This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

如何在Kubernetes Master节点部署defender

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

如何在Kubernetes Master节点部署defender

huwang
L2 Linker

on ‎12-18-2022 06:53 PM

Did you find this article helpful? Yes No
No ratings

为什么Master节点未部署defender?

在使用Kubernetes集群时,通常应用是不会调度到master节点。因为k8s集群默认给master节点加了Taints(污点),意味着不允许pod调度到该节点。

如下图所示:

huwang_1-1671417394706.png

 

注意输出信息中taints值,后文中修改yaml文件将用到

如何在Master节点部署Defender?

通常有两种办法将Pod安装在标记了Taints的节点:

  • 去掉该节点的taints(不建议,这将对用户集群产生较大影响,所有的pod都将能够部署在这个节点)
  • 添加tolerations[容忍] (建议的方式,对用户集群无影响,仅将prisma cloud defender部署在master节点)

本文仅示例第二种方式:

登录prisma cloud console,跳转到Manage->Defenders->Deploy即可生成yaml文件

在yaml文件中添加tolerations,并部署defender,如下图:

huwang_3-1671417869625.png

注意:yaml文件中tolerations key值需与实际环境一致,该值可通过kubectl describe nodes查看

 

完成yaml文件修改后,执行kubectl create -f xxx.yaml 完成部署

 

 

 

Rate this article:
0 Likes Likes
Register or Sign-in
Contributors
Article Dashboard
Version history
Last update:
‎12-18-2022 06:53 PM
Updated by:
LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks