The following is an example of Infrastructure as Code (IaC) for the automated deployment of a Console and Defenders within a Kubernetes cluster using an Ansible playbook.
This requires a docker host, Prisma Cloud Compute license and kubectl administrative access to the Kubernetes cluster.
The Ansible playbook must run on a host that is able to route to the Console service’s ClusterIP address to perform the required API calls to configure the Console.
Use of this Ansible playbook does not imply any rights to Palo Alto Networks products and/or services.
Requirements
This sample IaC deployment runs on a unix based host with the following requirements:
The supporting files will be written to the /root/twistlock directory.
Post execution
Once the playbook has successfully completed, establish communications to the twistlock-console service’s management-port-https port (default 8083/TCP) using a Kubernetes LoadBalancer or your organization’s approved cluster ingress technology.