Why does the error Error: group criteria mismatch occur when importing a policy?

This means that the group criteria do not match between the source and the destination. Make sure the group configurations are identical on both sides.

What should I do if I see the error Error: cross-namespace policy creation denied?

This error indicates an attempt to create a policy across different namespaces. In such cases, use an object of type NvClusterSecurityRule.

How can I verify connectivity between NeuVector components?

Ensure that all NeuVector components have stable network connectivity. Use standard networking tools for diagnostics.

What if there are not enough resources?

Check whether sufficient CPU and memory have been allocated for all NeuVector components. If necessary, revise the resource limits in the manifests.

Verify that the Persistent Volumes (PVs) are available and that proper permissions are configured.

Ensure that TLS certificates are correctly configured, valid, and trusted. Also verify that the trust chain is complete and contains no expired certificates.

What happens if a Persistent Volume (PV) is not configured?

Data will not be saved. In this case, you must manually export the configuration via the UI: Settings → Configuration.

In what order are settings loaded during startup?

The system first attempts to load settings from the Persistent Volume (PV), then from the ConfigMap. If both are unavailable, default settings are used.

Where is the Persistent Volume (PV) used in NeuVector?

The PV is used only by the controller. It stores policies, rules, integrations, and custom configurations.

Is PV or ConfigMap used during a rolling update?

No. During a rolling update, neither PV nor ConfigMap is used to update components. The update process works independently of them.

What types of volumes are supported by NeuVector?

Only volumes with RWX (ReadWriteMany) access mode are supported. For example, in GKE, you can use volumes backed by NFS.