Rancher UI extension quickstart
This section describes installing the Kubewarden UI as an extension of Rancher Manager.
You need a running instance of Rancher Manager v2.7.0 or greater.
Install Kubewarden UI Extension​
The Kubewarden UI is installed as a global extension, however, the Kubewarden controller is installed through the Rancher UI as a cluster scoped resource.
For air-gapped installations, follow these steps.
Within the Extensions page, select the "Enable" button and choose the option to add the Rancher Extensions Repository. When enabled, the "Kubewarden" extension item appears automatically. Select this item to install the extension. Once installed, you can install Kubewarden into the required cluster.
Install Kubewarden​
Following the previous steps, within your cluster a new item appears in the side-menu for Kubewarden. This dashboard page guides you through the installation process, completing the prerequisites.
During the "App Install" step of the installation wizard, the "Install Kubewarden" button may remain grayed out. If this happens, refresh the page and navigate back to this step.
Post-Installation​
After completing the installation the dashboard page and side menu now contain new items, namely Policy Servers, Cluster Admission Policies, and Admission Policies. From here you can create Policy Servers and Policies to control behavior within your cluster.
Dashboard view
Enabling the default Policy Server and policies​
Within the dashboard page you can select the "Install Chart" button to install the
kubewarden-defaults
Helm chart,
which includes the default Policy Server and a few curated policies.
After installing the chart, you can view the default Policy Server details with the related policies in a sortable table.
Policy Server detail view
Creating policies​
When creating policies, you will initially be given a "Custom Policy" option from the Policy Grid. Provide the required information for your policy's Name, Module, and Rules.
Creating a custom policy
If you wish to use policies from ArtifactHub,
you will need to add artifacthub.io to the management.cattle.io.settings/whitelist-domain setting.
This allows your Rancher instance to retrieve package information from ArtifactHub.
Use the "Add ArtifactHub To Whitelist" button to automatically add the domain,
the Policy Grid will refresh with the fetched policies.
ArtifactHub whitelist banner
Policy Grid
Additional features​
Follow the instructions to include Monitoring or Tracing.
Airgap installation​
This requires Rancher Manager version v2.8.0 or greater.
As Kubewarden is a Rancher Official Extension,
the Rancher team provides a mechanism to automatically generate an Extension Catalog Image.
This is added to the rancher-images.txt file when
installing Rancher Manager
for air-gapped instances.
Once this image has been mirrored to a registry accessible to your air-gapped cluster, you can import the image within the Rancher UI. This creates a local Helm repository with the Kubewarden UI chart for installation.
Installation steps​
-
Create a registry secret within the
cattle-ui-plugin-systemnamespace. Enter the domain of the image address in the Registry Domain Name field. -
Navigate back to the Extensions page (for example,
https://cluster-ip/dashboard/c/local/uiplugins). -
On the top right, select Manage Extension Catalogs.
-
Select the Import Extension Catalog button.
-
Enter the image address in the Catalog Image Reference field.
-
Select the secret you just created from the Pull Secrets drop-down menu.
-
Click Load. The extension will now be Pending.
-
Return to the Extensions page.
-
Select the Available tab, and click the Reload button to make sure that the list of extensions is up to date.
-
Find the Kubewarden extension you just added, and select the Install button.