Prisma Cloud: DaemonSet Defender Cluster Name is Not Changing After Editing the DEFENDER_CLUSTER Environment Variable

Prisma Cloud: DaemonSet Defender Cluster Name is Not Changing After Editing the DEFENDER_CLUSTER Environment Variable

292
Created On 07/18/25 20:35 PM - Last Modified 10/16/25 19:01 PM


Symptom


• The DEFENDER_CLUSTER value provided by the user is not used by the Defender DaemonSet. Instead, the AKS cluster API name is used.

• The following log entry is observed in the Defender logs:

WARN ####-##-##T##:##:##.### defender.go:### Cluster name env var specified, but resolving method is not manual, ignoring cluster name

 

Environment


• Prisma Cloud

• Prisma Cloud - Kubernetes Orchestrator Defender (DaemonSet)

Cause


The issue is due to DEFENDER_CLUSTER_NAME_RESOLVING_METHOD value not being set to "manual" in the daemonset.yaml.

Resolution


Generate a new DaemonSet.yaml from the Console or collect the current DaemonSet.yaml in use on the relevant cluster: 

kubectl get ds -n twistlock twistlock-defender-ds -o yaml > your_file_name.yaml

 

Find the portion of the .yaml file containing the container environment variables. This will look similar to as follows:

    spec:
      containers:
      - env:
        - name: WS_ADDRESS
          value: wss://###############
        - name: DEFENDER_TYPE
          value: cri
        - name: LOG_PROD
          value: "true"
        - name: SYSTEMD_ENABLED
          value: "false"
        - name: DOCKER_CLIENT_ADDRESS
          value: /var/run/docker.sock
        - name: DEFENDER_CLUSTER_ID
          value: ###############
        - name: DEFENDER_CLUSTER_NAME_RESOLVING_METHOD
        - name: DEFENDER_CLUSTER
        - name: MONITOR_SERVICE_ACCOUNTS
          value: "true"
        - name: MONITOR_ISTIO
          value: "false"
        - name: COLLECT_POD_LABELS
          value: "true"
        - name: INSTALL_BUNDLE
          value: ###############
        - name: HOST_CUSTOM_COMPLIANCE_ENABLED
          value: "false"
        - name: CLOUD_HOSTNAME_ENABLED
          value: "false"
        - name: DISABLE_NFS_TRACKING
          value: "true"
        - name: FSMON_V2
          value: "true"
        - name: FIPS_ENABLED
          value: "false"

 

Change the value of DEFENDER_CLUSTER_NAME_RESOLVING_METHOD to "manual".

Change the value of DEFENDER_CLUSTER to your desired value. This will reflect in your Console UI under Manage > Defenders > Defenders: Deployed.

 

The above changes should look similar to as follows:

    spec:
      containers:
      - env:
        [...]
        - name: DEFENDER_CLUSTER_NAME_RESOLVING_METHOD
          value: "manual" #Value changed to "manual".
        - name: DEFENDER_CLUSTER
          value: "your_cluster_name" #Value changed as desired.
[...]

 

Following these changes, the Defenders should reflect the specified name in your Console UI.

Additional Information


N/A
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000fxt2KAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail