Cluster Checks
Cluster Checks safeguards your Kubernetes API server against misconfigurations.
Overview
The Monokle Admission Controller is a Kubernetes admission controller which enforces policies when Kubernetes resources are applied to the Kubernetes API server. This enforcement point is the last in line and most important. Once past this point, misconfigurations can start to cause problems.
Basics
Configure
The cluster integration requires you to install an admission controller within your cluster. Install the tool by going to Workspace > Clusters in Monokle Cloud. Adding a cluster to your workspace will generate a Helm install command for you. In case you are unfamiliar with Helm, you can learn more about its usage in their official documentation.
helm install monokle-admission-controller oci://registry-1.docker.io/kubeshop/monokle-admission-controller --set automationToken=your_automation_token -n monokle --create-namespace
You can see that the command includes an automation token. The admission controller will use it to automatically synchronise with Monokle Cloud.
Monokle ❤️OSS. The admission controller is fully open-sourced. You can also use it without connecting to Monokle Cloud.
Assign policy
You can assign policies to namespaces. Select your cluster under Workspace > Clusters and you can see all the namespaces in your cluster. Use the checkbox at the top to apply a policy to all namespaces, or select your desired namespaced and apply a policy there instead. The admission controller will periodically synchronise the latest updates.
FAQ
Can I disable forwarding namespaces to Monokle Cloud?
Not yet, but if privacy of your cluster is important to you then reach out to us and we'll gladly add this.