A Newbie question for neuvector... Is it possible to deploy Neuvector on a single cluster and perhaps have "a central interface" of sort with other RKE2 clusters? Or we must have to deploy Neuvector on each and every clusters? Currently have Rancher 2.7.3 and got Neuvector deployed from Apps but this requires deploying and going thru each cluster to see its own dashboard.

Yes, you will have to deploy NV on any cluster you want to secure. This is not an “outside in” security layer that uses node eBPF syscalls, etc. NV security layers are within the cluster between the vNIC of the node and k8s. So yea, you’ll have to deploy on each and every cluster. Yes, it is possible to promote 1 NV cluster as a primary manager, and then connect/federate clusters you want to manage. You can create federated policies on the master that will also take effect on the managed clusters. You can then select different clusters from the main cluster dropdown. I can’t speak to deploying NeuVector from within Rancher because I usually deploy directly via helm. :(

Thank you! I asked this mainly for manager folks who may not necessarily like to open a separate dashboard for each cluster. Great to see there is an option. Will try this in a non-prod. Helm deployment is fine; I can do that also.

Yea… totally get that. There are some dashboards for splunk and I believe grafana? if you need to aggregate all the syslog output from multiple clusters into that nirvana single pane of glass! 🙂