1. Overview

Prisma Cloud supports deploying Console and Defenders into Kubernetes clusters.

The Prisma Cloud Console is installed as a replication controller with persistent storage, allowing the Console to be resilient to node failures.

Defenders are deployed to Kubernetes nodes using DaemonSets. DaemonSets make Defender deployment simple and automatic, regardless of how large your cluster or how frequently you add nodes to it. With DaemonSets, rather than manually installing Prisma Cloud Defenders on each node, Prisma Cloud generates a configuration file that you load into your Kubernetes Master. Kubernetes uses the configuration to ensure that every node in the cluster runs a Defender. As new nodes are added, Defenders are automatically installed on them. Deploying Defenders with DaemonSets guarantees that every node in your environment is protected, without having to manually intervene when node membership changes.

The diagram below illustrates a basic Prisma Cloud deployment on Kubernetes:

kubernetes

2. Notes on Installing Console

Before installing Prisma Cloud Console as a pod, your Kubernetes cluster should be built out and persistent storage should be provisioned and formatted. As part of the install process, you’ll need to update twistlock.cfg with the specifics of your environment. Complete instructions can be found on the Prisma Cloud Support Site here. We recommend that you use a namespace other than "twistlock" when deploying Console.

3. Notes on Installing Defender as a DaemonSet:

When installing the Prisma Cloud Defender as a DaemonSet, we recommend you use the twistcli to generate a daemonset.yaml as described on the Support Site here.

4. Google GKE

You can install Prisma Cloud Console as a ReplicationController and Defenders as a DaemonSet in GKE. More details on this configuration can be found in our Support Site here.

5. Amazon EKS

You can install Prisma Cloud Console as a ReplicationController and Defenders as a DaemonSet in EKS. More details on this configuration can be found in our Support Site here.

6. IBM IKS

You can install Prisma Cloud Console as a ReplicationController and Defenders as a DaemonSet in IKS. More details on this configuration can be found in our Support Site here.