Component installation¶

This topic provides general guidance for installing Palo Alto Networks enterprise Kubernetes components.

Helm-based installation methods¶

All enterprise components have Helm charts which you can install using Helm or tools such as Flux CD, Argo CD, or Kustomize.

Helm has some limitations, so use Flux CD and Argo CD to:

• Install enterprise components in a specific order.

• Install interdependent components, since Helm umbrella charts are not supported.

  Helm subchart limitations

  Helm installs subcharts in parallel. If a component depends on CRDs or webhooks from another component, the installation fails because those resources don't exist yet. Use Helmfile, Flux CD, or Argo CD instead, as they resolve install order using a dependency graph.

• Use post-processing for fields that are not parameterized or not supported as parameters in Helm charts.

  • For Helm, use the --post-renderer flag. See the Helm documentation.
  • For Flux CD, use the postRenderers field. See the Flux CD documentation.
  • For Argo CD, combine Helm and Kustomize. See this Argo CD example.
  • For Helmfile, use Adhoc Kustomizations. See the Helmfile documentation.
  Parameterization limits

  Not all requests to parameterize fields can be met, as we try to avoid over-complicating Helm charts.

Obtaining enterprise components¶

Use the Next-Gen Trust Security registry, where the enterprise kubernetes components are distributed as Open Container Initiative (OCI) images. The registry also contains FIPS versions. See Configuring the Next-Gen Trust Security registry.

You can also replicate images to your own registry for production use.

To verify image integrity, confirm that an image is signed by Palo Alto Networks.

Related links¶

• Component metrics
• Backing up components
• Upgrading components
• Custom CA bundles