Provision tenant projects in OpenShift

This guide shows you how to set up tenant projects on Openshift clusters. If you try to provision tenant projects using the normal provisioning flow, Central Console cannot reach the host where Supervisor Console runs. Failing to follow these steps can lead an 'Internal Server Error', even when everything seems to be set up properly.
In this example provisioning flow, the DNS names for Central Console and Supervisor Console are:
  • Two fully operational Prisma Cloud Consoles are already deployed. For more information, see the Prisma Cloud OpenShift 3.11 and OpenShift 4 deployment guides.
  • OpenShift external routes to both Consoles' TCP port 8083 (Prisma Cloud UI and API), with the TLS termination type set to passthrough, already exist.
  • The to-be Central and Supervisor Consoles are already licensed and you’ve created initial admin users.
  1. Designate one Console to be Supervisor and the other to be Central.
  2. Log into the Supervisor Console with your admin user.
  3. Add the FQDN of the Supervisor Console to the Subject Alternative Name field of the Supervisor Console’s certificate.
    1. In the Supervisor Console, go to
      Manage > Defenders > Names
    2. Click
      Add SAN
    3. Add the Supervisor Console’s FQDN. In this example, it is
    4. Click
  4. Log into the Central Console with your admin user.
  5. Enable Projects by going to
    Manage > Projects > Manage
    and setting
    Use Projects
  6. Click the
    tab and to provision a tenant Console.
    1. Under
      Select Project type
      , choose
    2. In
      Project name
      , give your project a name.
    3. In
      Supervisor address
      , add the FQDN of the Supervisor. In this example, it is
    4. Add the
      Admin credentials for Supervisor
    5. Click