Known Issues in Kubernetes Plugin 4.0.0
Table of Contents
Expand all | Collapse all
-
-
-
-
- Features Introduced in Zero Touch Provisioning 2.0
- Known Issues in the Zero Touch Provisioning 2.0.4 Release
- Known Issues in the Zero Touch Provisioning 2.0.3 Release
- Known Issues in the Zero Touch Provisioning 2.0.2 Release
- Known Issues in the Zero Touch Provisioning 2.0.1 Release
- Known Issues in the Zero Touch Provisioning 2.0.0 Release
- Limitations
-
-
Known Issues in Kubernetes Plugin 4.0.0
The following list describes known issues in the Panorama plugin for
Kubernetes version 4.0.0.
PLUG-10781
The maximum number of CN-DB pods allowed to be configured on a Kubernetes Cluster is 4.
When configuring the deployment using CLI, if the desired number of CN-DB pods is
greater than 4 , then no restriction is thrown during the commit validation or CLI
completion..
Workaround: It is recommended to use the UI for configuring the Kubernetes 4.0.0
plugin.
PLUG-10847
When undeploying a CN-Series HSF Cluster, if the deployment cluster config is deleted
immediately, the cleanup remains incomplete.
Workaround: After undeploying a CN-Cluster, you should wait for two minutes, and then
delete the deployment config for a complete cleanup.
PLUG-11273
Memory in the CN-DB, CN-GW, and CN-NGFW pods from Kubernetes plugin UI can only be
increased within the Small, medium, and large flavor bands.
You can update the memory only within the currently running flavor band.
PLUG-11288
When undeploying the CN-Cluster, the configd is crashed. After recovering the
configd, the cluster deployment gets stuck at the deleting state.
Workaround: When the configd crashes, wait for the configd to
stabilize and run the plugin CLI command request plugins kubernetes deployment
<deployment-name> delete to bring down the deployment procedure, and
bring the plugin, panorama, and kubernetes cluster to a clean state.
PLUG-11352
Downgrade of PAN-OS 11.0.0 to 10.2.0 fails.
Workaround: You should uninstall the Kubernetes plugin 4.0.0 before
attempting the PAN-OS downgrade from 11.0.0 to 10.2.0.
PLUG-12182
Shared Dynamic Address Group does not support Nested Dynamic Address Group. Hence,
the IP addresses pushed to managed devices do not have the expected IPs.
PLUG-11956
On Kubernetes plugin 4.0.0 UI, you can configure MTU with jumbo mode, but it is not
translated to the YAML file. The default MTU supported is 9000 in the YAML irrespective
of the UI value.
PLUG-11375
There are multiple metrics for various triggers in HPA. However, on Kubernetes
plugin 4.0.0, the multiple metrics cannot be enabled for HPA.
PLUG-11329
If pan-mgmt-serviceaccount.yaml file is not deployed, the CN-MGMT pods do not show
up in kubectl -n kube-system get pods. The deployment is stuck for a long time and it
takes at least 20 minutes for the deployment failure message to appear.
Workaround: As a prerequisite, you must ensure that the
pan-mgmt-serviceaccount.yaml is applied before starting
the deployment.
PLUG-11335
If an HSF cluster is deployed without deploying the net-attach-def, the pod
status is shown as pending on the plugin CLI whereas it is in ContainerCreating
state on a k8s cluster.
Workaround: As a pre-requisite, ensure that the net-attach-def is deployed
before creating the CN-cluster deployment.
PLUG-11373
The CN-Series deployment is supported only in the default namespace
kube-system.
The non-MP (CN-DB, CN-GW, CN-NGFW) pods do not connect to CN-MGMT when deployed in the
default namespace.
PLUG-12258
When multiple service accounts are configured and one of these accounts is deleted
from the plugin config, the plugin does not clean up this deleted account from the
CN-DB.