1. Overview

When using daemon sets, Console is set up to store the Prisma Cloud config under /opt/twistlock. By default, it uses this same config when installing the defenders. This article describes a work around solution to be able to set up different config paths for Console and Defenders using daemon sets

  1. Download Daemonset configurations for Defender.

    The API to download Daemonset Configuration is:

    /api/v1/defenders/daemonset.yaml?registry=${registry}&type=${DEFENDER_TYPE}
    &consoleaddr=${consoleaddr}&namespace=${namespace}
    &orchestration=${orchestration}&ubuntu=${os_ubuntu}"

    The parameters are:

    registry

    the registry from where Kubernetes gets the image, where you pushed the image. In the example above, the value will be “gcr.io/projectA/”

    type

    defender type - Daemon Set Docker on Linux or Daemon Set Kubernetes Node. (Daemon set Docker on Linux is the regular default Defender type, called in the UI Docker. Only difference being, unlike the default Defender, it does not listen to incoming traffic.

    consoleaddr

    Name or IP address that Defenders use to connect to Console.

    namespace

    the default when using the script is twistlock, but you can use whatever you want.

    orchestration

    OpenShift or Kubernetes

    ubuntu

    (ubuntu=true \ ubuntu=false), states if the cluster is running on ubuntu OS or not. If not provided, it’s assumed to be false.

  2. Edit the yaml file.

    Make the necessary changes in this yaml file and upload this modified version of the yaml to the K8 controller.