# Profiles The installation of the mirrord operator defines two types of [custom resources](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) in your cluster: `MirrordClusterProfile` and `MirrordProfile`. {% hint style="info" %} This feature is available to users on the Team and Enterprise pricing plans. {% endhint %} These resources provide a unified base for users' mirrord configurations. Users can reference a profile in their mirrord config, and mirrord will apply the defined feature adjustments accordingly. ### Cluster-Wide Profiles (`MirrordClusterProfile`) `MirrordClusterProfile` is a cluster-scoped custom resource that provides a shared base configuration available to all namespaces in the cluster. ```yaml apiVersion: profiles.mirrord.metalbear.co/v1alpha kind: MirrordClusterProfile metadata: # This name can be referenced by the user in their mirrord configs. name: example-cluster-profile spec: # A list of adjustments to be made in the user's feature config. # # The adjustments are applied in order. featureAdjustments: # Incoming traffic will be stolen. - change: incoming-steal # All outgoing traffic will be remote. - change: outgoing-remote # All DNS resolution will be remote. - change: dns-remote ``` ### Namespaced Profiles (`MirrordProfile`) `MirrordProfile` is a namespaced custom resource. These profiles are defined within a specific namespace and are only available to workloads running in that namespace. ```yaml apiVersion: profiles.mirrord.metalbear.co/v1alpha kind: MirrordProfile metadata: name: example-profile namespace: example-namespace spec: featureAdjustments: - change: incoming-steal - change: outgoing-remote - change: dns-remote ``` ### Allowed Feature Adjustments The complete list of allowed values for the `featureAdjustments.[].change` field is as follows: 1. `incoming-mirror` - incoming traffic will be mirrored 2. `incoming-steal` - incoming traffic will be stolen 3. `incoming-off` - incoming traffic will not be intercepted 4. `dns-remote` - all DNS resolution will be remote 5. `dns-off` - all DNS resolution will be local 6. `outgoing-remote` - all outgoing traffic will be remote 7. `outgoing-off` - all outgoing traffic will be local ### Selecting a profile Starting from mirrord version 3.136.0, the user can select a mirrord profile in their mirrord config. The profile is referenced by its name. ```json { "profile": "example-profile" } ``` ### Enforcing profiles Use of mirrord profiles can be enforced with [mirrord policies](/mirrord/docs/sharing-the-cluster/policies.md#profile-policy). **Important:** mirrord profiles are applied to the session on the user machine, and should not be used as security features. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://metalbear.com/mirrord/docs/sharing-the-cluster/profiles.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.