Get the Images and Files for the CN-Series Deployment
Download the docker images and push it to your container registry.
Refer to the following table before beginning your deployment to ensure that you have downloaded the compatible files.
Use the following steps to pull the docker images from the public container registry on Google Cloud Platform and then continue to Deploy the CN-Series Firewalls:
Docker images from the public container registry:
- Select the required PAN-OS version.
- Copy the link for each image path to the appropriate location in your deployment YAML files.
Do the following to get the YAML files from GitHub
- Open the folder for the deployment method—DaemonSet or Kubernetes Service—you plan to use.
- Download the yaml files from the folder that corresponds to your environment.Get the files from the Native-k8s folder for use with native Kubernetes on premises or cloud deployments.Get the files from the respective Managed Kubernetes folder for GKE.
Docker images from the Palo Alto Networks CSP:
Use the following steps to get the YAML files from GitHub and to download the docker images from the Palo Alto Networks CSP and push them to your private registry before you continue to Deploy the CN-Series Firewalls.
- Download the docker images and YAML files.
- Get the compressed tar archives from the Palo Alto Networks Customer Support Portal (CSP).
- Log in to the CSP using your support account.
- Select.UpdatesSoftware Updates
- SelectPAN-OS Container Imagesfrom thePlease Selectdrop-down.
- Download the following files for the PAN-OS version you want to deploy.PanOS_cn-X.X.X.tgz - for CN-MGMT and CN-NGFW Pods.Pan_cn_mgmt_init-X.X.X.tgz - for the init container that runs as a part of the CN-MGMT Pod.Pan_cni-2.0.0.tgz - for the PAN-CNI Pod.
- Get the YAML files from GitHub.
- Get the files from the Native-k8s folder for use with native Kubernetes on-premises or cloud deployments.
- Get the files from the respective Managed Kubernetes folder for AKS, EKS, or GKE.
- Retrieve the docker images and push it to your container registry.For example, on a GKE deployment, you will upload the images to a Container Registry on GKE and get the image path for referencing in the YAML files.Use the following commands on a client system running the docker engine.Replace the x variables in the following steps with the values that match the image version you are using. For example, Pan_cn_mgmt-init-2.0.0.tgz or pan_cni:2.0.0.
- Load the images.docker load -i PanOS_cn-x.x.x.tgzdocker load -i Pan_cn_mgmt-init-x.x.x.tgzdocker load -i Pan_cni-x.x.x.tgzAfter these steps, "docker images" will display the image, for example, "paloaltonetworks/panos_cn_mgmt:x.x.x".
- Tag these images to include your private registry detail.docker tag paloaltonetworks/panos_cn_mgmt:x.x.x <your_registry>/paloaltonetworks/panos_cn_mgmt:x.x.xdocker tag paloaltonetworks/panos_cn_ngfw:x.x.x <your_registry>/paloaltonetworks/panos_cn_ngfw:x.x.xdocker tag paloaltonetworks/pan_cn_mgmt_init:x.x.x <your_registry>/paloaltonetworks/pan_cn_mgmt_init:x.x.xdocker tag paloaltonetworks/pan_cni:x.x.x <your_registry>/paloaltonetworks/pan_cni:x.x.x
- Push these images to your private registry.docker push <your_registry>/paloaltonetworks/panos_cn_mgmt:x.x.xdocker push <your_registry>/paloaltonetworks/panos_cn_ngfw:x.x.xdocker push <your_registry>/paloaltonetworks/pan_cn_mgmt_init:x.x.xdocker push <your_registry>/paloaltonetworks/pan_cni:x.x.x
Recommended For You
Recommended videos not found.