1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Compute Edition Administrator’s Guide
    5. Upgrade
    6. Manually upgrade Defender DaemonSets
    End-of-Life (EoL)

    Manually upgrade Defender DaemonSets

    Manually upgrade Defender DaemonSets in your environment.

    Manually upgrade Defender DaemonSets with twistcli (Kubernetes)

    Delete the Defender DaemonSet, then rerun the original install procedure.
    Prerequisites:
     You know all the parameters passed to twistcli when you initially deployed the Defender DaemonSet. You’ll need them to recreate a working configuration file for your environment.
    1. Delete the Defender DaemonSet.
      $ kubectl -n twistlock delete ds twistlock-defender-ds
$ kubectl -n twistlock delete sa twistlock-service
$ kubectl -n twistlock delete secret twistlock-secrets
    2. Determine the Console service’s external IP address.
      $ kubectl get service -o wide -n twistlock
    3. Generate a defender.yaml file. Pass the same options to twistcli as you did in the original install. The following example command generates a YAML configuration file for the default install.
      The following command connects to Console’s API (specified in --address) as user <ADMIN> (specified in --user), and retrieves a Defender DaemonSet YAML config file according to the configuration options passed to twistcli. In this command, there is just a single mandatory configuration option. The --cluster_address option specifies the address Defender uses to connect to Console, and the value is encoded in the DaemonSet YAML file.
      $ <PLATFORM>/twistcli defender export kubernetes \
  --address https://yourconsole.example.com:8083 \
  --user <ADMIN_USER> \
  --cluster-address twistlock-console
      • <PLATFORM> can be linux or osx.
      • <ADMIN_USER> is the name of an admin user.
    4. Deploy the Defender DaemonSet.
         $ kubectl create -f defender.yaml
    5. Open a browser, navigate to Console, then go to
      Manage > Defenders > Manage
       to see a list of deployed Defenders.

    Manually upgrade Defender DaemonSets with twistcli (OpenShift)

    Delete the Defender DaemonSet, then rerun the original install procedure.
    Prerequisites:
     You know all the parameters passed to twistcli when you initially deployed the Defender DaemonSet. You’ll need them to recreate a working configuration file for your environment.
    1. Delete the Defender DaemonSet.
      $ oc -n twistlock delete ds twistlock-defender-ds
$ oc -n twistlock delete sa twistlock-service
$ oc -n twistlock delete secret twistlock-secrets
    2. Determine the Console service’s external IP address.
      $ oc get service -o wide -n twistlock
    3. Generate a defender.yaml file. Pass the same options to twistcli as you did in the original install. The following example command generates a YAML configuration file for the default install.
      The following command connects to Console’s API (specified in --address) as user <ADMIN> (specified in --user), and retrieves a Defender DaemonSet YAML config file according to the configuration options passed to twistcli. In this command, there is just a single mandatory configuration option. The --cluster_address option specifies the address Defender uses to connect to Console, and the value is encoded in the DaemonSet YAML file.
      $ <PLATFORM>/twistcli defender export openshift \
  --address https://yourconsole.example.com:8083 \
  --user <ADMIN_USER> \
  --cluster-address twistlock-console \
  --selinux-enabled
      • <PLATFORM> can be linux or osx.
      • <ADMIN_USER> is the name of an admin user.
    4. Deploy the Defender DaemonSet.
         $ oc create -f defender.yaml
    5. Open a browser, navigate to Console, then go to
      Manage > Defenders > Manage
       to see a list of deployed Defenders.

    Manually upgrade Defender DaemonSets from Console

    Upgrade the Defender DaemonSets directly from the Console UI.
    If you can’t access your cluster with kubectl or oc, then you can upgrade Defender DaemonSets directly from the Console UI.
    Prerequisites:
     You’ve created a kubeconfig credential for your cluster so that Prisma Cloud can access it to upgrade the Defender DaemonSet.
    1. Log into Prisma Cloud Console.
    2. Go to
      Manage > Defenders > Manage
      .
    3. Click
      DaemonSets
      .
    4. For each cluster in the table, click
      Actions > Upgrade
      .
      The table shows a count of deployed Defenders and their new version number.

    Recommended For You

    Recommended Videos

    Recommended videos not found.