The Kubernetes 3.0.0 plugin supports the following functionalities:

Retrieve IPv6 Addresses for Multus CNI Setup

In a Multus CNI setup, each pod has multiple interfaces and these interfaces can have IPv6 or IPv4 addresses. The Kubernetes 3.0.0 Plugin queries and collects the IPv4 and IPv6 addresses for Multus CNI.

Tag Pruning

Tag Pruning increases the scalability of the plugin and the number of tags collected by the plugin. It enables the plugin to collect an increased number of tags and push them to Panorama without IP addresses. Panorama has only a 10MB payload limitation, and with Tag Pruning, the plugin can send empty tags to Panorama and only send IP addresses for tags that are used in Security Policies. In case of a shared DG on Panorama, the plugin cannot learn the DAGs and hence the IP addresses will not be pushed.

Service Account Validation

The Kubernetes 3.0.0 Plugin supports service account file validation as a pre-commit, where the validation takes place after the user adds a service account file and commits the credentials. By using this method, the plugin can implement periodic checks for service accounts and update their status accordingly.

Dashboard

For tags not used in DG security policies, Panorama only holds tags without IP addresses. With Tag Pruning, the plugin pushes the IP/tag mappings on to the plugin UI and you will be able to navigate the Dashboard to see the IP/tag mappings. You will have an option to view IP addresses (IPv4 and IPv6) associated to all tags learnt by the plugin and then, look for the tags associated to each IP address when you click associated tags.

The Kubernetes 3.0.0 Plugin works only with Panorama 10.2 and Pan OS 10.2 devices. However, it can manage 10.1 firewall devices on 10.2 Panorama.