VMware Enterprise PKS lets you deploy Kubernetes clusters on demand.
Use our standard Kubernetes install procedure to deploy Prisma Cloud to PKS.
The only difference between PKS and standard Kubernetes is the location of the Docker socket.
To ensure that your installation goes smoothly, work through the following checklist and validate that all requirements are met.
You have access to a Prisma Cloud tenant.
You have the permissions to deploy Defenders.
Prisma Cloud Defender requires elevated privileges.
Ensure that the following permissions are set in your PKS cluster:
Set Privileged Containers to true (enabled).
Set DenyEscalatingExec to false (disabled).
After Prisma Cloud is installed, you can utilize it to deny other privileged containers from starting and deny escalation of privileges.
The nodes in your cluster can reach Prisma Cloud’s cloud registry (registry-auth.twistlock.com).
You can create and delete namespaces in your cluster.
You can Run
Firewalls and external IP addresses
Validate that the following ports are open:
Prisma Cloud Defenders
Outgoing: 443 to Prisma Cloud
Install Prisma Cloud Defender DaemonSet
The standard location of the Docker socket in Kubernetes is
In PKS, the Docker socket can be located in either
Before you deploy your Defender DaemonSet, you must manually update the Defender DaemonSet configuration file with the path to the Docker socket.