Focus

CN-Series Deployment Guide

Deploy the CN-Series Firewall on OKE

Table of Contents

Deploy the CN-Series Firewall on OKE

Oracle Kubernetes Engine (OKE) is an OCI service that allows you to deploy kubernetes cluster. You can now deploy CN-Series firewall on OKE cluster as a DaemonSet or as a Kubernetes Service.

After you review the CN-Series Core Building Blocks and the high-level overview of the workflow in Secure Kubernetes Workloads with CN-Series, you can start deploying the CN-Series firewall on OKE platform to secure traffic between containers within the same cluster, as well as between containers and other workload types such as virtual machines and bare-metal servers.

You need standard Kubernetes tools such as kubectl or Helm to deploy and manage your Kubernetes clusters, apps, and firewall services.

For more information, see Deploy CN-Series Firewalls With (Recommended) and Without the Helm Repository. Panorama is not designed to be an orchestrator for Kubernetes cluster deployment and management. Templates for cluster management are provided by Managed Kubernetes providers. Palo Alto Networks provides community-supported templates for deploying CN-Series with Helm and Terraform.

Deploy the CN-Series Firewall as a Kubernetes Service on OKE

Deploy the CN-Series Firewall as a DaemonSet on OKE

Before moving from deploying CN-Series as a DaemonSet to CN-Series as a Service or vice versa, you must delete and reapply

plugin-serviceaccount.yaml

. For more information, see Create Service Accounts for Cluster Authentication.

When you deploy CN-Series as a DaemonSet on OKE, the

pan-plugin-cluster-mode-secret

must not exist.

When you deploy CN-Series as a Kubernetes service on OKE, the

pan-plugin-cluster-mode-secret

must be present.