cSRX Deployment in Kubernetes
Install cSRX in Kubernetes Linux Server
Prerequisites
Following are the prerequisites required for installing cSRX Container Firewall on one primary node and ’n’ number of worker nodes. Before you begin the installation:
Install kubeadm tool on both primary and worker nodes to create a cluster. See Install Kubeadm
Install and configure Docker on Linux host platform to implement the Linux container environment, see Install Docker for installation instructions on the supported Linux host operating systems.
Verify the system requirement specifications for the Linux server to deploy the cSRX Container Firewall, see Requirements for Deploying cSRX in Kubernetes.
Download cSRX Container Firewall software, see Download cSRX Software.
Deploy cSRX Pods in Kubernetes Linux Server
You can create cSRX Container Firewall as a Pod in routing mode and secure-wire mode to send traffic from one virtual machine to another virtual machine. You can define multiple virtual networks and connect cSRX Container Firewall interfaces to those virtual networks.
The network attachment definition is created with plugin ipam type as host-local which
allocates IPv4 and IPv6 addresses out of a specified address range
to ensure the uniqueness of IP addresses on a single host. The ipam type as static assigns
IPv4 and IPv6 addresses statically to container.
To deploy cSRX Container Firewall with Kubernetes:
Upgrade cSRX Image Using Deployment Rollout
You can upgrade the cSRX Container Firewall software image using Kubernetes Deployment rollout.
cSRX Image Rollback
The cSRX Container Firewall image can be rolled back to previous version using Kubernetes Deployment rollout components.
Scale cSRX Deployment
To scale the cSRX Container Firewall deployment: