Prisma Cloud Administrator’s Guide (Compute)
    : Upgrade Defender DaemonSets
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Administrator’s Guide (Compute)
    5. Upgrade
    6. Upgrade Defender DaemonSets
    Download PDF

    Prisma Cloud Administrator’s Guide (Compute)

    Upgrade Defender DaemonSets

    Table of Contents

    Upgrade Defender DaemonSets

    Upgrade the Defender DaemonSets in your environment.

    Upgrade the Defender DaemonSets with twistcli (Kubernetes)

    Delete the Defender DaemonSet, then rerun the original install procedure.
    Prerequisites:
     You know all the parameters passed to twistcli when you initially deployed the Defender DaemonSet. You’ll need them to recreate a working configuration file for your environment.
    1. Delete the Defender DaemonSet.
      $ kubectl -n twistlock delete ds twistlock-defender-ds
$ kubectl -n twistlock delete sa twistlock-service
$ kubectl -n twistlock delete secret twistlock-secrets
    2. Retrive Console’s API address (PRISMA_CLOUD_COMPUTE_CONSOLE_URL).
      1. Sign into Prisma Cloud.
      2. Go to
        Compute > Manage > System > Utilities
        .
      3. Copy the URL under
        Path to Console
        .
    3. Retrieve Console’s hostname (PRISMA_CLOUD_COMPUTE_HOSTNAME).
      The hostname can be derived from the URL by removing the protocol scheme and path. It is simply the host part of the URL. You can also retrieve the hostname directly.
      1. Go to
        Compute > Manage > Defenders > Deploy > Defenders > Orchestrator
      2. Copy the hostname from
        Step 3
         (
        The name that Defender will use to connect to this Console
        )
    4. Generate a defender.yaml file, where:
      The following command connects to Console (specified in --address) as user <ADMIN> (specified in --user), and generates a Defender DaemonSet YAML config file according to the configuration options passed to twistcli. The --cluster-address option specifies the address Defender uses to connect to Console.
      $ <PLATFORM>/twistcli defender export kubernetes \
  --user <ADMIN_USER> \
  --address https://yourconsole.example.com:8083 \
  --cluster-address twistlock-console
      • <PLATFORM> can be linux, osx, or windows.
      • <ADMIN_USER> is the name of a Prisma Cloud user with the System Admin role.
    5. Deploy the Defender DaemonSet.
         $ kubectl create -f defender.yaml
    6. In Prisma Cloud, go to
      Compute > Manage > Defenders > Manage > DaemonSets
       to see a list of deployed Defenders.

    Upgrade the Defender DaemonSets with twistcli (OpenShift)

    Delete the Defender DaemonSet, then rerun the original install procedure.
    Prerequisites:
     You know all the parameters passed to twistcli when you initially deployed the Defender DaemonSet. You’ll need them to recreate a working configuration file for your environment.
    1. Delete the Defender DaemonSet.
      $ oc -n twistlock delete ds twistlock-defender-ds
$ oc -n twistlock delete sa twistlock-service
$ oc -n twistlock delete secret twistlock-secrets
    2. Retrive Console’s API address (PRISMA_CLOUD_COMPUTE_CONSOLE_URL).
      1. Sign into Prisma Cloud.
      2. Go to
        Compute > Manage > System > Utilities
        .
      3. Copy the URL under
        Path to Console
        .
    3. Retrieve Console’s hostname (PRISMA_CLOUD_COMPUTE_HOSTNAME).
      The hostname can be derived from the URL by removing the protocol scheme and path. It is simply the host part of the URL. You can also retrieve the hostname directly.
      1. Go to
        Compute > Manage > Defenders > Deploy > Defenders > Orchestrator
      2. Copy the hostname from
        Step 3
         (
        The name that Defender will use to connect to this Console
        )
    4. Generate a defender.yaml file, where:
      The following command connects to Console (specified in --address) as user <ADMIN> (specified in --user), and generates a Defender DaemonSet YAML config file according to the configuration options passed to twistcli. The --cluster-address option specifies the address Defender uses to connect to Console.
      $ <PLATFORM>/twistcli defender export openshift \
  --user <ADMIN_USER> \
  --address https://yourconsole.example.com:8083 \
  --cluster-address twistlock-console \
  --selinux-enabled
      • <PLATFORM> can be linux, osx, or windows.
      • <ADMIN_USER> is the name of a Prisma Cloud user with the System Admin role.
    5. Deploy the Defender DaemonSet.
         $ oc create -f defender.yaml
    6. In Prisma Cloud, go to
      Compute > Manage > Defenders > Manage > DaemonSets
       to see a list of deployed Defenders.

    Upgrade the Defender DaemonSets from Console

    Upgrade the Defender DaemonSets directly from the Console UI.
    If you can’t access your cluster with kubectl or oc, then you can upgrade Defender DaemonSets directly from the Console UI.
    Prerequisites:
     You’ve created a xref:~/authentication/credentials-store/kubernetes-credentials.adoc[kubeconfig credential] for your cluster so that Prisma Cloud can access it to upgrade the Defender DaemonSet.
    1. Log into Prisma Cloud Console.
    2. Go to
      Manage > Defenders > Manage
      .
    3. Click
      DaemonSets
      .
    4. For each cluster in the table, click
      Actions > Upgrade
      .
      The table shows a count of deployed Defenders and their new version number.

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.