article 如何在Kubernetes Master节点部署defender in 配置和实施 https://live.paloaltonetworks.com/t5/%E9%85%8D%E7%BD%AE%E5%92%8C%E5%AE%9E%E6%96%BD/%E5%A6%82%E4%BD%95%E5%9C%A8kubernetes-master%E8%8A%82%E7%82%B9%E9%83%A8%E7%BD%B2defender/ta-p/524443 <DIV class="lia-message-template-symptoms-zone"> <H2>为什么Master节点未部署defender?</H2> <P>在使用Kubernetes集群时,通常<SPAN>应用是不会调度到master节点。因为k8s集群默认给master节点加了Taints(污点),意味着不允许pod调度到该节点。</SPAN></P> <P>如下图所示:</P> <span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="huwang_1-1671417394706.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/46230iE680535B87A457D7/image-size/medium?v=v2&amp;px=400" role="button" title="huwang_1-1671417394706.png" alt="huwang_1-1671417394706.png" /></span> <P>&nbsp;</P> <P>注意输出信息中taints值,后文中修改yaml文件将用到</P> </DIV> <DIV class="lia-message-template-solution-zone"> <H2>如何在Master节点部署Defender?</H2> <P>通常有两种办法将Pod安装在标记了<SPAN>Taints的节点:</SPAN></P> <UL> <LI><SPAN>去掉该节点的taints(不建议,这将对用户集群产生较大影响,所有的pod都将能够部署在这个节点)</SPAN></LI> <LI><SPAN>添加tolerations[容忍] (建议的方式,对用户集群无影响,仅将prisma cloud defender部署在master节点)</SPAN></LI> </UL> <P><SPAN>本文仅示例第二种方式:</SPAN></P> <P><SPAN>登录prisma cloud console,跳转到Manage-&gt;Defenders-&gt;Deploy即可生成yaml文件</SPAN></P> <P><SPAN>在yaml文件中添加tolerations,并部署defender,</SPAN><SPAN>如下图:</SPAN></P> <span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="huwang_3-1671417869625.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/46231i523937C6D7833373/image-size/medium?v=v2&amp;px=400" role="button" title="huwang_3-1671417869625.png" alt="huwang_3-1671417869625.png" /></span> <P>注意:yaml文件中tolerations key值需与实际环境一致,该值可通过kubectl describe nodes查看</P> <P>&nbsp;</P> <P>完成yaml文件修改后,执行kubectl create -f xxx.yaml 完成部署</P> <P style="margin: 0in; font-family: Calibri; font-size: 14.0pt; color: black;">&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> </DIV> Mon, 19 Dec 2022 02:53:39 GMT huwang 2022-12-19T02:53:39Z 如何在Kubernetes Master节点部署defender https://live.paloaltonetworks.com/t5/%E9%85%8D%E7%BD%AE%E5%92%8C%E5%AE%9E%E6%96%BD/%E5%A6%82%E4%BD%95%E5%9C%A8kubernetes-master%E8%8A%82%E7%82%B9%E9%83%A8%E7%BD%B2defender/ta-p/524443 <DIV class="lia-message-template-symptoms-zone"> <H2>为什么Master节点未部署defender?</H2> <P>在使用Kubernetes集群时,通常<SPAN>应用是不会调度到master节点。因为k8s集群默认给master节点加了Taints(污点),意味着不允许pod调度到该节点。</SPAN></P> <P>如下图所示:</P> <span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="huwang_1-1671417394706.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/46230iE680535B87A457D7/image-size/medium?v=v2&amp;px=400" role="button" title="huwang_1-1671417394706.png" alt="huwang_1-1671417394706.png" /></span> <P>&nbsp;</P> <P>注意输出信息中taints值,后文中修改yaml文件将用到</P> </DIV> <DIV class="lia-message-template-solution-zone"> <H2>如何在Master节点部署Defender?</H2> <P>通常有两种办法将Pod安装在标记了<SPAN>Taints的节点:</SPAN></P> <UL> <LI><SPAN>去掉该节点的taints(不建议,这将对用户集群产生较大影响,所有的pod都将能够部署在这个节点)</SPAN></LI> <LI><SPAN>添加tolerations[容忍] (建议的方式,对用户集群无影响,仅将prisma cloud defender部署在master节点)</SPAN></LI> </UL> <P><SPAN>本文仅示例第二种方式:</SPAN></P> <P><SPAN>登录prisma cloud console,跳转到Manage-&gt;Defenders-&gt;Deploy即可生成yaml文件</SPAN></P> <P><SPAN>在yaml文件中添加tolerations,并部署defender,</SPAN><SPAN>如下图:</SPAN></P> <span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="huwang_3-1671417869625.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/46231i523937C6D7833373/image-size/medium?v=v2&amp;px=400" role="button" title="huwang_3-1671417869625.png" alt="huwang_3-1671417869625.png" /></span> <P>注意:yaml文件中tolerations key值需与实际环境一致,该值可通过kubectl describe nodes查看</P> <P>&nbsp;</P> <P>完成yaml文件修改后,执行kubectl create -f xxx.yaml 完成部署</P> <P style="margin: 0in; font-family: Calibri; font-size: 14.0pt; color: black;">&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> </DIV> Mon, 19 Dec 2022 02:53:39 GMT https://live.paloaltonetworks.com/t5/%E9%85%8D%E7%BD%AE%E5%92%8C%E5%AE%9E%E6%96%BD/%E5%A6%82%E4%BD%95%E5%9C%A8kubernetes-master%E8%8A%82%E7%82%B9%E9%83%A8%E7%BD%B2defender/ta-p/524443 huwang 2022-12-19T02:53:39Z