You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/faq-defender-for-containers.yml
-7Lines changed: 0 additions & 7 deletions
Original file line number
Diff line number
Diff line change
@@ -29,13 +29,6 @@ sections:
29
29
answer: |
30
30
No. Only Azure Kubernetes Service (AKS) clusters that use Virtual Machine Scale Sets for the nodes is supported.
31
31
32
-
- question: |
33
-
Does Microsoft Defender for Containers support clusters in a private network?
34
-
answer: |
35
-
No. Only the configurations described [here](support-matrix-defender-for-containers.md#kubernetes-distributionsconfigurations-support-eks) are supported. For a workaround, you can try one of these options:
36
-
- Allow inbound network traffic during deployment, and then disable it after the deployment is complete. You will need to repeat this action for every upgrade.
37
-
- Contact AWS and see if you can add the the official AWS mirror server to your Security Group. The server that Defender for Cloud uses to download the kernel headers is `amazonlinux.<aws region>.amazonaws.com`.
38
-
39
32
- question: |
40
33
Do I need to install the Log Analytics VM extension on my AKS nodes for security protection?
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/includes/defender-for-containers-enable-plan-gke.md
+10-3Lines changed: 10 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,6 +13,9 @@ author: dcurwin
13
13
14
14
To protect your GKE clusters, you'll need to enable the Containers plan on the relevant GCP project.
15
15
16
+
> [!NOTE]
17
+
> Verify that you don't have any Azure policies that prevent the Arc installation.
18
+
16
19
**To protect Google Kubernetes Engine (GKE) clusters**:
17
20
18
21
1. Sign in to the [Azure portal](https://portal.azure.com).
@@ -46,8 +49,12 @@ The connector will update after the script executes. This process can take up to
46
49
If you disabled any of the default auto provisioning configurations to Off, during the [GCP connector onboarding process](../quickstart-onboard-gcp.md#configure-the-defender-for-containers-plan), or afterwards. You'll need to manually install Azure Arc-enabled Kubernetes, the Defender extension, and the Azure Policy extensions to each of your GKE clusters to get the full security value out of Defender for Containers.
47
50
48
51
There are 2 dedicated Defender for Cloud recommendations you can use to install the extensions (and Arc if necessary):
49
-
-`GKE clusters should have Microsoft Defender's extension for Azure Arc installed`
50
-
-`GKE clusters should have the Azure Policy extension installed`
52
+
53
+
-`GKE clusters should have Microsoft Defender's extension for Azure Arc installed`
54
+
-`GKE clusters should have the Azure Policy extension installed`
55
+
56
+
> [!NOTE]
57
+
> When installing Arc extensions, you must verify that the GCP project provided is identical to the one in the relevant connector.
51
58
52
59
**To deploy the solution to specific clusters**:
53
60
@@ -72,7 +79,7 @@ There are 2 dedicated Defender for Cloud recommendations you can use to install
72
79
73
80
:::image type="content" source="../media/defender-for-containers-enable-plan-gke/fix-button.png" alt-text="Screenshot showing the location of the fix button.":::
74
81
75
-
1. Defender for Cloud will generate a script in the language of your choice:
82
+
1. Defender for Cloud will generate a script in the language of your choice:
0 commit comments