What is the valid command to setup the cluster for CN-series firewall HSF Deployment and to prepare the extend permissions for service account?
What is the valid command to setup the cluster for CN-series firewall HSF Deployment and to prepare the extend permissions for service account?
The correct sequence to set up the cluster for CN-series firewall HSF deployment involves first creating the necessary service accounts, and then managing the secrets to form a credentials file. The correct steps are: kubectl apply -f plugin-deploy-serviceaccount.yaml, followed by kubectl apply -f pan-mgmt-serviceaccount.yaml, then retrieving the secrets with kubectl -n kube-system get secrets, and finally extracting the needed secret into a JSON file with kubectl -n kube-system get secrets (secrets-from-above-command) -o json >> cred.json.
"B" is the correct answer. Check out the "Service Account" section: https://docs.paloaltonetworks.com/cn-series/deployment/hsf-deployment/cn-series-hsf/prerequisites-to-deploy-the-cn-series-hsf/prepare-the-cluster
The service account enables the permissions that Panorama requires to authenticate to the cluster for retrieving Kubernetes labels and resource information. This service account is named pan-plugin-user by default. kubectl apply -f plugin-deploy-serviceaccount.yaml kubectl apply -f pan-mgmt-serviceaccount.yaml kubectl -n kube-system get secrets | grep pan-plugin-user-token Create the credential file, cred.json for example, that includes the secrets and save this file. You need to upload this file to Panorama to set up the Kubernetes plugin for monitoring the clusters. kubectl -n kube-system get secrets (secrets-from-above-command) -o json >> cred.json Upload the cred.json to the kubernetes plugin and verify the validation status. [https://docs.paloaltonetworks.com/cn-series/deployment/hsf-deployment/cn-series-hsf/prerequisites-to-deploy-the-cn-series-hsf/prepare-the-cluster]