Installing SUSE Security Admission Controller with KubeStellar Console

KubeStellar Console is a standalone Kubernetes dashboard that includes guided install missions for CNCF projects. The SUSE Security Admission Controller install mission walks you through the full installation step-by-step, with live cluster validation after each step.

What the mission does

The guided install mission runs against your cluster via kubeconfig. Each step:

  1. Pre-flight — checks prerequisites (Helm 3, kubectl, cluster access)

  2. Commands — shows the exact helm install commands for all three charts (kubewarden-crds, kubewarden-controller, kubewarden-defaults) with --wait flags, matching the quick-start docs

  3. Validation — after each step, queries the cluster to verify success (pod phase, PolicyServer registration)

  4. Troubleshooting — on failure, reads pod logs, events, and resource status from your cluster and suggests fixes

  5. Rollback — each step includes the corresponding helm uninstall command to undo the change

The mission also works as read-only documentation — no cluster connection is required to browse the steps.

Prerequisites

  • A running Kubernetes cluster

  • kubectl configured with access to the cluster

  • Helm v3 installed

  • KubeStellar Console installed (see the install guide for options including Homebrew, Docker, and binary downloads)

Opening the install mission

  1. Launch KubeStellar Console and connect to your cluster.

  2. Open the AI Mission Explorer from the sidebar.

  3. Search for Kubewarden or browse the Install category.

  4. Select the Install Kubewarden mission to begin.

Alternatively, open the mission directly at:

https://console.kubestellar.io/missions/install-kubewarden

Installation steps

The mission guides you through the following Helm chart installations in order:

1. Install CRDs

helm repo add kubewarden https://charts.kubewarden.io
helm repo update kubewarden
helm install --wait \
  -n kubewarden \
  --create-namespace \
  kubewarden-crds kubewarden/kubewarden-crds

The mission validates that the Admission Controller CRDs are registered in the cluster before proceeding.

2. Install the controller

helm install --wait \
  -n kubewarden \
  kubewarden-controller kubewarden/kubewarden-controller

The mission validates that the controller pod reaches Running status.

3. Install defaults

helm install --wait \
  -n kubewarden \
  kubewarden-defaults kubewarden/kubewarden-defaults

The mission validates that the default PolicyServer is registered and ready.

What’s next

After completing the mission, you have a working SUSE Security Admission Controller installation with the default PolicyServer. From here you can:

Resources