What’s New in Panorama Plugin for Kubernetes 1.0.1

Learn about the enhancements in the Kubernetes plugin v1.0.1.
The Panorama plugin for Kubernetes version 1.0.1 introduces the following capabilities:
Feature
Description
Ability to Disable the Creation of Service Objects on Panorama
The Kubernetes plugin on Panorama introduces a CLI command to disable the automatic creation of service objects. If you have a large scale deployment with many Kubernetes clusters that you are monitoring on Panorama, when the plugin creates an object for each service port defined in the application YAMLs, you can reach the limit of 1600 Service Objects on Panorama. With this enhancement, the plugin generates a system log and displays a warning message with the Monitoring Definitions in the plugin so that you can use the CLI command to stop creating service objects for learned Kubernetes services.
  • To disable the automatic creation of service objects and automatically delete all service objects that are not referenced in Security policy, use the following CLI command:
    request plugins kubernetes manage-service-objects disable delete yes
  • To disable the creation of new service objects without deleting existing service objects that the plugin has created, use the following CLI command:
    request plugins kubernetes manage-service-objects disable delete no
    You can then use
    Objects
    Service to
    manually delete the Service Objects that are not used in Security policy.
  • To view the status on whether the service objects creation is enabled or disabled, use the following command:
    show plugins kubernetes service-object-management-status
Support for Offline licensing of CN-Series firewalls with Panorama
To enable you to secure your Kubernetes clusters using the CN-Series firewall, on you the Palo Alto Networks Customer Support Portal (CSP) you can allocate tokens to the Panorama on which you plan to install the Kubernetes plugin. You can then download the license key file and manually upload it to Panorama if it does not have direct internet access to the Palo Alto Networks licensing servers. This capability enables you to deploy, license, and manage your CN-Series firewalls with a Panorama that is deployed in an airgapped environment.

Recommended For You