How to configure Twistlock to use Nginx Ingress Controller in Kubernetes

How to configure Twistlock to use Nginx Ingress Controller in Kubernetes

215
Created On 11/11/19 22:36 PM - Last Updated 12/20/19 18:36 PM
Containers Prisma Cloud Prisma Cloud Compute Edition
Objective
This guide shows you how to configure the Nginx ingress controller for Twistlock Console communications. Console serves its UI and API on ports 8081 (HTTP) and 8083 (HTTPS). You’ll set up an ingress controller to forward requests to port 8081 on the backend Console.

Note that the Console and Defender communications that occur over port 8084 are not included in this example. There are properties of those connections that are not well supported by the Nginx Ingress.

Prerequisites
  • You have a Kubernetes cluster and you can create LoadBalancers from YAML configuration files.
  • You have enabled Ingress on your cluster.


Procedure
Your controller should point to / on your twistlock-console service.

In the sample provided below, you create an ingress definition for "console-yourconsole.example.com". Both of these endpoints should point to your twistlock-console service created by the DaemonSet definition you generated during your Kubernetes install.

ingress.yml
 
#---incomplete sample ingress definitions---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: console-ingress
  namespace: twistlock
  annotations:
    kubernetes.io/ingress.class: "nginx"
    # your other ingress annotations
spec:
  rules:
  - host: console-yourconsole.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: twistlock-console
          servicePort: 8081
  tls:
  - secretName: console-cert
    hosts:
    - console-yourconsole.example.com


Additional Information
For the complete install procedure for Kubernetes, see Installing Twistlock on Kubernetes.

Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNQoCAO&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments