After you review the CN-Series Core Building Blocks and the high-level overview of the workflow in Secure Kubernetes Workloads with CN-Series, you can start deploying the CN-Series firewalls to secure traffic between containers within the same cluster, as well as between containers and other workload types such as virtual machines and bare-metal servers.

If you are on the OpenShift environment, see Deploy the CN-Series on OpenShift and for securing 5G traffic, see Secure 5G With the CN-Series Firewall.

You need standard Kubernetes tools such as kubectl or Helm to deploy and manage your Kubernetes clusters, apps, and firewall services. Panorama is not designed to be an orchestrator for Kubernetes cluster deployment and management. Templates for cluster management are provided by Managed Kubernetes providers. Palo Alto Networks provides community-supported templates for deploying CN-Series with Helm and Terraform.

Deploy the CN-Series Firewall with Rancher Orchestration

Deploy the CN-Series Firewall on GKE

Deploy the CN-Series Firewall on EKS

Deploy the CN-Series Firewall on OKE

Deploy the CN-Series Firewall as a Kubernetes Service

Deploy the CN-Series Firewall as a DaemonSet

Deploy the CN-Series Firewall as a Kubernetes CNF

Deploy the Kubernetes CNF L3 in Standalone Mode

Deploy the CN-Series on OpenShift

Deploy CN-Series Firewalls with a Template

Before moving from deploying CN-Series as a DaemonSet to CN-Series as a Service or vice versa, you must delete and reapply

plugin-serviceaccount.yaml