1. Overview

Container orchestrators provide native capabilities for deploying agents, such as Defender, to every node in the cluster. Prisma Cloud leverages these capabilities to install Defender.

The process for deploying Container Defender to a cluster can be found in the dedicated orchestrator-specific install guides.

If you don’t have kubectl access to your cluster (or oc access for OpenShift), you can deploy Defender DaemonSets directly from the Console UI.

Prerequisites:

  • You’ve created a kubeconfig credential for your cluster so that Prisma Cloud can access it to deploy the Defender DaemonSet.

  1. Log into Prisma Cloud Console.

  2. Go to Manage > Defenders > Manage.

  3. Click DaemonSets.

  4. For each cluster in the table, click Actions > Deploy.

    The table shows a count of deployed Defenders and their version number.

    This Defender install flow doesn’t let you manually configure a cluster name. Cluster names let you segment your views of the environment. For most cases, this shouldn’t be a problem because if you’re deploying to a managed cluster, then Prisma Cloud retrieves the cluster name directly from the cloud provider. If you must manually specify a name, deploy your Defenders from Manage > Defenders > Deploy > DaemonSet or use twistcli.