex;"><span> --details Show result details <span style="color:#cf222e">for</span> violating resources <span style="color:#0550ae">(</span>default <span style="color:#6639ba">true</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -e, --exceptions strings Policy exceptions to be considered when evaluating policies against resources </span></span><span style="display:flex;"><span> --file string<span style="color:#0550ae">[=</span><span style="color:#0a3069">&#34;scan-report&#34;</span><span style="color:#0550ae">]</span> Output file <span style="color:#0550ae">(</span><span style="color:#cf222e">if</span> --file is used without a value, defaults to <span style="color:#0a3069">&#39;scan-report&#39;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --git-token string Git authentication token <span style="color:#0550ae">(</span><span style="color:#cf222e">for</span> Git URLs in --policies<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --git-username string Git username <span style="color:#0550ae">(</span><span style="color:#cf222e">for</span> Git URLs in --policies<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -h, --help <span style="color:#6639ba">help</span> <span style="color:#cf222e">for</span> kubernetes </span></span><span style="display:flex;"><span> --insecure allow connection to a Nirmata server with a insecure certificate <span style="color:#0550ae">(</span>not recommended<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --kube-context string the kube context from configured kubeconfig. Default is the current or sole context </span></span><span style="display:flex;"><span> --kubeconfig string kubeconfig path <span style="color:#0550ae">(</span>defaults to <span style="color:#953800">$HOME</span>/.kube/kubeconfig<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -l, --label strings Label the cluster and Label selector in the format <span style="color:#953800">key</span><span style="color:#0550ae">=</span>value <span style="color:#cf222e">for</span> policy sets in Nirmata Control Hub </span></span><span style="display:flex;"><span> -n, --namespace strings Namespace of the resources to scan </span></span><span style="display:flex;"><span> --no-color disable the colors <span style="color:#cf222e">for</span> the stdout reports </span></span><span style="display:flex;"><span> -o, --output string Output format <span style="color:#0550ae">(</span>text, json, yaml, scan-report, sarif<span style="color:#0550ae">)</span> <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;text&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -p, --policies strings Path to policy files <span style="color:#0550ae">(</span><span style="color:#6639ba">local</span> path, github URL, helm URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --policy-sets strings Comma-separated policy <span style="color:#6639ba">set</span> names <span style="color:#0550ae">(</span>pss-baseline, pss-restricted, rbac-best-practices<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --policy-view Use with --details to reverse the view from resource-&gt;policy to policy-&gt;resource </span></span><span style="display:flex;"><span> --publish Publish reports </span></span><span style="display:flex;"><span> --publish-token string scan reports publish token </span></span><span style="display:flex;"><span> --remediate string Remediate resources <span style="color:#0550ae">(</span><span style="color:#0a3069">&#39;show&#39;</span>, <span style="color:#0a3069">&#39;patch&#39;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --report-sourceid string Add <span style="color:#6639ba">source</span> id <span style="color:#cf222e">for</span> report created <span style="color:#cf222e">for</span> <span style="color:#6639ba">local</span> scan <span style="color:#0550ae">(</span>is required <span style="color:#cf222e">for</span> <span style="color:#6639ba">local</span> scans<span style="color:#1f2328">;</span> is the cluster id <span style="color:#cf222e">for</span> cluster scan<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -r, --resources strings Path to resource files <span style="color:#0550ae">(</span><span style="color:#6639ba">local</span> path, github URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --token string the Nirmata API Login Key <span style="color:#0550ae">(</span>env NIRMATA_TOKEN<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --url string the Nirmata server base URL <span style="color:#0550ae">(</span>env NIRMATA_URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --values-file string File containing values <span style="color:#cf222e">for</span> policy variables </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options inherited from parent commands</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> -v, --v Level number <span style="color:#cf222e">for</span> the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan/">nctl scan</a> - Scan resources</li> </ul>nctl scan prompthttps://docs.nirmata.io/docs/nctl/commands/nctl_scan_prompt/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_scan_prompt/<h2 id="nctl-scan-prompt">nctl scan prompt</h2> <p>[Experimental] scan LLM prompts</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl scan prompt <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan prompts in a config file</span> </span></span><span style="display:flex;"><span> nctl scan prompt -r path/to/prompts.yaml -p path/to/policy.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a directory of prompt files</span> </span></span><span style="display:flex;"><span> nctl scan prompt -r path/to/prompts/ -p policies/prompts-baseline.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a prompt string directly</span> </span></span><span style="display:flex;"><span> nctl scan prompt --string <span style="color:#0a3069">&#34;You are a helpful assistant...&#34;</span> -p path/to/policy.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Read prompt from stdin</span> </span></span><span style="display:flex;"><span> <span style="color:#6639ba">echo</span> <span style="color:#0a3069">&#34;You are a helpful assistant...&#34;</span> <span style="color:#1f2328">|</span> nctl scan prompt --stdin -p path/to/policy.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan with minimum confidence threshold for file extraction</span> </span></span><span style="display:flex;"><span> nctl scan prompt -r path/to/config/ -p path/to/policy.yaml --min-confidence 0.6 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan with audit mode enabled (violations reported as warnings)</span> </span></span><span style="display:flex;"><span> nctl scan prompt -r path/to/prompts.yaml -p path/to/policy.yaml --audit-as-warn </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Output results in JSON format</span> </span></span><span style="display:flex;"><span> nctl scan prompt -r path/to/prompts.yaml -p path/to/policy.yaml -o json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Filter policies by severity</span> </span></span><span style="display:flex;"><span> nctl scan prompt -r path/to/prompts.yaml -p path/to/policies/ --selector <span style="color:#0a3069">&#34;severity=critical&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Enable AI-assisted classification (uses Nirmata by default)</span> </span></span><span style="display:flex;"><span> nctl scan prompt -r path/to/prompts.yaml -p path/to/policy.yaml --ai-check </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># AI classification with a specific provider</span> </span></span><span style="display:flex;"><span> nctl scan prompt -r path/to/prompts.yaml -p path/to/policy.yaml --ai-check --ai-provider gemini --ai-model gemini-2.5-pro </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> --ai-check Enable AI-assisted prompt classification (requires Nirmata authentication) </span></span><span style="display:flex;"><span> --ai-model string AI model for --ai-check (defaults to provider&#39;s default model) </span></span><span style="display:flex;"><span> --ai-provider string AI provider for --ai-check (nirmata, gemini, anthropic, bedrock, azopenai) (default &#34;nirmata&#34;) </span></span><span style="display:flex;"><span> --audit-as-warn Report violations from policies in audit mode as warnings instead of failures </span></span><span style="display:flex;"><span> --details Show result details for violating resources (default true) </span></span><span style="display:flex;"><span> --file string[=&#34;scan-report&#34;] Output file (if --file is used without a value, defaults to &#39;scan-report&#39;) </span></span><span style="display:flex;"><span> --git-token string Git authentication token (for Git URLs in --policies) </span></span><span style="display:flex;"><span> --git-username string Git username (for Git URLs in --policies) </span></span><span style="display:flex;"><span> -h, --help help for prompt </span></span><span style="display:flex;"><span> --insecure allow connection to a Nirmata server with a insecure certificate (not recommended) </span></span><span style="display:flex;"><span> --min-confidence float Minimum confidence threshold for file-based prompt extraction (0.0-1.0) (default 0.5) </span></span><span style="display:flex;"><span> --no-color disable the colors for the stdout reports </span></span><span style="display:flex;"><span> -o, --output string Output format (text, json, yaml, scan-report, sarif) (default &#34;text&#34;) </span></span><span style="display:flex;"><span> -p, --policies strings Path to policy files (optional; bundled defaults used when omitted) </span></span><span style="display:flex;"><span> --publish Publish reports </span></span><span style="display:flex;"><span> --publish-token string scan reports publish token </span></span><span style="display:flex;"><span> --report-sourceid string Add source id for report created for local scan </span></span><span style="display:flex;"><span> -r, --resources strings Path to resource files/directories (YAML, JSON, TOML, txt, md) </span></span><span style="display:flex;"><span> --risk-threshold int Fail if aggregate risk score meets or exceeds this value (0 = disabled) </span></span><span style="display:flex;"><span> --scan-report string Output scan report file (in JSON format) </span></span><span style="display:flex;"><span> --selector stringArray Filter policies by annotation (key=value). Key is shorthand for policies.kyverno.io/{key}. Multiple selectors with the same key are OR&#39;d; different keys are AND&#39;d. Example: --selector severity=critical --selector severity=high </span></span><span style="display:flex;"><span> --stdin Read prompt text from stdin </span></span><span style="display:flex;"><span> --string string Provide prompt text directly as a string </span></span><span style="display:flex;"><span> --token string the Nirmata API Login Key (env NIRMATA_TOKEN) </span></span><span style="display:flex;"><span> --url string the Nirmata server base URL (env NIRMATA_URL) </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan/">nctl scan</a> - Scan resources</li> </ul>nctl scan repositoryhttps://docs.nirmata.io/docs/nctl/commands/nctl_scan_repository/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_scan_repository/<h2 id="nctl-scan-repository">nctl scan repository</h2> <p>scan files in a git repository</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl scan repository <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan the Nirmata demo-resources repository</span> </span></span><span style="display:flex;"><span> nctl scan repository https://github.com/nirmata/demo-resources </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan the repository with a specific policy set</span> </span></span><span style="display:flex;"><span> nctl scan repository https://github.com/nirmata/demo-resources --policy-sets pss-baseline,pss-restricted </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan the repository using specific policies from local and remote sources</span> </span></span><span style="display:flex;"><span> nctl scan repository https://github.com/nirmata/demo-resources </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a repository and output results to console in JSON format</span> </span></span><span style="display:flex;"><span> nctl scan repository https://github.com/nirmata/demo-resources -o json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify output format and save results to a file with default name (scan-report.json)</span> </span></span><span style="display:flex;"><span> nctl scan repository https://github.com/nirmata/demo-resources -o json --file </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify output format and save results to a file with user defined name</span> </span></span><span style="display:flex;"><span> nctl scan repository https://github.com/nirmata/demo-resources -o json --file<span style="color:#0550ae">=</span>user-defined-name.json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a specific branch of the repository</span> </span></span><span style="display:flex;"><span> nctl scan repository https://github.com/nirmata/demo-resources --branch main </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Enable audit mode to report violations as warnings instead of failures</span> </span></span><span style="display:flex;"><span> nctl scan repository https://github.com/nirmata/demo-resources --audit-as-warn </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Display remediation suggestions for policy violations</span> </span></span><span style="display:flex;"><span> nctl scan repository https://github.com/nirmata/demo-resources --remediate display </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Overwrite resource files with remediations</span> </span></span><span style="display:flex;"><span> nctl scan repository https://github.com/nirmata/demo-resources --remediate overwrite </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Exclude a specific directory (use the full path as it appears in the repository), </span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Avoid using single directory name like &#39;policies&#39; for potential name collision on multi directory level.</span> </span></span><span style="display:flex;"><span> nctl scan repository https://github.com/nirmata/demo-resources --exclude<span style="color:#0550ae">=</span><span style="color:#0a3069">&#39;nirmata/demo-resources/policies&#39;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Exclude a specific file by its exact name</span> </span></span><span style="display:flex;"><span> nctl scan repository https://github.com/nirmata/demo-resources --exclude<span style="color:#0550ae">=</span><span style="color:#0a3069">&#39;disallow-secrets-from-env-vars.yaml&#39;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Exclude all YAML files (case-insensitive) using a regex pattern</span> </span></span><span style="display:flex;"><span> nctl scan repository https://github.com/nirmata/demo-resources --exclude-regex<span style="color:#0550ae">=</span><span style="color:#0a3069">&#39;(?i)\.ya?ml$&#39;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>bash </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> --analyze Analyze cluster using AI </span></span><span style="display:flex;"><span> --analyzers strings Analyzers to <span style="color:#6639ba">enable</span> <span style="color:#0550ae">(</span>all,dockerfile,github-actions,json,kubernetes,terraform-plan,helm-charts,skills<span style="color:#0550ae">)</span> <span style="color:#0550ae">(</span>default <span style="color:#0550ae">[</span>all<span style="color:#0550ae">])</span> </span></span><span style="display:flex;"><span> --audit-as-warn Report violations from policies in audit mode as warnings instead of failures </span></span><span style="display:flex;"><span> --branch string name of the branch </span></span><span style="display:flex;"><span> --details Show result details <span style="color:#cf222e">for</span> violating resources <span style="color:#0550ae">(</span>default <span style="color:#6639ba">true</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --exclude strings List of filenames to exclude during the scan, separated by commas. </span></span><span style="display:flex;"><span> --exclude-regex string Regex pattern <span style="color:#cf222e">for</span> excluding files during the scan. </span></span><span style="display:flex;"><span> --file string<span style="color:#0550ae">[=</span><span style="color:#0a3069">&#34;scan-report&#34;</span><span style="color:#0550ae">]</span> Output file <span style="color:#0550ae">(</span><span style="color:#cf222e">if</span> --file is used without a value, defaults to <span style="color:#0a3069">&#39;scan-report&#39;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --git-token string Git authentication token <span style="color:#0550ae">(</span><span style="color:#cf222e">for</span> Git repository URLs<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --git-username string Git username <span style="color:#0550ae">(</span><span style="color:#cf222e">for</span> Git repository URLs<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -h, --help <span style="color:#6639ba">help</span> <span style="color:#cf222e">for</span> repository </span></span><span style="display:flex;"><span> --include strings List of filenames to include during the scan, separated by commas. </span></span><span style="display:flex;"><span> --include-regex string Regex pattern <span style="color:#cf222e">for</span> including files during the scan. If not provided, all files are included. </span></span><span style="display:flex;"><span> --insecure allow connection to a Nirmata server with a insecure certificate <span style="color:#0550ae">(</span>not recommended<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --labels strings Report label </span></span><span style="display:flex;"><span> --no-color disable the colors <span style="color:#cf222e">for</span> the stdout reports </span></span><span style="display:flex;"><span> -o, --output string Output format <span style="color:#0550ae">(</span>text, json, yaml, scan-report, sarif<span style="color:#0550ae">)</span> <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;text&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -p, --policies strings Path to policy files <span style="color:#0550ae">(</span><span style="color:#6639ba">local</span> path, github URL, helm URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --policy-sets strings policy <span style="color:#6639ba">set</span> names <span style="color:#0550ae">(</span>pss-baseline, pss-restricted, rbac-best-practices<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --publish Publish reports <span style="color:#0550ae">(</span>default <span style="color:#6639ba">true</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --publish-token string scan reports publish token </span></span><span style="display:flex;"><span> --remediate string Remediate resources <span style="color:#0550ae">(</span><span style="color:#0a3069">&#39;show&#39;</span>, <span style="color:#0a3069">&#39;patch&#39;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --token string the Nirmata API Login Key <span style="color:#0550ae">(</span>env NIRMATA_TOKEN<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --url string the Nirmata server base URL <span style="color:#0550ae">(</span>env NIRMATA_URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options inherited from parent commands</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> -v, --v Level number <span style="color:#cf222e">for</span> the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan/">nctl scan</a> - Scan resources</li> </ul>nctl scan skillshttps://docs.nirmata.io/docs/nctl/commands/nctl_scan_skills/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_scan_skills/<h2 id="nctl-scan-skills">nctl scan skills</h2> <p>[Experimental] scan agent skills</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl scan skills <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Basic scan with required resource and policy file</span> </span></span><span style="display:flex;"><span> nctl scan skills -r path/to/skill-dir -p path/to/policy.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan multiple skills</span> </span></span><span style="display:flex;"><span> nctl scan skills -r skills/skillA -r skills/skillB -p policies/skill-baseline.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan with audit mode enabled (violations reported as warnings)</span> </span></span><span style="display:flex;"><span> nctl scan skills -r path/to/skill-dir -p path/to/policy.yaml --audit-as-warn </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan with detailed results for violating resources</span> </span></span><span style="display:flex;"><span> nctl scan skills -r path/to/skill-dir -p path/to/policy.yaml --details </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Generate a scan report in JSON format</span> </span></span><span style="display:flex;"><span> nctl scan skills -r path/to/skill-dir -p path/to/policy.yaml -o json --scan-report scan-report.json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Output results to console in JSON</span> </span></span><span style="display:flex;"><span> nctl scan skills -r path/to/skill-dir -p path/to/policy.yaml -o json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Save results to a file with default name (scan-report.json)</span> </span></span><span style="display:flex;"><span> nctl scan skills -r path/to/skill-dir -p path/to/policy.yaml -o json --file </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Disable colored output</span> </span></span><span style="display:flex;"><span> nctl scan skills -r path/to/skill-dir -p path/to/policy.yaml --no-color </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan with only critical-severity policies</span> </span></span><span style="display:flex;"><span> nctl scan skills -r path/to/skill-dir -p path/to/policies/ --selector <span style="color:#0a3069">&#34;severity=critical&#34;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan with critical and high severity policies</span> </span></span><span style="display:flex;"><span> nctl scan skills -r path/to/skill-dir -p path/to/policies/ --selector <span style="color:#0a3069">&#34;severity=critical&#34;</span> --selector <span style="color:#0a3069">&#34;severity=high&#34;</span> </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> --audit-as-warn Report violations from policies in audit mode as warnings instead of failures </span></span><span style="display:flex;"><span> --details Show result details for violating resources (default true) </span></span><span style="display:flex;"><span> --exclude-files stringArray Glob patterns to exclude from indicator content scanning (e.g. &#39;docs/*&#39;, &#39;CHANGELOG.md&#39;) </span></span><span style="display:flex;"><span> --file string[=&#34;scan-report&#34;] Output file (if --file is used without a value, defaults to &#39;scan-report&#39;) </span></span><span style="display:flex;"><span> --git-token string Git authentication token (for Git URLs in --policies) </span></span><span style="display:flex;"><span> --git-username string Git username (for Git URLs in --policies) </span></span><span style="display:flex;"><span> -h, --help help for skills </span></span><span style="display:flex;"><span> --insecure allow connection to a Nirmata server with a insecure certificate (not recommended) </span></span><span style="display:flex;"><span> --no-color disable the colors for the stdout reports </span></span><span style="display:flex;"><span> -o, --output string Output format (text, json, yaml, scan-report, sarif) (default &#34;text&#34;) </span></span><span style="display:flex;"><span> -p, --policies strings Path to policy files (optional; bundled defaults used when omitted) </span></span><span style="display:flex;"><span> --publish Publish reports </span></span><span style="display:flex;"><span> --publish-token string scan reports publish token </span></span><span style="display:flex;"><span> --remediate string Remediate resources (&#39;show&#39;, &#39;patch&#39;) </span></span><span style="display:flex;"><span> --report-sourceid string Add source id for report created for local scan </span></span><span style="display:flex;"><span> -r, --resources strings Path to resource files (local path, github URL) </span></span><span style="display:flex;"><span> --risk-threshold int Fail if aggregate risk score meets or exceeds this value (0 = disabled) </span></span><span style="display:flex;"><span> --scan-report string Output scan report file (in JSON format) </span></span><span style="display:flex;"><span> --selector stringArray Filter policies by annotation (key=value). Key is shorthand for policies.kyverno.io/{key}. Multiple selectors with the same key are OR&#39;d; different keys are AND&#39;d. Example: --selector severity=critical --selector severity=high </span></span><span style="display:flex;"><span> --token string the Nirmata API Login Key (env NIRMATA_TOKEN) </span></span><span style="display:flex;"><span> --url string the Nirmata server base URL (env NIRMATA_URL) </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan/">nctl scan</a> - Scan resources</li> </ul>nctl scan terraformhttps://docs.nirmata.io/docs/nctl/commands/nctl_scan_terraform/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_scan_terraform/<h2 id="nctl-scan-terraform">nctl scan terraform</h2> <p>scan terraform resources</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl scan terraform <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Basic scan with required resource and policy file</span> </span></span><span style="display:flex;"><span> nctl scan terraform -r path/to/file -p path/to/policy </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan with audit mode enabled (violations reported as warnings)</span> </span></span><span style="display:flex;"><span> nctl scan terraform -r path/to/file -p path/to/policy --audit-as-warn </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan with remediation suggestions displayed</span> </span></span><span style="display:flex;"><span> nctl scan terraform -r path/to/file -p path/to/policy --remediate display </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Overwrite resource files with remediations</span> </span></span><span style="display:flex;"><span> nctl scan terraform -r path/to/file -p path/to/policy --remediate overwrite </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Generate a scan report in JSON format</span> </span></span><span style="display:flex;"><span> nctl scan terraform -r path/to/file -p path/to/policy -o json --scan-report scan-report.json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Save scan results to a file</span> </span></span><span style="display:flex;"><span> nctl scan terraform -r path/to/file -p path/to/policy --file output.txt </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Disable colored output in the terminal</span> </span></span><span style="display:flex;"><span> nctl scan terraform -r path/to/file -p path/to/policy --no-color </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Scan a Terraform file and output results to console in JSON format</span> </span></span><span style="display:flex;"><span> nctl scan terraform -r /path/to/terraform-file.tf -p /path/to/policy -o json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify output format and save results to a file with default name (scan-report.json)</span> </span></span><span style="display:flex;"><span> nctl scan terraform -r /path/to/terraform-file.tf -p /path/to/policy -o json --file </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify output format and save results to a file with user defined name</span> </span></span><span style="display:flex;"><span> nctl scan terraform -r /path/to/terraform-file.tf -p /path/to/policy -o json --file<span style="color:#0550ae">=</span>user-defined-name.json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>bash </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> --audit-as-warn Report violations from policies in audit mode as warnings instead of failures </span></span><span style="display:flex;"><span> --details Show result details <span style="color:#cf222e">for</span> violating resources <span style="color:#0550ae">(</span>default <span style="color:#6639ba">true</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --file string<span style="color:#0550ae">[=</span><span style="color:#0a3069">&#34;scan-report&#34;</span><span style="color:#0550ae">]</span> Output file <span style="color:#0550ae">(</span><span style="color:#cf222e">if</span> --file is used without a value, defaults to <span style="color:#0a3069">&#39;scan-report&#39;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --git-token string Git authentication token <span style="color:#0550ae">(</span><span style="color:#cf222e">for</span> Git URLs in --policies<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --git-username string Git username <span style="color:#0550ae">(</span><span style="color:#cf222e">for</span> Git URLs in --policies<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -h, --help <span style="color:#6639ba">help</span> <span style="color:#cf222e">for</span> terraform </span></span><span style="display:flex;"><span> --insecure allow connection to a Nirmata server with a insecure certificate <span style="color:#0550ae">(</span>not recommended<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --no-color disable the colors <span style="color:#cf222e">for</span> the stdout reports </span></span><span style="display:flex;"><span> -o, --output string Output format <span style="color:#0550ae">(</span>text, json, yaml, scan-report, sarif<span style="color:#0550ae">)</span> <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;text&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -p, --policies strings Path to policy files <span style="color:#0550ae">(</span><span style="color:#6639ba">local</span> path, github URL, helm URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --publish Publish reports </span></span><span style="display:flex;"><span> --publish-token string scan reports publish token </span></span><span style="display:flex;"><span> --remediate string Remediate resources <span style="color:#0550ae">(</span><span style="color:#0a3069">&#39;show&#39;</span>, <span style="color:#0a3069">&#39;patch&#39;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --report-sourceid string Add <span style="color:#6639ba">source</span> id <span style="color:#cf222e">for</span> report created <span style="color:#cf222e">for</span> <span style="color:#6639ba">local</span> scan </span></span><span style="display:flex;"><span> -r, --resources strings Path to resource files <span style="color:#0550ae">(</span><span style="color:#6639ba">local</span> path, github URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --scan-report string Output scan report file <span style="color:#0550ae">(</span>in JSON format<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --token string the Nirmata API Login Key <span style="color:#0550ae">(</span>env NIRMATA_TOKEN<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --url string the Nirmata server base URL <span style="color:#0550ae">(</span>env NIRMATA_URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options inherited from parent commands</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> -v, --v Level number <span style="color:#cf222e">for</span> the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan/">nctl scan</a> - Scan resources</li> </ul>nctl signuphttps://docs.nirmata.io/docs/nctl/commands/nctl_signup/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_signup/<h2 id="nctl-signup">nctl signup</h2> <p>Create a new Nirmata Control Hub account</p> <h3 id="synopsis">Synopsis</h3> <p>Create a new account on Nirmata Control Hub using your email address.</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl signup <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> --email string Email address for signup (format: name@company.com) </span></span><span style="display:flex;"><span> -h, --help help for signup </span></span><span style="display:flex;"><span> --nirmataUrl string Nirmata Url (default: https://nirmata.io) (default &#34;https://nirmata.io/&#34;) </span></span><span style="display:flex;"><span> --password string Password for signup </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl/">nctl</a> - nctl is the command line interface for Nirmata</li> </ul>nctl transformhttps://docs.nirmata.io/docs/nctl/commands/nctl_transform/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_transform/<h2 id="nctl-transform">nctl transform</h2> <p>Transform resource manifests to json</p> <h3 id="synopsis">Synopsis</h3> <p>Transform resource manifests (Dockerfile, Terraform plan, Terraform config, Terraform state, Kubernetes) to json. This helps write kyverno json policies for these resources</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl transform <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for transform </span></span><span style="display:flex;"><span> -o, --output-file string Output file </span></span><span style="display:flex;"><span> -r, --resource strings Path to resource file </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl/">nctl</a> - nctl is the command line interface for Nirmata</li> </ul>nctl updatehttps://docs.nirmata.io/docs/nctl/commands/nctl_update/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_update/<h2 id="nctl-update">nctl update</h2> <p>Update Nirmata Control Hub resources</p> <h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for update </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl/">nctl</a> - nctl is the command line interface for Nirmata</li> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_update_cluster/">nctl update cluster</a> - Update cluster</li> </ul>nctl update clusterhttps://docs.nirmata.io/docs/nctl/commands/nctl_update_cluster/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_update_cluster/<h2 id="nctl-update-cluster">nctl update cluster</h2> <p>Update cluster</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl update cluster <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Update a cluster using its name</span> </span></span><span style="display:flex;"><span> nctl update cluster --cluster-name my-cluster </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Update a cluster using its unique cluster ID (Overrides name if provided)</span> </span></span><span style="display:flex;"><span> nctl update cluster --cluster-id my-cluster-id </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Update a cluster using a values file with onboarding parameters</span> </span></span><span style="display:flex;"><span> nctl update cluster -f /path/to/values.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify a private Helm repository and token for updating the operator</span> </span></span><span style="display:flex;"><span> nctl update cluster --helm-repo https://private.repo.com/helm-charts -t my-private-repo-token </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Update a cluster while allowing connections to an address with a self-signed or unverified certificate (not recommended)</span> </span></span><span style="display:flex;"><span> nctl update cluster --cluster-name my-cluster --insecure </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Update a cluster with a specific Kyverno version</span> </span></span><span style="display:flex;"><span> nctl update cluster --cluster-name my-cluster --kyverno-version 1.12 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify a custom release name for the Kyverno operator Helm chart</span> </span></span><span style="display:flex;"><span> nctl update cluster --cluster-name my-cluster --release my-kyverno-release </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Specify a custom namespace for the operator deployment</span> </span></span><span style="display:flex;"><span> nctl update cluster --cluster-name my-cluster --namespace custom-namespace </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#57606a"># Update a cluster using a specific kubeconfig file and context</span> </span></span><span style="display:flex;"><span> nctl update cluster --cluster-name my-cluster --kubeconfig /path/to/kubeconfig --kube-context my-context </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>bash </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> -i, --cluster-id string the Nirmata Control Hub cluster Id of cluster to be updated <span style="color:#0550ae">(</span>Needed <span style="color:#cf222e">if</span> cluster name is not unique<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --cluster-name string the name of cluster to be updated. Needed only <span style="color:#cf222e">if</span> Id is not provided </span></span><span style="display:flex;"><span> -t, --git-token string token <span style="color:#cf222e">for</span> the operator helm chart in private helm repo </span></span><span style="display:flex;"><span> --helm-repo string operator helm repository name <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;https://nirmata.github.io/kyverno-charts&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -h, --help <span style="color:#6639ba">help</span> <span style="color:#cf222e">for</span> cluster </span></span><span style="display:flex;"><span> --insecure allow connection to a Nirmata server with a insecure certificate <span style="color:#0550ae">(</span>not recommended<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --kube-context string the kube context from configured kubeconfig. Default is the current or sole context </span></span><span style="display:flex;"><span> --kubeconfig string kubeconfig path <span style="color:#0550ae">(</span>defaults to <span style="color:#953800">$HOME</span>/.kube/kubeconfig<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --kyverno-version string Kyverno version 1.11 <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;1.11&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -n, --namespace string operator namespace <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;nirmata-system&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --registry-name string name of the private registry <span style="color:#0550ae">(</span>no need <span style="color:#cf222e">if</span> images are not pushed to private registry<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --registry-password string password of the private registry <span style="color:#0550ae">(</span>no need <span style="color:#cf222e">if</span> images are not pushed to private registry<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --registry-username string user name of the private registry <span style="color:#0550ae">(</span>no need <span style="color:#cf222e">if</span> images are not pushed to private registry<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -r, --release string operator helm chart release name <span style="color:#0550ae">(</span>default <span style="color:#0a3069">&#34;kyverno-operator&#34;</span><span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --token string the Nirmata API Login Key <span style="color:#0550ae">(</span>env NIRMATA_TOKEN<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> --url string the Nirmata server base URL <span style="color:#0550ae">(</span>env NIRMATA_URL<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span> -f, --values-file string the cluster onboarding parameter YAML file </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">### Options inherited from parent commands</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> -v, --v Level number <span style="color:#cf222e">for</span> the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_update/">nctl update</a> - Update Nirmata Control Hub resources</li> </ul>nctl versionhttps://docs.nirmata.io/docs/nctl/commands/nctl_version/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/commands/nctl_version/<h2 id="nctl-version">nctl version</h2> <p>Show version and build information</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl version <span style="color:#0550ae">[</span>flags<span style="color:#0550ae">]</span> </span></span></code></pre></div><h3 id="options">Options</h3> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span> -h, --help help for version </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### Options inherited from parent commands </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> -v, --v Level number for the log level verbosity </span></span></code></pre></div><h3 id="see-also">SEE ALSO</h3> <ul> <li><a href="https://docs.nirmata.io/docs/nctl/commands/nctl/">nctl</a> - nctl is the command line interface for Nirmata</li> </ul>Users and Roleshttps://docs.nirmata.io/docs/control-hub/identity-access/users/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/control-hub/identity-access/users/<p>An account can have multiple users, and each user has a role that defines what they can see and do. When a new account is created, the first user has an <em>admin</em> role which allows that user to create and manage additional users for the account.</p> <h2 id="user-roles-and-description">User roles and description</h2> <p>The following user roles are available:</p> <table> <thead> <tr> <th>Role</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><strong>admin</strong></td> <td><em>admin</em> users have full access to the account and can manage other users and their access.</td> </tr> <tr> <td><strong>platform</strong></td> <td><em>platform</em> users can access all resources including Compliance, Inventory Report, and Policies, but cannot manage users.</td> </tr> <tr> <td><strong>security</strong></td> <td><em>security</em> users can view the Policy Report and manage Policy Exceptions. They have the privilege to review Policy Exception requests and have access to Compliance, Clusters, and Repositories, but cannot manage users.</td> </tr> <tr> <td><strong>devops</strong></td> <td><em>devops</em> users have the least privileged access. A devops user can view the Policy Report and create Policy Exceptions. They do not have access to Compliance, Inventory Report, and cannot manage users.</td> </tr> </tbody> </table> <h2 id="configuring-user-roles-and-permissions">Configuring user roles and permissions</h2> <p>Identity &amp; Access Management (IAM) lets you add users, set user privileges, group users in teams, and configure access methods such as Security Assertion Markup Language (SAML), OpenID Connect (OIDC), and Multi-Factor Authentication (MFA).</p>Teamshttps://docs.nirmata.io/docs/control-hub/identity-access/teams/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/control-hub/identity-access/teams/<p>In Nirmata, users can be organized into <em>teams</em>. A team is a logical entity that allows you to manage permissions for a group of users who require shared access to organizational resources. Each team can include multiple users, each with specific roles and permissions.</p> <hr> <h2 id="adding-a-team">Adding a Team</h2> <p>To create a new team:</p> <ol> <li>Navigate to <strong>Identity &amp; Access &gt; Teams</strong>.</li> <li>Click the <strong>Add Team</strong> button. The <em>Add a New Team</em> page will appear.</li> <li>In the <strong>Name</strong> field, enter the team’s name.</li> <li>In the <strong>Description</strong> field, provide a brief description of the team.</li> <li>To add users: <ul> <li>In the <strong>Users</strong> section, click the <strong>Add Users</strong> button.</li> <li>In the search field, enter the user’s name and select the checkbox next to it.</li> </ul> </li> <li>To assign namespace access: <ul> <li>Click the <strong>Add Access Control</strong> button.</li> <li>In the search field, enter the desired namespaces and select the corresponding checkboxes.</li> </ul> </li> <li>Click <strong>Create</strong> to finalize the team.</li> </ol> <hr> <h2 id="editing-or-deleting-a-team">Editing or Deleting a Team</h2> <p>To edit a team:</p>Service Account Authenticationhttps://docs.nirmata.io/docs/nctl/service-accounts/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/service-accounts/<p>Nirmata Control Hub Service Account tokens allow <code>nctl</code> to authenticate with Nirmata Control Hub without requiring a user login. This is the recommended approach for CI/CD pipelines, GitOps workflows, and any automated scanning or publishing process where storing user credentials is not practical.</p> <h2 id="overview">Overview</h2> <p>By default, <code>nctl</code> authenticates using a user API key (set via <code>nctl login</code>, the <code>NIRMATA_TOKEN</code> environment variable, or <code>~/.nirmata/config</code>). Service Account tokens provide an alternative authentication path scoped to specific operations, making them well-suited for automation.</p>GitHub App Permissionshttps://docs.nirmata.io/docs/control-hub/settings/integrations/githubapp/permissions/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/control-hub/settings/integrations/githubapp/permissions/<blockquote> <p><strong>Applies to:</strong> Nirmata Control Hub 4.0 and later</p></blockquote> <h2 id="repository-permissions">Repository Permissions</h2> <table> <thead> <tr> <th>Permission</th> <th>Access Level</th> <th>Purpose</th> </tr> </thead> <tbody> <tr> <td><strong>Metadata</strong></td> <td>Read</td> <td>Required by GitHub (mandatory for all apps)</td> </tr> <tr> <td><strong>Contents</strong></td> <td>Read &amp; Write</td> <td>Create and modify files, branches, and commits</td> </tr> <tr> <td><strong>Pull Requests</strong></td> <td>Read &amp; Write</td> <td>Create, update, and merge pull requests</td> </tr> <tr> <td><strong>Issues</strong></td> <td>Read &amp; Write</td> <td>Create and manage issues for tracking</td> </tr> </tbody> </table> <h2 id="what-nirmata-can-do">What Nirmata Can Do</h2> <p>With these permissions, Nirmata can:</p> <ul> <li>Read repository contents and metadata</li> <li>Create branches for policy fixes</li> <li>Commit changes to branches</li> <li>Open pull requests with automated fixes</li> <li>Add comments to pull requests</li> <li>Create issues for violations or notifications</li> <li>Read and respond to PR comments</li> </ul> <h2 id="what-nirmata-cannot-do">What Nirmata Cannot Do</h2> <p>The app <strong>cannot</strong>:</p>Scanning Resourceshttps://docs.nirmata.io/docs/nctl/scan/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/nctl/scan/<p><code>nctl scan</code> is the primary command group for scanning resources for policy violations and security misconfigurations. It supports a wide range of resource types — from live Kubernetes clusters and Git repositories to Terraform plans, Dockerfiles, and Helm charts — making it easy to shift-left security across your entire stack.</p> <h2 id="subcommands">Subcommands</h2> <table> <thead> <tr> <th>Command</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_kubernetes/"><code>nctl scan kubernetes</code></a></td> <td>Scan Kubernetes resources from a live cluster or local manifests against Kyverno policies</td> </tr> <tr> <td><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_repository/"><code>nctl scan repository</code></a></td> <td>Scan all supported resource types in a Git repository or local directory in a single command</td> </tr> <tr> <td><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_terraform/"><code>nctl scan terraform</code></a></td> <td>Scan Terraform plan files for policy violations</td> </tr> <tr> <td><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_dockerfile/"><code>nctl scan dockerfile</code></a></td> <td>Scan Dockerfiles for security and best-practice violations</td> </tr> <tr> <td><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_helm/"><code>nctl scan helm</code></a></td> <td>Scan Helm charts for policy violations</td> </tr> <tr> <td><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_json/"><code>nctl scan json</code></a></td> <td>Scan arbitrary JSON-formatted resources</td> </tr> <tr> <td><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_github-actions/"><code>nctl scan github-actions</code></a></td> <td>Scan GitHub Actions workflow files for security vulnerabilities</td> </tr> <tr> <td><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_compliance/"><code>nctl scan compliance</code></a></td> <td>Run a compliance scan against a Kubernetes cluster for a named standard (SOC2, NIST 800-53, PCI-DSS, etc.)</td> </tr> <tr> <td><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_prompt/"><code>nctl scan prompt</code></a></td> <td>[Experimental] Scan LLM prompts for policy violations</td> </tr> <tr> <td><a href="https://docs.nirmata.io/docs/nctl/commands/nctl_scan_skills/"><code>nctl scan skills</code></a></td> <td>[Experimental] Scan agent skills</td> </tr> </tbody> </table> <h2 id="output-formats">Output Formats</h2> <p>Most scan commands support multiple output formats via the <code>-o</code> / <code>--output</code> flag:</p>Usagehttps://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/usage/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/usage/<h2 id="overview">Overview</h2> <p>Kyverno MCP serves two primary use cases that address different stages of the Kubernetes policy management lifecycle. Whether you&rsquo;re proactively assessing cluster security or monitoring existing policy deployments, these scenarios demonstrate how to leverage Kyverno MCP effectively.</p> <h2 id="scenario-1-proactive-assessment">Scenario 1: Proactive Assessment</h2> <p>In this scenario, Kyverno is not installed on your clusters. You can use the Kyverno MCP server to scan cluster resources with recommended or custom policy sets.</p> <h3 id="the-challenge">The Challenge</h3> <p><em>&ldquo;As a DevOps engineer, I want to scan my Kubernetes clusters for policy violations and assess their security posture without needing to install Kyverno or deploy policies to the cluster.&rdquo;</em></p>Cluster Onboardinghttps://docs.nirmata.io/docs/nctl/cluster-onboarding/Sat, 10 Oct 2020 11:02:05 +0600https://docs.nirmata.io/docs/nctl/cluster-onboarding/<p><code>nctl</code> provides an easy way to add new clusters to Nirmata Control Hub, and also to interact with existing clusters.</p> <p><strong>Note:</strong> You must be logged in to your Nirmata Control Hub account before performing any of the below actions. View the steps to login <a href="https://docs.nirmata.io/docs/nctl/getting-started/#login-to-the-nirmata-policy-manager">here</a>.</p> <h2 id="add-a-new-cluster-to-nirmata-control-hub">Add a new cluster to Nirmata Control Hub</h2> <p>To onboard an existing cluster to the Nirmata Control Hub, use the <code>add</code> command.</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl add cluster --cluster-name &lt;cluster-name&gt; </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>This will install the Kyverno Operator, and also deploy the following PolicySets: </span></span><span style="display:flex;"><span>* Pod Security Standards <span style="color:#0550ae">(</span>Baseline<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span>* Pod Security Standards <span style="color:#0550ae">(</span>Restricted<span style="color:#0550ae">)</span> </span></span><span style="display:flex;"><span>* RBAC Best Practices </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>If you wish to only onboard the cluster without deploying the Kyverno Operator and related components, use the <span style="color:#0a3069">`</span>--register-only<span style="color:#0a3069">`</span> flag. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">## List all clusters</span> </span></span><span style="display:flex;"><span>To get a list of all clusters that are onboarded to Nirmata Control Hub, use the <span style="color:#0a3069">`</span>get<span style="color:#0a3069">`</span> command. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>bash </span></span><span style="display:flex;"><span>nctl get cluster </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">## Get cluster details</span> </span></span><span style="display:flex;"><span>To view more details about a cluster: </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>bash </span></span><span style="display:flex;"><span>nctl get cluster &lt;cluster-name&gt; </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a">## Remove cluster from Nirmata Control Hub</span> </span></span><span style="display:flex;"><span>To remove a cluster from Nirmata Control Hub: </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#0a3069">```</span>bash </span></span><span style="display:flex;"><span>nctl remove cluster --cluster-name &lt;cluster-name&gt; </span></span></code></pre></div><p>This deregisters the cluster from Nirmata Control Hub and removes the Kyverno Operator, related components, and policysets that were installed during cluster registration.</p>Amazon EKShttps://docs.nirmata.io/docs/controllers/n4k/provider-integrations/amazon-eks/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/controllers/n4k/provider-integrations/amazon-eks/<p>Amazon Elastic Kubernetes Service (Amazon EKS) is a popular managed Kubernetes service for deploying and managing containerized applications. Amazon EKS users are challenged with ensuring security and governance across their entire fleet of clusters. Kyverno, an open-source policy engine, enables policy-based security, governance, and compliance for Amazon EKS clusters. Using Kyverno, enterprise platform teams can deploy the necessary guardrails to ensure that deployed applications are secure, compliant, and follow Amazon EKS Best Practices.</p>Available Toolshttps://docs.nirmata.io/docs/ai/nctl-ai/tools/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/ai/nctl-ai/tools/<p>The following tools are available to <code>nctl ai</code>. The agent selects the appropriate tool based on your request.</p> <h2 id="tools-by-category">Tools by category</h2> <table> <thead> <tr> <th>Category</th> <th>Tool</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><strong>Command execution</strong></td> <td><code>bash</code></td> <td>Execute a bash command. Use when you need to run a shell command.</td> </tr> <tr> <td><strong>Command execution</strong></td> <td><code>kubectl</code></td> <td>Command-line tool for interacting with Kubernetes clusters.</td> </tr> <tr> <td><strong>Policy</strong></td> <td><code>generate_policy</code></td> <td>Generate a Kyverno policy.</td> </tr> <tr> <td><strong>Policy</strong></td> <td><code>generate_kyverno_tests</code></td> <td>Generate Kyverno CLI tests for a policy. Returns filenames and contents for <code>kyverno-test.yaml</code>, <code>resources.yaml</code>, and optionally <code>variables.yaml</code>.</td> </tr> <tr> <td><strong>Policy</strong></td> <td><code>generate_chainsaw_tests</code></td> <td>Generate or update Chainsaw tests for Kyverno policies.</td> </tr> <tr> <td><strong>Policy</strong></td> <td><code>run_kyverno_tests</code></td> <td>Test Kyverno policies using the Kyverno CLI test command.</td> </tr> <tr> <td><strong>Security</strong></td> <td><code>remediate</code></td> <td>Fix policy violations for a resource.</td> </tr> <tr> <td><strong>Security</strong></td> <td><code>scan_kubernetes_resources</code></td> <td>Scan Kubernetes resource files against policies and return results.</td> </tr> <tr> <td><strong>Security</strong></td> <td><code>scan_kubernetes_cluster</code></td> <td>Scan Kubernetes resources in a cluster against policies and return results.</td> </tr> <tr> <td><strong>Security</strong></td> <td><code>scan_terraform</code></td> <td>Scan Terraform resources against policies and return results.</td> </tr> <tr> <td><strong>Security</strong></td> <td><code>scan_prompt</code></td> <td>Scan LLM prompts against security policies for injection attacks, jailbreak patterns, PII leakage, credential exposure, and other risks. Accepts inline content, file paths, or directories. Returns policy evaluation results with a risk score.</td> </tr> <tr> <td><strong>Security</strong></td> <td><code>skills_scan</code></td> <td>Scan a skill (folder or artifact) against policies and return a signed/hashed receipt with decision and findings. Normalizes the skill directory, applies Kyverno ValidatingPolicies, computes a trust score and decision (Allow/Review/Deny), and produces a receipt for later verification.</td> </tr> <tr> <td><strong>Communication</strong></td> <td><code>email</code></td> <td>Send an email via Nirmata Control Hub.</td> </tr> <tr> <td><strong>Communication</strong></td> <td><code>list_slack_channels</code></td> <td>List all Slack channels the user has access to.</td> </tr> <tr> <td><strong>Communication</strong></td> <td><code>send_slack_message</code></td> <td>Send a message to a Slack channel via Nirmata Control Hub.</td> </tr> <tr> <td><strong>File system</strong></td> <td><code>read_file</code></td> <td>Read the complete contents of a file.</td> </tr> <tr> <td><strong>File system</strong></td> <td><code>read_multiple_files</code></td> <td>Read the contents of multiple files in a single operation.</td> </tr> <tr> <td><strong>File system</strong></td> <td><code>write_file</code></td> <td>Create a new file or overwrite an existing file with new content.</td> </tr> <tr> <td><strong>File system</strong></td> <td><code>modify_file</code></td> <td>Update a file by finding and replacing text. Pattern matching without needing exact character positions.</td> </tr> <tr> <td><strong>File system</strong></td> <td><code>copy_file</code></td> <td>Copy files and directories.</td> </tr> <tr> <td><strong>File system</strong></td> <td><code>move_file</code></td> <td>Move or rename files and directories.</td> </tr> <tr> <td><strong>File system</strong></td> <td><code>delete_file</code></td> <td>Delete a file or directory from the file system.</td> </tr> <tr> <td><strong>File system</strong></td> <td><code>create_directory</code></td> <td>Create a new directory or ensure a directory exists.</td> </tr> <tr> <td><strong>File system</strong></td> <td><code>list_directory</code></td> <td>Get a detailed listing of all files and directories in a specified path.</td> </tr> <tr> <td><strong>File system</strong></td> <td><code>tree</code></td> <td>Return a hierarchical JSON representation of a directory structure.</td> </tr> <tr> <td><strong>File system</strong></td> <td><code>get_file_info</code></td> <td>Retrieve detailed metadata about a file or directory.</td> </tr> <tr> <td><strong>File system</strong></td> <td><code>search_files</code></td> <td>Recursively search for files and directories matching a pattern.</td> </tr> <tr> <td><strong>File system</strong></td> <td><code>search_within_files</code></td> <td>Search for text within file contents. Scans text files for matching substrings; binary files are excluded. Reports file paths and line numbers.</td> </tr> <tr> <td><strong>File system</strong></td> <td><code>list_allowed_directories</code></td> <td>Return the list of directories the server is allowed to access.</td> </tr> <tr> <td><strong>File system</strong></td> <td><code>add_allowed_directory</code></td> <td>Add a directory to the allowed list for filesystem operations. Use when you get errors about directories being outside allowed directories.</td> </tr> <tr> <td><strong>Utility</strong></td> <td><code>todo</code></td> <td>Manage a todo list (add, remove, update, list items). Automatically prevents duplicate items.</td> </tr> <tr> <td><strong>Utility</strong></td> <td><code>worker</code></td> <td>Manage background workers for concurrent task processing.</td> </tr> </tbody> </table> <h2 id="slack-integration">Slack integration</h2> <p>Slack tools (<code>list_slack_channels</code>, <code>send_slack_message</code>) require <a href="https://docs.nirmata.io/docs/control-hub/settings/integrations/">Slack integration configured in Nirmata Control Hub</a>. No additional environment variables are needed once configured in Nirmata Control Hub.</p>Cluster Deployment Optionshttps://docs.nirmata.io/docs/control-hub/cluster/deployment-options/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/control-hub/cluster/deployment-options/<blockquote> <p><strong>Applies to:</strong> Nirmata Control Hub 4.0 and later</p></blockquote> <p>Choose whether to allow Nirmata to deploy custom resources directly to your cluster or manage them using your own GitOps and Continuous Delivery tools.</p> <h2 id="read-only">Read-Only</h2> <p>Nirmata will not deploy Policies or Policy Exceptions to your cluster. You retain complete control and deploy these resources yourself using your own tools (Argo CD, Flux, kubectl, etc.).</p> <p>Nirmata still provides full visibility: compliance reports, violation dashboards, and monitoring all function normally.</p>Installationhttps://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/installation/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/installation/<h2 id="installation-methods">Installation Methods</h2> <p>Kyverno MCP can be installed using several methods depending on your operating system and preferences.</p> <h3 id="prerequisites">Prerequisites</h3> <ul> <li>Go 1.24 or higher (only for building from source)</li> <li>Access to a Kubernetes cluster with a valid kubeconfig</li> <li>Kyverno installed in your cluster (for policy operations)</li> </ul> <h3 id="option-1-homebrew-recommended-for-macoslinux">Option 1: Homebrew (Recommended for macOS/Linux)</h3> <p>The easiest way to install Kyverno MCP on macOS or Linux:</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#57606a"># Add the Nirmata tap</span> </span></span><span style="display:flex;"><span>brew tap nirmata/tap </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a"># Install Kyverno MCP</span> </span></span><span style="display:flex;"><span>brew install kyverno-mcp </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#57606a"># Verify installation</span> </span></span><span style="display:flex;"><span>kyverno-mcp --version </span></span></code></pre></div><h3 id="option-2-pre-built-binaries">Option 2: Pre-built Binaries</h3> <p>Download pre-built binaries for your platform:</p>Profilehttps://docs.nirmata.io/docs/control-hub/settings/profile/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/control-hub/settings/profile/<p>In the <strong>Settings</strong> &gt; <strong>Profile</strong> view, users can <strong>Copy API Key</strong>, <strong>Generate a new API Key</strong>, and <strong>Change Password</strong>. Under <em>My Settings</em>, the user&rsquo;s details are displayed with information related to <em>Name, Email, Identity Provider, Role, and Last Login</em>.</p> <p><img src="https://docs.nirmata.io/images/new_profile.png" alt="image"></p> <p><strong>Admin users</strong> can edit their profile information by clicking on the edit button. They can change their <em>role, name, email address, and identity provider</em> and turn on multi-factor authentication.</p> <p><img src="https://docs.nirmata.io/images/edit_profile.png" alt="image"></p>Available Skillshttps://docs.nirmata.io/docs/ai/nctl-ai/skills/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/ai/nctl-ai/skills/<p><code>nctl ai</code> loads specialized skills dynamically based on your task. The following built-in skills are available.</p> <h2 id="skills-by-category">Skills by category</h2> <table> <thead> <tr> <th>Category</th> <th>Skill</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><strong>Design</strong></td> <td>brand-guidelines</td> <td>Applies Nirmata&rsquo;s official brand colors and typography to generated content. Use when creating emails, reports, presentations, Slack/Teams messages, or any artifact requiring Nirmata branding or company design standards.</td> </tr> <tr> <td><strong>Policy</strong></td> <td>chainsaw-tests</td> <td>Generate and run Chainsaw E2E integration tests. Use when the user asks for chainsaw tests, e2e tests, or integration tests, or wants to test policies in a real Kubernetes cluster. Creates test manifests and validates admission webhook behavior for ValidatingPolicy, MutatingPolicy, and ClusterPolicy.</td> </tr> <tr> <td><strong>Setup</strong></td> <td>cluster-setup</td> <td>Set up a local Kubernetes development environment with Docker, Kind, Kyverno, and testing tools. For developers who can install tools locally.</td> </tr> <tr> <td><strong>Policy</strong></td> <td>converting-chainsaw-tests</td> <td>Convert Chainsaw tests from ClusterPolicy (kyverno.io/v1) to ValidatingPolicy (policies.kyverno.io/v1alpha1) format. Use when converting existing test suites to work with new Kyverno ValidatingPolicy resources.</td> </tr> <tr> <td><strong>Policy</strong></td> <td>converting-policies</td> <td>Convert any policy to modern Kyverno ValidatingPolicy format. Use when the user asks to convert, migrate, upgrade, or transform a policy. Handles ClusterPolicy to ValidatingPolicy, OPA Rego migration, Gatekeeper constraint templates, Sentinel policies, and cross-engine policy translation.</td> </tr> <tr> <td><strong>Cost</strong></td> <td>cost-management</td> <td>Installs, configures, and validates the Nirmata Cost Management Add-on. Deploys OpenCost for cost visibility, Prometheus integration, Grafana dashboards for chargeback, and Kyverno cost guardrails for namespace labeling and resource requests. Supports kind, EKS, GKE, and AKS with real cloud pricing. Use when setting up cost visibility, cost allocation, cost hygiene labels, or troubleshooting OpenCost.</td> </tr> <tr> <td><strong>Setup</strong></td> <td>installing-remediator-agent</td> <td>Installs and configures the Remediator Agent for policy violation remediation. Guides through environment selection (ArgoCD Hub, Local Cluster, VCS Target), LLM provider setup (NirmataAI, AWS Bedrock, Azure OpenAI), GitHub auth (App or PAT), action config (CreatePR, CreateIssue), scheduling, and verification. Use when setting up automated AI-powered policy remediation.</td> </tr> <tr> <td><strong>Compliance</strong></td> <td>cis-benchmark-scan</td> <td>Scans Kubernetes clusters against CIS Benchmarks using nctl scan compliance and generates a full markdown compliance report. No policies are deployed to the cluster — nctl evaluates them locally with results stored as snapshots. Supports EKS (CIS EKS Benchmark v1.7.0), AKS, GKE, and generic Kubernetes (CIS Kubernetes Benchmark v1.8.0). Covers RBAC and Pod Security controls, plus AWS API checks for Control Plane (Section 2) and cluster networking (Section 5.3–5.5) on EKS. Use when performing CIS compliance audits, generating compliance reports for security teams, or assessing cluster security posture against industry benchmarks.</td> </tr> <tr> <td><strong>Compliance</strong></td> <td>compliance-evidence</td> <td>Collects and packages Kubernetes-native compliance evidence for external auditors. Exports RBAC configurations, NetworkPolicies, admission webhooks, Kyverno PolicyReports and PolicyExceptions, and generates a timestamped MANIFEST.md with control-ID mapping and a manual evidence checklist. Supports NSA/CISA, NIST SP 800-53, SOC 2 Type II, ISO/IEC 27001, and PCI-DSS. Use when preparing evidence packages for SOC 2, ISO 27001, NIST, or PCI-DSS auditors, or to document accepted risks via PolicyExceptions.</td> </tr> <tr> <td><strong>Compliance</strong></td> <td>compliance-scan</td> <td>Scans Kubernetes clusters against regulatory compliance standards using nctl scan compliance and generates a full markdown report with control-ID mapping. Supports NSA/CISA Kubernetes Hardening Guide, NIST SP 800-53, SOC 2 Type II, ISO/IEC 27001, and PCI-DSS. No policies are deployed — nctl evaluates them locally and stores results as snapshots. Use when performing regulatory audits, generating SOC 2 or ISO 27001 evidence, or assessing Kubernetes security posture against NIST or NSA/CISA frameworks.</td> </tr> <tr> <td><strong>Compliance</strong></td> <td>kyverno-compliance-management</td> <td>Install Kyverno or Nirmata Enterprise Kyverno with optional compliance dashboards. Detects if Kyverno is missing and guides installation. Supports Pod Security Standards (PSS Baseline, PSS Restricted), RBAC Best Practices, and Grafana compliance visualization. Use when installing Kyverno/Nirmata Enterprise for Kyverno, setting up Kubernetes compliance, or configuring PSS or RBAC policies.</td> </tr> <tr> <td><strong>Policy</strong></td> <td>kyverno-policies</td> <td>Generate and create Kyverno policies from natural language requirements. Use when the user asks to generate, create, or write a policy, or needs help with policy development. Covers ValidatingPolicy, MutatingPolicy, GeneratingPolicy, ClusterPolicy, and other Kyverno policy types.</td> </tr> <tr> <td><strong>Policy</strong></td> <td>kyverno-tests</td> <td>Generate and run Kyverno CLI unit tests for fast offline policy validation. Use when the user asks for unit tests, kyverno test, cli tests, or wants to test policies without a cluster. Creates kyverno-test.yaml files and runs the kyverno test command.</td> </tr> <tr> <td><strong>Onboarding</strong></td> <td>quickstart</td> <td>First-run cluster assessment: checks cluster maturity, identifies issues, runs security scans, and recommends policy packs. Alias: assessment. Use on first launch, or when assessing a new cluster, running a health check, getting security recommendations, checking policy coverage, or identifying quick wins for Kubernetes governance.</td> </tr> <tr> <td><strong>Policy</strong></td> <td>recommend-policies</td> <td>Analyzes Kubernetes clusters to recommend Kyverno policies based on installed workloads and platform type. Detects baseline security gaps (pod-security, RBAC, workload-security), platform-specific needs (EKS, OpenShift), and add-on policies (Istio, Linkerd, Flux, Tekton, Veeam Kasten, KubeVirt, Karpenter, ArgoCD, Crossplane). Use when assessing cluster security posture, implementing policy governance, or ensuring compliance.</td> </tr> <tr> <td><strong>Policy</strong></td> <td>policy-exception</td> <td>generate PolicyExceptions for running workloads so that Enforce or Deny mode does not block existing workloads; migrate policies from Audit to Enforce by creating exceptions for current violations</td> </tr> <tr> <td><strong>Troubleshooting &amp; Operations</strong></td> <td>troubleshooting-kyverno</td> <td>Diagnoses Kyverno issues: webhook timeouts, OOMKilled pods, CrashLoopBackOff, policy failures, permission errors, performance degradation, report accumulation. Use when policies not enforcing, admission controller crashing, context deadline exceeded, client-side throttling, or cloud-specific failures on EKS/GKE/AKS.</td> </tr> <tr> <td><strong>Troubleshooting &amp; Operations</strong></td> <td>troubleshooting-workloads</td> <td>Troubleshoot Kubernetes workloads, pods, and applications in any namespace. Diagnoses CrashLoopBackOff, ImagePullBackOff, Pending pods, OOMKilled, failed probes, resource constraints. Use when debugging pods, investigating application failures, pods not starting, containers crashing, high restart counts, or services unreachable. Recommends Kyverno policies to prevent recurrence.</td> </tr> </tbody> </table> <h2 id="adding-custom-skills">Adding custom skills</h2> <p>You can extend the agent with your own skills. See <a href="https://docs.nirmata.io/docs/ai/nctl-ai/extend/#adding-custom-skills">Adding Custom Skills</a> for loading custom skill directories and creating <code>SKILL.md</code> files.</p>Kyverno Operator Managementhttps://docs.nirmata.io/docs/nctl/kyverno-operator-management/Sat, 10 Oct 2020 11:02:05 +0600https://docs.nirmata.io/docs/nctl/kyverno-operator-management/<p>The Enterprise Kyverno Operator is a <a href="https://www.cncf.io/blog/2022/06/15/kubernetes-operators-what-are-they-some-examples/">Kubernetes Operator</a> to manage lifecycle of Kyverno, Adapters and Nirmata supported policies. It offers comprehensive lifecycle management capabilities that go beyond just Kyverno itself, extending to related components like policies and adapters. Managing these components at scale can be challenging due to compatibility and upgrade issues. The Operator provides a seamless solution for your policy and governance ecosystem, ensuring stability and smooth operation. The Operator itself can be used with <code>nctl</code> and is also available as a <a href="https://github.com/nirmata/kyverno-charts/blob/main/charts/enterprise-kyverno-operator/README.md#helm-chart-for-enterprise-kyverno">Helm chart</a>.</p>Amazon EKS-Ahttps://docs.nirmata.io/docs/controllers/n4k/provider-integrations/amazon-eks-a/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/controllers/n4k/provider-integrations/amazon-eks-a/<p>Amazon EKS Anywhere lets you create and operate Kubernetes clusters on your own infrastructure. Amazon EKS Anywhere builds on the strengths of Amazon EKS Distro and provides open-source software that&rsquo;s up to date and patched so you can have an on-premises Kubernetes environment that&rsquo;s more reliable than a self-managed Kubernetes offering. Kyverno, an open-source policy engine, enables policy-based security, governance, and compliance for Amazon EKS-A clusters. Using Kyverno, enterprise platform teams can deploy the necessary guardrails to ensure that deployed applications are secure, compliant, and follow Amazon EKS Best Practices.</p>Available Toolshttps://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/available-tools/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/available-tools/<h2 id="overview">Overview</h2> <p>Kyverno MCP provides several tools that AI assistants can use to interact with Kyverno and Kubernetes. Each tool is designed for specific operations and returns structured data.</p> <h2 id="context-management-tools">Context Management Tools</h2> <h3 id="list_contexts">list_contexts</h3> <p>Lists all available Kubernetes contexts from your kubeconfig.</p> <p><strong>Purpose</strong>: Discover available Kubernetes clusters/contexts</p> <p><strong>Example Request</strong>:</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-text" data-lang="text"><span style="display:flex;"><span>List all my available Kubernetes contexts </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Example Response**: </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> &#34;contexts&#34;: [ </span></span><span style="display:flex;"><span> { </span></span><span style="display:flex;"><span> &#34;name&#34;: &#34;production-cluster&#34;, </span></span><span style="display:flex;"><span> &#34;cluster&#34;: &#34;prod-k8s&#34;, </span></span><span style="display:flex;"><span> &#34;user&#34;: &#34;admin@prod&#34; </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> { </span></span><span style="display:flex;"><span> &#34;name&#34;: &#34;staging-cluster&#34;, </span></span><span style="display:flex;"><span> &#34;cluster&#34;: &#34;staging-k8s&#34;, </span></span><span style="display:flex;"><span> &#34;user&#34;: &#34;admin@staging&#34; </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> ], </span></span><span style="display:flex;"><span> &#34;current&#34;: &#34;production-cluster&#34; </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### switch_context </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Switches to a different Kubernetes context. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Purpose**: Change the active Kubernetes cluster </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Parameters**: </span></span><span style="display:flex;"><span>- `context`: The name of the context to switch to </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Example Request**: </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span>Switch to the staging-cluster context </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Example Response**: </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> &#34;message&#34;: &#34;Switched to context: staging-cluster&#34;, </span></span><span style="display:flex;"><span> &#34;previous&#34;: &#34;production-cluster&#34;, </span></span><span style="display:flex;"><span> &#34;current&#34;: &#34;staging-cluster&#34; </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>## Policy Management Tools </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### apply_policies </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Applies Kyverno policies from various sources. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Purpose**: Deploy policies to enforce security and compliance </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Parameters**: </span></span><span style="display:flex;"><span>- `source`: The source of policies </span></span><span style="display:flex;"><span> - Curated sets: `pod-security`, `rbac-best-practices`, `kubernetes-best-practices`, `all` </span></span><span style="display:flex;"><span> - Git repository: `https://github.com/org/repo` </span></span><span style="display:flex;"><span> - Local path: `/path/to/policies` </span></span><span style="display:flex;"><span>- `namespace`: (Optional) Target namespace for policies </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Example Requests**: </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>1. Apply curated pod security policies: </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span>Apply pod security policies to my cluster </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>2. Apply policies from a Git repository: </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span>Apply policies from https://github.com/myorg/kyverno-policies </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>3. Apply all curated policies: </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span>Apply all best practice policies to the cluster </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Example Response**: </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> &#34;message&#34;: &#34;Successfully applied 15 policies&#34;, </span></span><span style="display:flex;"><span> &#34;policies&#34;: [ </span></span><span style="display:flex;"><span> &#34;disallow-privileged-containers&#34;, </span></span><span style="display:flex;"><span> &#34;require-run-as-non-root&#34;, </span></span><span style="display:flex;"><span> &#34;restrict-volume-types&#34; </span></span><span style="display:flex;"><span> ], </span></span><span style="display:flex;"><span> &#34;source&#34;: &#34;pod-security&#34; </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>## Monitoring Tools </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### show_violations </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Displays policy violations from PolicyReport and ClusterPolicyReport resources. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Purpose**: Monitor compliance and identify issues </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Parameters**: </span></span><span style="display:flex;"><span>- `namespace`: (Optional) Filter violations by namespace </span></span><span style="display:flex;"><span>- `severity`: (Optional) Filter by severity level </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Example Requests**: </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>1. Show all violations: </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span>Show me all policy violations in the cluster </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>2. Show violations in a specific namespace: </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span>Show policy violations in the production namespace </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Example Response**: </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> &#34;violations&#34;: [ </span></span><span style="display:flex;"><span> { </span></span><span style="display:flex;"><span> &#34;policy&#34;: &#34;disallow-privileged-containers&#34;, </span></span><span style="display:flex;"><span> &#34;resource&#34;: &#34;pod/webapp-xyz&#34;, </span></span><span style="display:flex;"><span> &#34;namespace&#34;: &#34;production&#34;, </span></span><span style="display:flex;"><span> &#34;severity&#34;: &#34;high&#34;, </span></span><span style="display:flex;"><span> &#34;message&#34;: &#34;Privileged containers are not allowed&#34;, </span></span><span style="display:flex;"><span> &#34;timestamp&#34;: &#34;2024-01-15T10:30:00Z&#34; </span></span><span style="display:flex;"><span> }, </span></span><span style="display:flex;"><span> { </span></span><span style="display:flex;"><span> &#34;policy&#34;: &#34;require-resource-limits&#34;, </span></span><span style="display:flex;"><span> &#34;resource&#34;: &#34;deployment/backend&#34;, </span></span><span style="display:flex;"><span> &#34;namespace&#34;: &#34;staging&#34;, </span></span><span style="display:flex;"><span> &#34;severity&#34;: &#34;medium&#34;, </span></span><span style="display:flex;"><span> &#34;message&#34;: &#34;Container &#39;api&#39; does not have resource limits set&#34; </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> ], </span></span><span style="display:flex;"><span> &#34;summary&#34;: { </span></span><span style="display:flex;"><span> &#34;total&#34;: 2, </span></span><span style="display:flex;"><span> &#34;high&#34;: 1, </span></span><span style="display:flex;"><span> &#34;medium&#34;: 1, </span></span><span style="display:flex;"><span> &#34;low&#34;: 0 </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**What this tool provides**: </span></span><span style="display:flex;"><span>- Current violation snapshots from PolicyReport CRs </span></span><span style="display:flex;"><span>- Individual violation details (policy, resource, namespace, severity, message) </span></span><span style="display:flex;"><span>- Basic timestamps for when violations occurred </span></span><span style="display:flex;"><span>- Summary counts by severity level </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**What this tool does NOT provide**: </span></span><span style="display:flex;"><span>- Historical violation data or trends over time </span></span><span style="display:flex;"><span>- Policy set categorization (e.g., which violations belong to &#34;kubernetes-best-practices&#34;) </span></span><span style="display:flex;"><span>- Aggregation capabilities (e.g., violation counts by namespace) </span></span><span style="display:flex;"><span>- PolicyReport metadata (creation times, report metadata) </span></span><span style="display:flex;"><span>- Trend analysis or time-based patterns </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Note**: If Kyverno is not installed, this tool will provide installation instructions. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>## Documentation Tool </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### help </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Provides built-in documentation and guidance. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Purpose**: Access Kyverno documentation and troubleshooting help </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Parameters**: </span></span><span style="display:flex;"><span>- `topic`: The help topic </span></span><span style="display:flex;"><span> - `installation`: Kyverno installation guide </span></span><span style="display:flex;"><span> - `troubleshooting`: Common issues and solutions </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Example Requests**: </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>1. Get installation help: </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span>Show me how to install Kyverno </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>2. Get troubleshooting help: </span></span><span style="display:flex;"><span>```text </span></span><span style="display:flex;"><span>Help me troubleshoot Kyverno issues </span></span><span style="display:flex;"><span>```bash </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>**Example Response**: </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> &#34;topic&#34;: &#34;installation&#34;, </span></span><span style="display:flex;"><span> &#34;content&#34;: &#34;To install Kyverno using Helm:\n\n1. Add the Kyverno Helm repository:\n helm repo add kyverno https://kyverno.github.io/kyverno/\n\n2. Install Kyverno:\n helm install kyverno kyverno/kyverno -n kyverno --create-namespace\n\n...&#34; </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span>```json </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>## Tool Usage Best Practices </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>### 1. Context Awareness </span></span><span style="display:flex;"><span>Always verify the current context before performing operations: </span></span></code></pre></div><p>What Kubernetes context am I currently using?</p>Securityhttps://docs.nirmata.io/docs/ai/nctl-ai/security/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/ai/nctl-ai/security/<blockquote> <p><strong>Applies to:</strong> nctl 4.0 and later</p></blockquote> <p><code>nctl ai</code> is built with a security-first approach. The agent operates within strict boundaries and always asks for permission before performing operations.</p> <h2 id="allowed-directories">Allowed Directories</h2> <p>By default, <code>nctl ai</code> can only access the current working directory. To grant access to additional directories, use the <code>--allowed-dirs</code> flag:</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl ai --allowed-dirs <span style="color:#0a3069">&#34;/path/to/policies,/tmp&#34;</span> </span></span></code></pre></div><p>You can also set the <code>NIRMATA_AI_ALLOWED_DIRS</code> environment variable:</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#6639ba">export</span> <span style="color:#953800">NIRMATA_AI_ALLOWED_DIRS</span><span style="color:#0550ae">=</span><span style="color:#0a3069">&#34;/path/to/policies,/tmp&#34;</span> </span></span><span style="display:flex;"><span>nctl ai </span></span></code></pre></div><p>The agent will refuse to read, write, or execute files outside of the allowed directories, ensuring your filesystem remains protected.</p>Configurationhttps://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/configuration/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/configuration/<h2 id="configuration-overview">Configuration Overview</h2> <p>Kyverno MCP can be configured through command-line flags and MCP client configuration files. This guide covers all configuration options and best practices.</p> <h2 id="command-line-options">Command Line Options</h2> <h3 id="basic-options">Basic Options</h3> <table> <thead> <tr> <th>Flag</th> <th>Description</th> <th>Default</th> <th>Example</th> </tr> </thead> <tbody> <tr> <td><code>--kubeconfig</code></td> <td>Path to kubeconfig file</td> <td><code>$KUBECONFIG</code> or <code>~/.kube/config</code></td> <td><code>--kubeconfig=/path/to/config</code></td> </tr> <tr> <td><code>--help</code></td> <td>Show help message</td> <td>-</td> <td><code>--help</code></td> </tr> <tr> <td><code>--version</code></td> <td>Show version information</td> <td>-</td> <td><code>--version</code></td> </tr> </tbody> </table> <h3 id="network-options">Network Options</h3> <table> <thead> <tr> <th>Flag</th> <th>Description</th> <th>Default</th> <th>Example</th> </tr> </thead> <tbody> <tr> <td><code>--http-addr</code></td> <td>HTTP(S) server bind address</td> <td>None (stdio mode)</td> <td><code>--http-addr=:8443</code></td> </tr> <tr> <td><code>--tls-cert</code></td> <td>TLS certificate file path</td> <td>None</td> <td><code>--tls-cert=/path/to/cert.pem</code></td> </tr> <tr> <td><code>--tls-key</code></td> <td>TLS private key file path</td> <td>None</td> <td><code>--tls-key=/path/to/key.pem</code></td> </tr> </tbody> </table> <h2 id="mcp-client-configuration">MCP Client Configuration</h2> <h3 id="claude-desktop">Claude Desktop</h3> <p>Location:</p>Session & Task Managementhttps://docs.nirmata.io/docs/ai/nctl-ai/session-management/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/ai/nctl-ai/session-management/<blockquote> <p><strong>Applies to:</strong> nctl 4.0 and later</p></blockquote> <h2 id="session-management">Session Management</h2> <p>Sessions automatically capture your conversation history, tool calls, and results. You can resume any previous session to continue where you left off.</p> <p><strong>Interactive commands:</strong></p> <table> <thead> <tr> <th>Command</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code>sessions</code></td> <td>List all available sessions</td> </tr> <tr> <td><code>save</code></td> <td>Save current session</td> </tr> <tr> <td><code>new</code></td> <td>Create a new session</td> </tr> <tr> <td><code>resume &lt;id&gt;</code></td> <td>Resume a specific session (or <code>latest</code>)</td> </tr> <tr> <td><code>exit</code> / <code>quit</code> / <code>q</code></td> <td>Save session and exit</td> </tr> <tr> <td><code>exit-nosave</code></td> <td>Exit without saving</td> </tr> </tbody> </table> <p><strong>CLI flags:</strong></p>AI Provider Configurationhttps://docs.nirmata.io/docs/ai/nctl-ai/providers/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/ai/nctl-ai/providers/<blockquote> <p><strong>Applies to:</strong> nctl 4.0 and later</p></blockquote> <p>By default, <code>nctl ai</code> uses Nirmata Control Hub as its AI provider. You can configure it to work with other AI providers using the <code>--provider</code> flag.</p> <h2 id="nirmata-default">Nirmata (Default)</h2> <p>The default provider uses Nirmata Control Hub for AI services. Authentication uses <code>nctl login</code> — no additional setup needed.</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl ai --prompt <span style="color:#0a3069">&#34;generate a policy to require pod labels&#34;</span> </span></span></code></pre></div><h2 id="anthropic-claude">Anthropic Claude</h2> <p>Set the environment variable with your Anthropic API key:</p>Troubleshootinghttps://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/troubleshooting/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/controllers/n4k/kyverno-mcp/troubleshooting/<h2 id="common-issues">Common Issues</h2> <p>This guide covers common issues you might encounter when using Kyverno MCP and their solutions.</p> <h2 id="installation-issues">Installation Issues</h2> <h3 id="command-not-found">Command Not Found</h3> <p><strong>Problem</strong>: After installation, <code>kyverno-mcp</code> command is not found.</p> <p><strong>Solution</strong>:</p> <ol> <li>Check if the binary is in your PATH: <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#6639ba">echo</span> <span style="color:#953800">$PATH</span> </span></span></code></pre></div></li> <li>If using Homebrew, ensure it&rsquo;s properly linked: <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>brew link kyverno-mcp </span></span></code></pre></div></li> <li>For manual installation, add to PATH: <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#6639ba">export</span> <span style="color:#953800">PATH</span><span style="color:#0550ae">=</span><span style="color:#953800">$PATH</span>:/path/to/kyverno-mcp </span></span><span style="display:flex;"><span><span style="color:#6639ba">echo</span> <span style="color:#0a3069">&#39;export PATH=$PATH:/path/to/kyverno-mcp&#39;</span> &gt;&gt; ~/.bashrc </span></span></code></pre></div></li> </ol> <h3 id="permission-denied">Permission Denied</h3> <p><strong>Problem</strong>: Getting &ldquo;permission denied&rdquo; when trying to run kyverno-mcp.</p>Activityhttps://docs.nirmata.io/docs/control-hub/monitoring/activity/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/control-hub/monitoring/activity/<p>Activity/Audit enables security administrators to view operations performed or initiated in Nirmata Control Hub. It also helps track operations performed on Kyverno resources such as Policies and Cluster Policies inside managed clusters.</p> <p>To view the activity log details:</p> <ol> <li>Go to <strong>Menu</strong>&gt;<strong>Monitor</strong>&gt;<strong>Activity</strong>. The Activity page displays logs for all users.</li> </ol> <p><img src="https://docs.nirmata.io/images/npm_monitoring_activity.png" alt="image"></p> <ol start="2"> <li> <p>If you want to see the Activity for a particular user, then in the User Name filter field, enter the user name for whom you want to view the Activity.</p>Eventshttps://docs.nirmata.io/docs/control-hub/monitoring/events/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/control-hub/monitoring/events/<p>When resources are blocked due to enforced validation failure actions in Kubernetes clusters, Kyverno policies generate events for them. As an admin, you can view these events for all blocked resources with details such as cluster, namespace, policy name, rule, last seen time, and more. These events enable admins to take necessary actions to unblock resources in clusters.</p> <blockquote> <p>NOTE: <br> a) Events are generated only for clusters running Kyverno release version 1.7.0 and later.<br> b) Events for blocked resources are stored for 7 days.</p>Extending Nirmata Assistanthttps://docs.nirmata.io/docs/ai/nctl-ai/extend/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/ai/nctl-ai/extend/<blockquote> <p><strong>Applies to:</strong> nctl 4.0 and later</p></blockquote> <h2 id="extending-with-mcp-servers">Extending with MCP Servers</h2> <p>The Model Context Protocol (MCP) allows you to extend <code>nctl ai</code> with additional capabilities by connecting external MCP servers. These servers can provide specialized tools, resources, and functionality beyond the built-in features.</p> <h3 id="configuration">Configuration</h3> <p>To configure MCP servers, create a configuration file at <code>~/.nirmata/nctl/mcp.yaml</code>. To use a different path, pass <code>--mcp-config</code>:</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nctl ai --mcp-config <span style="color:#0a3069">&#34;/path/to/custom/mcp.yaml&#34;</span> </span></span></code></pre></div><p>An example <code>~/.nirmata/nctl/mcp.yaml</code>:</p> <div class="highlight"><pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#0550ae">servers</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- <span style="color:#0550ae">name</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>resend-email<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">command</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>node<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">args</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span>- /path/to/directory/mcp-send-email/build/index.js<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">env</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">RESEND_API_KEY</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>your_api_key_here<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">SENDER_EMAIL_ADDRESS</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>example@email.com<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">REPLY_TO_EMAIL_ADDRESS</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span>another_example@email.com<span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">capabilities</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">tools</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#cf222e">true</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">prompts</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#cf222e">false</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">resources</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#cf222e">false</span><span style="color:#fff"> </span></span></span><span style="display:flex;"><span><span style="color:#fff"> </span><span style="color:#0550ae">attachments</span><span style="color:#1f2328">:</span><span style="color:#fff"> </span><span style="color:#cf222e">true</span><span style="color:#fff"> </span></span></span></code></pre></div><h3 id="configuration-options">Configuration Options</h3> <ul> <li><code>name</code>: Unique identifier for the MCP server</li> <li><code>command</code>: Executable command to start the server (e.g., <code>node</code>, <code>python</code>, binary path)</li> <li><code>args</code>: Array of command-line arguments passed to the server</li> <li><code>env</code>: Environment variables required by the server (API keys, configuration values, etc.)</li> <li><code>capabilities</code>: Defines what features the server provides: <ul> <li><code>tools</code>: Server provides callable tools/functions</li> <li><code>prompts</code>: Server provides prompt templates</li> <li><code>resources</code>: Server provides data resources</li> <li><code>attachments</code>: Server can handle file attachments</li> </ul> </li> </ul> <blockquote> <p><strong>Note:</strong> Make sure the MCP server executable is installed and accessible at the specified path before adding it to the configuration.</p>Kyverno & Policy Healthhttps://docs.nirmata.io/docs/control-hub/monitoring/health/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nirmata.io/docs/control-hub/monitoring/health/<p>The Kyverno Health Check feature in Nirmata Control Hub provides visibility into the operational health and configuration best practices of your Kyverno installation. It continuously analyzes Kyverno deployments across your clusters and offers a detailed health score based on four key categories:</p> <ul> <li>Security</li> <li>Availability</li> <li>Scalability</li> <li>Observability</li> </ul> <p>Each category is evaluated independently and flagged as Healthy, Warning, or Critical based on current configurations. The overall health score is then calculated and displayed prominently in the UI.</p>