1. Overview

Prisma Cloud supports deploying Console and Defenders into an OpenShift cluster.

OpenShift makes Defender deployment simple and automatic, regardless of how large your cluster is or how frequently you add nodes to it. With DaemonSet pods, rather than installing Prisma Cloud Defenders on each node individually, Prisma Cloud generates a configuration file that you load into your OpenShift master. OpenShift uses this configuration to ensures that every node in the cluster runs a Defender. As new nodes are added, Defenders are installed on them as well. Deploying Defenders with DaemonSets guarantees that every node in your environment is protected, without having to manually intervene when membership changes.

The diagram below illustrates a basic Prisma Cloud deployment on OpenShift:

openshift

2. Notes on Console as a Replication Controller

Before deploying Prisma Cloud Console to a Replication Controller, configure and format your persistent storage. Note the hostpath and labels used when defining the persistent storage YAML file. Both these values are required when using twistcli and twistlock.cfg to generate the Console YAML file.

If you are installing the Prisma Cloud Console and Defender into different namespaces, specify Services and Routes for TCP ports 8081, 8083, and 8084 between Console and DaemonSet pods.