Securing and Managing Amazon EKS-A Bare Metal using Nirmata

Securing and Managing Amazon EKS-A Bare Metal using Nirmata

Today Amazon announced Amazon EKS-A Bare Metal. EKS-A Bare Metal allows you to provision and manage Amazon EKS clusters in your datacenter on your own bare metal infrastructure. In a previous blog post, we discussed how you can deliver consistent hybrid cloud Kubernetes with Amazon EKS-D. In this post, we will discuss how this capability can be extended to Amazon EKS-A Bare Metal.


As the enterprise adoption of hybrid and multi cloud infrastructure grows, Kubernetes is ideal for this diverse environment as it provides a consistent interface for container orchestration and has become the de facto application platform. Today, multi-cluster deployments have become the norm as such deployments are better suited to the needs of the diverse application portfolios and many different teams. Enterprises often struggle with growing and scaling their Kubernetes infrastructure and Nirmata is perfectly suited for this challenge.


At Nirmata, our goal is to provide centralized security, governance and visibility across the entire fleet of clusters deployed across data center, cloud and edge. Nirmata has added support for Amazon EKS-A Bare Metal to simplify management of hybrid cloud deployments.

Adding Amazon EKS-A Bare Metal Cluster


It is fairly easy to add an Amazon EKS-A Bare Metal Cluster to Nirmata. Once the cluster is created, follow these steps to add it in Nirmata and get visibility and governance for your cluster.

    1. Create a Cluster – In Nirmata, create a cluster by selecting the option to “Add an Existing Cluster”. Provide the cluster name and click on Next
    2. Follow the instructions to download and install a Nirmata Kubernetes Controller to your AWS EKS-A Bare Metal Cluster. Once the controller is installed, select the checkbox indicating that controller has been installed and click on Nextkubectl apply -f nirmata-kube-controller-8cd7e18c.yaml
    3. Now, you should be able to see the progress. Once the controller connects, all the add-ons including Kyverno will be deployed to your cluster.
    4. After all the add-ons are deployed the cluster will be in Ready state and you will be able to view all the resources in your cluster as well as any policy violations detected in your cluster

      Managing Security and Compliance using Policies

      Once the cluster is ready, you will start seeing the policy violation information for your cluster. By default, the following policy sets are deployed to your cluster:

      • Pod Security Policies 
      • Best Practice Policies
      • Multi Tenancy Policies

      These policies are deployed in audit mode so they do not impact any running applications but just report any violations.


      In addition to the policy violations, you can also view the compliance posture of your clusters. By default, the CIS Compliance Standard is availably in your account and the policy violations are mapped to the CIS controls.


      To learn more about other features and capabilities in Nirmata products, you can go to:

      Nirmata Policy Manager – To ensure the security, compliance, and operational readiness of Kubernetes

      Nirmata DevSecOps Platform – For complete management, visibility, governance, security and compliance for Kubernetes


      Both these products support Amazon EKS, Amazon EKS-D and Amazon EKS-A Bare Metal, providing comprehensive and consistent hybrid cloud management for Kubernetes from a centralized management plane. Questions? Please contact us to have a conversation today.



      CNCF Moves Kyverno from Sandbox to Incubating Project
      Nirmata Achieves Significant Growth led by Customer Wins, Partner Ecosystem and Record-Breaking Adoption of the Open-Source Project Kyverno, with over 200M Downloads 
      No Comments

      Sorry, the comment form is closed at this time.