We’re announcing the support of CN-Series container firewalls on Oracle Cloud Infrastructure (OCI). With this release, you can use CN-Series container firewalls to protect applications that are running on Oracle Kubernetes Engine (OKE) clusters. You can also use Helm charts to streamline the deployment of container workloads, increasing productivity.
Oracle Container Engine for Kubernetes is an Oracle-managed container orchestration service that can reduce the time and cost to build modern cloud native applications. DevOps engineers can use unmodified, open source Kubernetes for application workload portability and to simplify operations with automatic updates and patching.
This blog highlights key benefits of CN-Series Firewall, its qualifications, and how you can deploy it on OKE.
Container security meets a pressing network security problem
Without easy access to the tools that secure containerized applications, network security teams have limited visibility and control over container traffic. This issue results in slowing important development efforts and frustration across cross-functional teams.
Containers might seem like a secure option for running applications, but network-based threats still apply. Network security teams lack container expertise and don’t have the necessary tools to secure containerized apps. These problems results in a fragmented security posture that leaves modern apps vulnerable to attacks. Luckily, a solution to this problem exists.
CN-Series meets and exceeds the challenge on Oracle Kubernetes Engine
The CN-Series container firewall from Palo Alto Networks is the first next-generation firewall purpose-built to secure Kubernetes orchestration environments from network-based attacks. The CN-Series firewall enables network security teams to gain layer-7 visibility into Kubernetes environments, provide inline threat protection for containerized applications deployed anywhere, and dynamically scale security without compromising DevOps agility.
CN-Series ensures frictionless continuous integration and delivery (CI/CD) pipeline deployment while delivering unparalleled runtime network protection through unified management across all multiple firewalls.
With CN-Series available on OKE, you can now deploy CN-Series to protect you containerized applications running on OKE with the following capabilities:
-
Scale CPU and memory usage for the applications
-
Specify the optimal deployment type (Daemon set mode or Kubernetes service mode)
-
Easily configure the deployment of CN-Series container firewall to protect containerized applications using YAML files or Helm charts
For more information, check out the CN-Series Firewall on OKE demo video
Helm Charts and how they work
Kubernetes has made container-orchestration incredibly easy, but dealing with Kubernetes objects can be complex. Helm charts are a package manager, built specifically for Kubernetes applications, which helps to install, update, and upgrade complex Kubernetes applications.
Helm charts give you the following capabilities:
-
Deploy Kubernetes packages using the command line.
-
Streamline deployment of container workloads through CI/CD pipelines.
-
Enable teams to automate pre-and post-deployment actions.
-
Customize application configurations so that the Helm charts can be reused across multiple environments.
By deploying CN-Series to OKE using Helm charts, you can simplify the deployment, reduce duplication and complexity in deploying containerized workloads, and reduce the time to publish the applications quickly, increasing productivity.
Conclusion
This post highlights the benefits of using CN-Series container firewall on Oracle Kubernetes Engine and ways to deploy CN-Series. Want to learn more about the CN-Series for the Oracle Cloud Infrastructure? Check out the CN Series YouTube channel, CN-Series e-book, and Oracle Cloud Marketplace today!