Configure the Kubernetes Plugin for Panorama

Use the Kubernetes Plugin for Panorama to propagate labels to Panorama device groups
Use the Kubernetes plugin to complete the integration of Panorama and the Kubernetes API. The plugin learns new labels and propagates them to Panorama device groups. These labels can include Kubernetes labels, services, namespaces, and other metadata from which Dynamic Address Group match criteria can be defined.
This procedure assumes you have installed the supporting software listed in Prepare to Use the Terraform Templates.
  1. Retrieve the pan-plugin-user service account credentials from the Kubernetes master.
    Enter each command as a single line:
    $ MY_TOKEN=`kubectl get serviceaccounts pan-plugin-user -n kube-system
      -o jsonpath='{.secrets[0].name}'`
    $ kubectl get secret $MY_TOKEN -n kube-system -o json >
      ~/Downloads/pan-plugin-user.json
  2. Create a Cluster definition in the Panorama Kubernetes plugin.
    Use the Kubernetes master address displayed in the Terraform output and the JSON credentials file located at
    ~/Downloads/pan-plugin-user.json
    .
    Define the labels you want to import from the Kubernetes API.
  3. Create a Notify Group definition in the Panorama Kubernetes plugin.
    This definition is used to propagate the labels learned from the Kubernetes API to a Panorama Device Group.
  4. Create a Monitoring Definition in the Panorama plugin.
    Use the Cluster and Notify Group definitions created in the previous steps.
  5. Commit to Panorama.
  6. To confirm API connectivity and MP container registrations, go to the Monitoring Definition and click on the Detailed Status and Cluster MPs.
    You are now ready to deploy an application and secure it with the CN-Series firewall.

Recommended For You