Quick Start¶
Get Aotanami running in under 5 minutes with this hands-on guide.
Prerequisites¶
- Kubernetes cluster (1.28+)
kubectlconfigured- Helm 3.x installed
- An LLM API key (OpenRouter, OpenAI, or Anthropic)
Step 1: Create the Namespace¶
Step 2: Add Your LLM API Key¶
kubectl create secret generic aotanami-llm \
--namespace aotanami-system \
--from-literal=api-key=<YOUR_API_KEY>
Which provider?
We recommend OpenRouter for the broadest model selection. See LLM Configuration for all supported providers.
Step 3: Install Aotanami¶
Step 4: Verify Installation¶
Expected output:
Step 5: Apply Your First Policy¶
security-policy.yaml
apiVersion: aotanami.com/v1alpha1
kind: SecurityPolicy
metadata:
name: enforce-non-root
namespace: aotanami-system
spec:
severity: critical
match:
namespaces: ["default", "production"]
rules:
- type: container-security-context
enforce: true
autoRemediate: true
Step 6: Run a Cluster Scan¶
cluster-scan.yaml
apiVersion: aotanami.com/v1alpha1
kind: ClusterScan
metadata:
name: initial-scan
namespace: aotanami-system
spec:
schedule: "*/30 * * * *"
scanTypes:
- security
- compliance
- cost
scope:
namespaces: ["*"]
Step 7: Verify Image Signature¶
cosign verify ghcr.io/aotanami/aotanami:<tag> \
--certificate-identity-regexp='https://github.com/aotanami/aotanami' \
--certificate-oidc-issuer='https://token.actions.githubusercontent.com'