Install Enforcers on Kubernetes
Microsegmentation provides a close integration with Kubernetes and OpenShift to make it easy to control and monitor clusters composed of Linux hosts.
You can any of the following methods to deploy the Enforcer as a DaemonSet custom resource on your Kubernetes cluster.
The following procedures show how to install Enforcers using yaml configuration files.
Install Enforcers on AKS Clusters
To ensure the installation succeeds, your Azure Kubernetes Service (AKS) cluster must be running the Azure CNI.
- Navigate to the groupNamespacewhere you want to deploy the enforcer and once there, click on theAgent > Deploypage.
- UnderEnforcer Type, selectDaemonset
- UnderCluster Type, selectAKS (Azure Kubernetes Service).
- Select theCLI Tool Version. This is the OS of the system you use to manage your your AKS cluster.
- Select your preferredInstallation Mode, for exampleYAML.
- Copy the resulting installation script.
- To generate the two needed yaml configuration files, run the script on the system you use to manage your AKS cluster.
- enforcerd-<version>.yaml - This is the Enforcer deployment file.
- namespace-secret-<version>.yaml - This is the Enforcer credential.
- Apply the namespace-secret-<version>.yaml configuration file.kubectl apply -f namespace-secret-<version>.yamlDeploy the Enforcer.kubectl apply -f enforcerd-<version>.yamlVerify that the pods are running the Enforcer.kubectl get pods -n aporeto
Install Enforcers on EKS clustersTo install Enforcers on Amazon Elastic Kubernetes Service (EKS) clusters, you must use HELM charts.- Navigate to the groupNamespacewhere you want to deploy the enforcer and once there, click on theAgent > Deploypage.
- UnderEnforcer Type, selectDaemonset
- UnderCluster Type, selectEKS (Amazon Elastic Kubernetes Service).
- Select theCLI Tool Version. This is the OS of the system you use to manage your your EKS cluster.
- Select your preferredInstallation Mode, for exampleYAML.
- Copy the resulting installation script.
- namespace-secret-<version>.yaml - This is the Enforcer credential.
- prisma-enforcer - This folder contains the helm` charts needed for the deployment.
- Apply the namespace-secret-<version>.yaml configuration file.kubectl apply -f namespace-secret-<version>.yamlDeploy the Enforcer.helm install prisma-enforcer -n aporeto prisma-enforcerVerify that the pods are running the Enforcer.kubectl get pods -n aporetoInstall Enforcers on GKE ClustersTo install enforcers on Google Kubernetes Engine (GKE), you must disable intra-node-visibility for your cluster and enable the CNI.
- Navigate to the groupNamespacewhere you want to deploy the enforcer and once there, click on theAgent > Deploypage.
- UnderEnforcer Type, selectDaemonset
- UnderCluster Type, selectGKE (Google Kubernetes Engine).
- Select theCLI Tool Version. This is the OS of the system you use to manage your your GKE cluster.
- Select your preferredInstallation Mode, for exampleYAML.
- Copy the resulting installation script.
- enforcerd-<version>.yaml - This is the Enforcer deployment file.
- namespace-secret-<version>.yaml - This is the Enforcer credential.
- Apply the namespace-secret-<version>.yaml configuration file.kubectl apply -f namespace-secret-<version>.yamlDeploy the Enforcer.kubectl apply -f enforcerd-<version>.yamlVerify that the pods are running the Enforcer.kubectl get pods -n aporeto
Install Enforcers on Openshift Clusters- Navigate to the groupNamespacewhere you want to deploy the enforcer and once there, click on theAgent > Deploypage.
- UnderEnforcer Type, selectDaemonset
- UnderCluster Type, selectOCP4 (OpenShift 4).
- Select theCLI Tool Version. This is the OS of the system you use to manage your your OpenShift cluster.
- Selectapoctlas your preferredInstallation Mode.
- Copy the resulting installation script.
Install Enforcers on Tanzu Kubernetes GridInstall Enforcers on Standard Kubernetes
Most Popular
