IBM Kubernetes Service (IKS)

Use the following procedure to install Prisma Cloud in an IKS cluster. IKS uses dynamic PersistentVolumeClaim provisioning (ibmc-file-bronze is the default StorageClass) as well as automatic LoadBalancer configuration for the Prisma Cloud Console. You can optionally specify a StorageClass for premium file or block storage options. Use a retain storage class (not default) to ensure your storage is not destroyed even if you delete the PVC.
When installing Defenders the IKS Kubernetes version you use matters. IKS Kubernetes version 1.10 uses Docker, and 1.11+ uses containerd as the container runtime. If using containerd, pass the --cri flag to twistcli (or enable the CRI option in the Console UI) when generating the Defender YAML or Helm chart.
  1. Use twistcli to generate the Prisma Cloud Console YAML configuration file, where <PLATFORM> can be linux or osx. Optionally set the storage class to premium storage class. For IKS with Kubernetes 1.10, use our standard Kubernetes instructions. Here is an example with a premium StorageClass with the retain option.
    $ <PLATFORM>/twistcli console export kubernetes \ --storage-class ibmc-file-retain-silver \ --service-type LoadBalancer
  2. Deploy the Prisma Cloud Console in the IBM Kubernetes Service cluster.
    $ kubectl create -f ./twistlock_console.yaml
  3. Wait for the service to come up completely.
    $ kubectl get service -w -n twistlock
  4. Continue with the rest of the install here.

Recommended For You