Install Enforcers on Kubernetes

Microsegmentation provides a close integration with Kubernetes and OpenShift to make it easy to control and monitor clusters composed of Linux hosts.
You can any of the following methods to deploy the Enforcer as a DaemonSet custom resource on your Kubernetes cluster.
The following procedures show how to install Enforcers using yaml configuration files.

Install Enforcers on AKS Clusters

To ensure the installation succeeds, your Azure Kubernetes Service (AKS) cluster must be running the Azure CNI.
  1. Navigate to the group
    Namespace
    where you want to deploy the enforcer and once there, click on the
    Agent > Deploy
    page.
  2. Under
    Enforcer Type
    , select
    Daemonset
  3. Under
    Cluster Type
    , select
    AKS (Azure Kubernetes Service)
    .
  4. Select the
    CLI Tool Version
    . This is the OS of the system you use to manage your your AKS cluster.
  5. Select your preferred
    Installation Mode
    , for example
    YAML
    .
  6. Copy the resulting installation script.
  7. To generate the two needed yaml configuration files, run the script on the system you use to manage your AKS cluster.
  8. Apply the namespace-secret-<version>.yaml configuration file.
    kubectl apply -f namespace-secret-<version>.yaml
  9. Deploy the Enforcer.
    kubectl apply -f enforcerd-<version>.yaml
  10. Verify that the pods are running the Enforcer.
    kubectl get pods -n aporeto

Install Enforcers on EKS clusters

To install Enforcers on Amazon Elastic Kubernetes Service (EKS) clusters, you must use HELM charts.
  1. Navigate to the group
    Namespace
    where you want to deploy the enforcer and once there, click on the
    Agent > Deploy
    page.
  2. Under
    Enforcer Type
    , select
    Daemonset
  3. Under
    Cluster Type
    , select
    EKS (Amazon Elastic Kubernetes Service)
    .
  4. Select the
    CLI Tool Version
    . This is the OS of the system you use to manage your your EKS cluster.
  5. Select your preferred
    Installation Mode
    , for example
    YAML
    .
  6. Copy the resulting installation script.
  7. To generate the needed yaml configuration file and the folder with the needed helm charts, run the script on the system you use to manage your EKS cluster.
  8. Apply the namespace-secret-<version>.yaml configuration file.
    kubectl apply -f namespace-secret-<version>.yaml
  9. Deploy the Enforcer.
    helm install prisma-enforcer -n aporeto prisma-enforcer
  10. Verify that the pods are running the Enforcer.
    kubectl get pods -n aporeto

Install Enforcers on GKE Clusters

To install enforcers on Google Kubernetes Engine (GKE), you must disable intra-node-visibility for your cluster and enable the CNI.
  1. Navigate to the group
    Namespace
    where you want to deploy the enforcer and once there, click on the
    Agent > Deploy
    page.
  2. Under
    Enforcer Type
    , select
    Daemonset
  3. Under
    Cluster Type
    , select
    GKE (Google Kubernetes Engine)
    .
  4. Select the
    CLI Tool Version
    . This is the OS of the system you use to manage your your GKE cluster.
  5. Select your preferred
    Installation Mode
    , for example
    YAML
    .
  6. Copy the resulting installation script.
  7. To generate the needed yaml configuration file and the folder with the needed helm charts, run the script on the system you use to manage your GKE cluster.
    1. enforcerd-<version>.yaml - This is the Enforcer deployment file.
    2. namespace-secret-<version>.yaml - This is the Enforcer credential.
  8. Apply the namespace-secret-<version>.yaml configuration file.
    kubectl apply -f namespace-secret-<version>.yaml
  9. Deploy the Enforcer.
    kubectl apply -f enforcerd-<version>.yaml
  10. Verify that the pods are running the Enforcer.
    kubectl get pods -n aporeto

Install Enforcers on Openshift Clusters

  1. Navigate to the group
    Namespace
    where you want to deploy the enforcer and once there, click on the
    Agent > Deploy
    page.
  2. Under
    Enforcer Type
    , select
    Daemonset
  3. Under
    Cluster Type
    , select
    OCP4 (OpenShift 4)
    .
  4. Select the
    CLI Tool Version
    . This is the OS of the system you use to manage your your OpenShift cluster.
  5. Select
    apoctl
    as your preferred
    Installation Mode
    .
  6. Copy the resulting installation script.

Install Enforcers on Tanzu Kubernetes Grid

Install Enforcers on Standard Kubernetes

Recommended For You