End-to-End Kubernetes with Rancher, RKE2, K3s, Fleet, Longhorn, and NeuVector

Groups and Policies: Discover, Monitor, Protect

In NeuVector, groups are logical collections of containers organized based on specific criteria such as container images, nodes, services, labels, or addresses. These groups enable the application and management of security policies tailored to the characteristics and behaviors of the containers within each group. NeuVector automatically generates them by identifying running applications and assigning them a prefix of 'nv.'.

For example, since we deployed WordPress in the previous section using Helm, NeuVector automatically created the following groups:

• nv.svclb-my-wordpress.kube-system: created for the service load balancer.
• nv.my-wordpress.wordpress: created for the WordPress deployment.
• nv.my-wordpress-mariadb-secondary.wordpress: created for the secondary MariaDB deployment.
• nv.my-wordpress-mariadb-primary.wordpress: created for the primary MariaDB deployment.

A reminder, you can install the WordPress app using the following commands:

# SSH into the RKE2 CP
ssh root@$WORKLOAD_CONTROLPLANE_01_PUBLIC_IP

# Install Helm
HELM_VERSION="v3.16.4"
HELM_TAR="helm-${HELM_VERSION}-linux-amd64.tar.gz"
HELM_URL="https://get.helm.sh/${HELM_TAR}"

# Download and extract the Helm binary
curl -LO $HELM_URL
tar -zxvf $HELM_TAR
mv linux-amd64/helm /usr/local/bin/

# Clean up the downloaded files
rm -rf linux-amd64 $HELM_TAR

# Add the Bitnami repository
helm repo add bitnami https://charts.bitnami.com/bitnami

# Install the WordPress Helm chart
helm upgrade --install my-wordpress bitnami/wordpress \
  --version 27.1.3 \
  --namespace my-wordpress \
  --create-namespace \
  --set mariadb.architecture=replication \
  --set replicaCount=2 \
  --set ingress.enabled=