Skip to main content

Generate a Helm Deployment Chart for Defender



x-prisma-cloud-target-env: {"permission":"manageDefenders","saas":true,"self-hosted":true}
x-public: true

Creates a Helm deployment file that you can use to deploy Defenders to your cluster.

cURL Request

Refer to the following example cURL command:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-o twistlock-defender-helm.tar.gz \
-d \
"orchestration": "container",
"consoleAddr": "servo-vmware71",
"namespace": "twistlock"
}' \



    annotations object

    Annotations is mapping of key-value pairs of annotations metadata - optional.

    property name* string
    bottlerocket boolean

    Bottlerocket indicates whether to be deployed on a Bottlerocket Linux OS.

    cluster string

    Cluster is the kubernetes or ecs cluster name.

    collectPodLabels boolean

    CollectPodLabels indicates whether to collect pod related labels resource labels.

    consoleAddr string

    ConsoleAddr is the console address for defender communication.

    containerRuntime common.ContainerRuntime

    Possible values: [docker,containerd,crio]

    ContainerRuntime represents the supported container runtime types

    cpuLimit integer

    CPULimit is the cpu limit for the defender deamonset - optional.

    credentialID string

    CredentialID is the name of the credential used.

    dockerSocketPath string

    DockerSocketPath is the path of the docker socket file.

    gkeAutopilot boolean

    GKEAutopilot indicates the deployment is requested for GKE Autopilot.

    image string

    Image is the full daemonset image name.

    istio boolean

    MonitorIstio indicates whether to monitor Istio.

    memoryLimit integer

    MemoryLimit is a memory limit for the defender deamonset - optional.

    namespace string

    Namespace is the target deamonset namespaces.

    nodeSelector string

    NodeSelector is a key/value node selector.

    orchestration string

    Orchestration is the orchestration type.

    priorityClassName string

    PriorityClassName is the name of the priority class for the defender - optional.

    privileged boolean

    Privileged indicates whether to run defenders as privileged.

    projectID string

    ProjectID is the kubernetes cluster project ID.

    proxy object

    DefenderProxyOpt holds options for defender proxy configuration It embeds ProxySettings but override it's Password field with a simple string This is needed in order to avoid Secret's MarshalJSON method, which depends on existence of master key file

    ca string

    Proxy's CA for Defender to trust. Required when using TLS intercept proxies.

    httpProxy string

    Proxy address.

    noProxy string

    List of addresses for which the proxy should not be used.

    password string


    user string

    Username to authenticate with the proxy.

    region string

    Region is the kubernetes cluster location region.

    roleARN string

    RoleARN is the role's ARN to associate with the created service account - optional.

    secretsname string

    SecretsName is the name of the secret to pull.

    selinux boolean

    SelinuxEnforced indicates whether selinux is enforced on the target host.

    serviceaccounts boolean

    MonitorServiceAccounts indicates whether to monitor service accounts.

    talos boolean

    Talos indicates if the daemonset is to be deployed on a Talos Linux k8s cluster.

    tolerations object[]

    Tolerations is a list of tolerations for the defender deamonset - optional.

  • Array [
  • effect string

    Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. +optional.

    key string

    Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. +optional.

    operator string

    Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. +optional.

    tolerationSeconds int64

    TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. +optional.

    value string

    Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. +optional.

  • ]
  • uniqueHostname boolean

    UniqueHostname indicates whether to assign unique hostnames.