Google Kubernetes Engine (GKE) Autopilot
- Review the prerequisites and the procedure in theGoogle Kubernetes Engine (GKE)and theInstall Prisma Cloud on a CRI (non-Docker) clustersections.
- Use the following twistcli command to generate the YAML file for the GKE Autopilot deployment.$ <PLATFORM>/twistcli console export kubernetes \ --gke-autopilot \ --cri \ --cluster-address <console address> \ --address https://<console address>:8083The --gke autopilot flag adds the 'autopilot.gke.io/no-connect: "true"’ annotation to the YAML file and `--cri flag enables the CRI option for nodes that use the Container Runtime Interface (CRI), not Docker. It also removes the '/var/lib/containers' mount from the generated file as that configuration is not required for the GKE autopilot deployment.If you are using the web interface, onManage > Defenders > Deploy > Defendersensure that theorchestrator typeisKubernetes, and that theNodes use Container Runtime Interface (CRI), not DockerandGKE Autopilot deploymentare set to beOn.Create thetwistlocknamespace on your cluster by running the following command:$ kubectl create namespace twistlockDeploy the updated YAML or the Helm chart on your GKE Autopilot cluster.Verify that the Defenders are deployed.After a few minutes you should observe the nodes and running containers in Console, with Prisma Cloud Compute now protecting your cluster.
Recommended For You
Recommended videos not found.