Deploy the CN-Series Firewalls
Table of Contents
10.2
Expand all | Collapse all
-
- CN-Series Deployment Checklist
- CN-Series Prerequisites
- Install a Device Certificate on the CN-Series Firewall
- Create Service Accounts for Cluster Authentication
- Install the Kubernetes Plugin and Set up Panorama for CN-Series
- Get the Images and Files for the CN-Series Deployment
- Editable Parameters in CN-Series Deployment YAML Files
- Enable Horizontal Pod Autoscaling on the CN-Series
- Secure 5G With the CN-Series Firewall
- Enable Inspection of Tagged VLAN Traffic
- Enable IPVLAN
- Uninstall the Kubernetes Plugin on Panorama
- Features Not Supported on the CN-Series
Deploy the CN-Series Firewalls
After you review the CN-Series Core Building Blocks and the
high-level overview of the workflow in Secure Kubernetes Workloads with CN-Series, you can
start deploying the CN-Series firewalls to secure traffic between
containers within the same cluster, as well as between containers and
other workload types such as virtual machines and bare-metal servers.
If you are on the OpenShift environment, see Deploy the CN-Series on OpenShift and for securing
5G traffic, see Secure 5G With the CN-Series Firewall.
You need standard Kubernetes tools such as kubectl or Helm
to deploy and manage your Kubernetes clusters, apps, and firewall
services. Panorama is not designed to be an orchestrator for Kubernetes
cluster deployment and management. Templates for cluster management
are provided by Managed Kubernetes providers. Palo Alto Networks
provides community-supported templates for deploying CN-Series with Helm and Terraform.
Before moving from deploying CN-Series as a DaemonSet to CN-Series
as a Service or vice versa, you must delete and reapply
plugin-serviceaccount.yaml
. - When you deploy CN-Series as a DaemonSetpan-plugin-cluster-mode-secretmust not exist.
- When you deploy CN-Series as a Kubernetes servicepan-plugin-cluster-mode-secretmust be present.