DC/OS is a distributed operating system. It integrates several open-source components to enable the management of multiple machines as if they were a single computer. DC/OS is built on the Apache Mesos distributed systems kernel and the Marathon container orchestration system. This procedure was tested on Mesosphere DC/OS 1.11.
Prisma Cloud Defender is deployed on every private slave node. Slave nodes run your applications. Slave nodes reside on a private subnet, so they are not accessible from outside the cluster.
Deploy Defender to all slave agents in your cluster. Use
twistclito generate the Defender app in JSON format, and then start it with the DC/OS CLI tool. By default, the Defender image is retrieved from Prisma Cloud’s cloud registry.
- Prisma Cloud Console can be reached over the network from your slave agents.
- Download twistcli to a host where you’ve installed the DC/OS CLI.
- Open Compute Console and go toManage > System > Downloads.
- Undertwistcli tool, download the version for your operating system.
- Retrive Console’s API address (PRISMA_CLOUD_COMPUTE_CONSOLE_API_ADDR).
- In Prisma Cloud, go toCompute > Manage > System > Downloads.
- Copy the URL underPath to Console.
- Get Console’s service address (PRISMA_CLOUD_COMPUTE_SVC_ADDR).The service address can be derived from the API address by removing the protocol scheme and path. It is simply the host part of the URL. For example: <region>.cloud.twistlock.com.
- Generate the Defender app JSON usingtwistcli, where:
- <PLATFORM> can be linux or osx.
- <NUMBER_OF_AGENTS> is the number of private agent nodes in your cluster.The following command connects to Console’s API (specified in--address) as user <TWISTLOCK_USER> (specified in--user), and generates a Defender app in JSON format according to the configuration options passed totwistcli.$ <PLATFORM>/twistcli defender export dcos \ --address <PRISMA_CLOUD_COMPUTE_CONSOLE_API_ADDR> \ --user <TWISTLOCK_USER> \ --cluster-address <PRISMA_CLOUD_COMPUTE_SVC_ADDR> \ --agents <NUMBER_OF_AGENTS>
- Deploy the Defender app on your cluster using thedcosCLI tool.Alternatively, you could deploy the Defender app using the DC/OS web interface, Marathon web interface, or Marathon REST API.$ dcos marathon app add ./dcos.json
- Validate the Defender app is running.$ dcos marathon app list
Recommended For You
Recommended videos not found.