Prisma Cloud Container Images
Table of Contents
Prisma Cloud Container Images
You can deploy the Prisma Cloud console as a container using your active subscription or your valid license key to get the images from a cloud registry.
The Prisma Cloud images are built using the RedHat Universal Base Image 8 Minimal (UBI8-minimal).
This format is designed for applications that contain their own dependencies.
All builds, including private builds, are published to the registry.
Private builds temporarily address specific customer issues.
Unless you’ve been asked to use a private build by a Prisma Cloud representative during the course of a support case, you should only pull officially published builds.
You can optionally manage Prisma Cloud images in your own registry.
You can push the Prisma Cloud images to your own private registry, and manage them from there as you see fit.
The Prisma Cloud console image is delivered as a .tar.gz file in the release tarball.
Go to
Manage > System > Utilities
in the Prisma Cloud Console to download the Defender image.The length of time that images are available on the cloud registry complies with our standard n-1 support lifecycle.
There are two different methods for accessing images in the cloud registry:
- Basic authorization.
- URL authorization.
Get the Prisma Cloud Console Images with Basic Authorization
Authenticate using docker login or podman login, then retrieve the Prisma Cloud images using docker pull or podman pull.
For basic authorization, the registry is accessible at registry.twistlock.com.
Image names contain a version string.
The version string is formatted as X_Y_Z, where X is the major version, Y is the minor version, and Z is the patch number.
For example, 19.07.363 is formatted as 19_07_363.
For example:
registry.twistlock.com/twistlock/defender:defender_19_07_363.
Prerequisites:
- You have your Prisma Cloud access token.
- Authenticate with the registry.$ docker (or podman) login registry.twistlock.com Username: Password:WhereUsernamecan be any string, andPasswordmust be your access token.Pull the Prisma Cloud console image from the Prisma Cloud registry.$ docker (or podman) pull registry.twistlock.com/twistlock/console:console_<VERSION>Pull the Defender image from the Prisma Cloud registry.$ docker (or podman) pull registry.twistlock.com/twistlock/defender:defender_<VERSION>Get the Prisma Cloud Console Images with URL AuthorizationRetrieve Prisma Cloud images with a single command by embedding your access token into the registry URL. For URL authorization, the registry is accessible at registry-auth.twistlock.com.By embedding your access token into the registry URL, you only need to run docker pull or podman pull. The docker login or podman login command isn’t required.The format for the registry URL is: registry-auth.twistlock.com/tw_<ACCESS-TOKEN>/<IMAGE>:<TAG>Image names contain a version string. The version string must be formatted as X_Y_Z, where X is the major version, Y is the minor version, and Z is the patch number. For example, 19.07.363 should be formatted as 19_07_363. For example:registry.twistlock.com/twistlock/defender:defender_19_07_363.Prerequisites:
- You have a Prisma Cloud access token.
- The Docker or Podman client requires that repository names be lowercase. Therefore, all characters in your access token must be lowercase. To convert your access token to lowercase characters, use the following command:$ echo <ACCESS-TOKEN> | tr '[:upper:]' '[:lower:]'
- Pull the Console image from the Prisma Cloud registry.$ docker (or podman) pull \ registry-auth.twistlock.com/tw_<ACCESS-TOKEN>/twistlock/console:console_<VERSION>Pull the Defender image from the Prisma Cloud registry.$ docker (or podman) pull \ registry-auth.twistlock.com/tw_<ACCESS-TOKEN>/twistlock/defender:defender_<VERSION>
