Table of Contents

Kubernetes Credentials

Kubernetes stores cluster authentication information in a YAML file known as kubeconfig. The kubeconfig file grants access to clients, such as kubectl, to run commands against the cluster. By default, kubeconfig is stored in $HOME/.kube/config.
Prisma Cloud uses the kubeconfig credential to deploy and upgrade Defender DaemonSets directly from the Console UI. If you plan to manage DaemonSets from the command line with kubectl, you don’t need to create this type of credential.
The user or service account in your kubeconfig must have permissions to create and delete the following resources:
  • ClusterRole
  • ClusterRoleBinding
  • DaemonSet
  • Secret
  • ServiceAccount
Prisma Cloud doesn’t currently support kubeconfig credentials for Google Kubernetes Engine (GKE) or AWS Elastic Kubernetes Service(EKS). The kubeconfig for these clusters require an external binary for authentication (specifically the Google Cloud SDK and aws-iam-authenticator, respectively), and Prisma Cloud Console doesn’t ship with these binaries.
  1. Open Console, and go to
    Manage > Authentication > Credentials Store
  2. Click
    Add credential
    , and enter the following values:
    1. In
      , enter a label to identify the credential.
    2. In
      , select
    3. In
      , paste the contents of your kubeconfig file.

Recommended For You