Set different paths for Defender and Console (with DaemonSets)

When using daemon sets, Console is set up to store the Prisma Cloud config under /opt/twistlock. By default, it uses this same config when installing the defenders. This article describes a work around solution to be able to set up different config paths for Console and Defenders using daemon sets
  1. Download Daemonset configurations for Defender.
    The API to download Daemonset Configuration is:
    /api/v1/defenders/daemonset.yaml?registry=${registry}&type=${DEFENDER_TYPE} &consoleaddr=${consoleaddr}&namespace=${namespace} &orchestration=${orchestration}&ubuntu=${os_ubuntu}"
    Code copied to clipboard
    Unable to copy due to lack of browser support.
    The parameters are:
    • registry
      --
      the registry from where Kubernetes gets the image, where you pushed the image. In the example above, the value will be “gcr.io/projectA/”
    • type
      --
      defender type - Daemon Set Docker on Linux or Daemon Set Kubernetes Node. (Daemon set Docker on Linux is the regular default Defender type, called in the UI Docker. Only difference being, unlike the default Defender, it does not listen to incoming traffic.
    • consoleaddr
      --
      Name or IP address that Defenders use to connect to Console.
    • namespace
      --
      the default when using the script is twistlock, but you can use whatever you want.
    • orchestration
      --
      OpenShift or Kubernetes
    • ubuntu
      --
      (ubuntu=true \ ubuntu=false), states if the cluster is running on ubuntu OS or not. If not provided, it’s assumed to be false.
  2. Edit the yaml file.
    Make the necessary changes in this yaml file and upload this modified version of the yaml to the K8 controller.

Recommended For You