Validating the CN-Series HSF Deployment
Focus
Focus
CN-Series

Validating the CN-Series HSF Deployment

Table of Contents

Validating the CN-Series HSF Deployment

Where Can I Use This?What Do I Need?
  • CN-Series HSF Firewall deployment
  • CN-Series 11.0.x or above Container Images
  • Panorama running PAN-OS 11.0.x or above version
You can validate the CN-Series HSF deployments in the Deployment section under Panorama Kubernetes. Click the link under Deployment Status to view the details of the deployment.
The deployed pods and their current status is color coded and displayed in the Deployment Status section. You can click on the link under the Note against the failed pod deployment to see more details.
Use the following commands in the Panorama CLI to generate logs.
debug plugins kubernetes generate-pod-log deployment_name pod_name <value> Name of the pod
show plugins kubernetes deployment-status
show plugins kubernetes deployment-details name

Debugging Sync Issues between the Kubernetes Plugin and CN-Series HSF

The Kubernetes plugin collects information about the CN-Series HSF from Pods, Services, and Nodes using Watch APIs. The Watch API is a notification based API which sends updates when the state of a cluster changes. To ensure that the plugin and the deployed CN-Series HSF are in sync, the plugin listens to notifications and displays HPA and upgrade/downgrade event notifications.
The plugin uses the following debug commands to debug a specific node based on the plugin status.
debug plugin kubernetes kubectl-logs pod <pod-name>
This debug command generates a log file that contains the kubectl describe logs for the node passed in the command, and is saved in the plugin logs file.