Repository for Palo Alto Networks Kubernetes Security - CN Series.

CN-Series Next-Generation Firewall Deployment

This is a repository for YAMLs to deploy CN-Series Next-Generation Firewall from Palo Alto Networks. To learn more about deploying CN-Series, please consult the official Deployment Guide.


Clone the git repository to your host:

git clone https://github.com/PaloAltoNetworks/Kubernetes.git

Change directory into the Kubernetes git repository:

cd Kubernetes

Each YAML version is stored as part of a separate tag. To get all tags in the repository, execute the following command:

git tag

Determine the YAML version number which is required for the PAN-OS version which has been deployed. Please see the CN-Series firewall image and file compatibility list here


Checkout the repository to the appropriate tag. For example, a PAN-OS 10.1.3 deployment requires the following checkout:

git checkout v3.0.2 

Change directory to the appropriate sub-directory for the deployment. As an example, a Kubernetes Service deployment on GKE would require the following command:

cd pan-cn-k8s-service/gke/

Edit and deploy the YAML in this directory as required.

Developer Sites


Copyright © 2024 Palo Alto Networks, Inc. All rights reserved.