CN-Series Key Concepts

Cluster
—the foundation of your containerized environment; all your containerized applications run on top of a cluster.
Node
—depending on the cluster, a node might be a virtual or physical machine that contains the necessary services required to pods.
Pod
—the smallest deployable computing unit that you can deploy and manage in Kubernetes. The CN-Series firewall is deployed in a distributed PAN-OS architecture as two pods: CN-MGMT and CN-NGFW. See CN-Series Core Building Blocks for more information.
Namespace
—a namespace is a virtual cluster that is backed by a physical cluster. In an environment with many users spread across multiple teams and functions, a namespace can be used to separate them on a single cluster.
Container Network Interface (CNI)
—a plugin that configures network interfaces for containers. Additionally, the CNI removes the allocated resources used for networking when a container is deleted.
DaemonSet
—in a Kubernetes deployment, a DaemonSet ensure that some or all nodes run a copy of a particular pod. And as nodes are added to a Kubernetes cluster, a copy of the pod defined by the DaemonSet is added to each new node. When you deploy the CN-Series firewall as a DaemonSet, a copy of the CN-NGFW pod is deployed on each (up to 30 per CN-MGMT pair) node in your cluster.
Kubernetes Service
—an abstraction that exposes an application running on a set of pods as network service. When you deploy the CN-Series as a service, the number of CN-NGFW pods deployed is defined by you when setting up your yaml files.
Horizontal Pod Autoscaler (HPA)
—automatically scales the number of pods in a deployment, replica set, or stateful set based on various metrics such as CPU utilization or session utilization.
HPA is supported on the CN-Series as a Kubernetes service only.