1. Preparation

VM Name	IP Address	UserName / Password
Windows-Console	10.160.75.50	administrator (Auto Login)
Kubernetes Server	10.160.131.158	root / Cpwins1!
Attacker	10.160.201.222	root / Cpwins1!

1.2 Infinity Portal Registration

Step	Instructions
1	Navigate to Create Account.
2	Enter your company's name (e.g : CWPP-demo-<FirstName>-<LastName>-<CompanyName>), email address, phone number, and country.
3	Select storage location.
4	Select Industry and Business Size.
5	Select the account type (Customer is the default type). It is possible to change the account type after the account is created.
6	Select these checkboxes: Optional: Subscribe to Check Point Product News. I accept the Infinity Portal terms of service and the Privacy Policy.
7	Follow the activation instructions in the email sent to your account. To go back to the sign-in page, click Back to sign in and sign in.
8	For Partners only, apply an evaluation license: Go to Product Evaluation page Choose Other Gateway Evaluation Click the plus sign, search and select CloudGuard 'CSPM' and 'Intelligence' licensees one at a time and click next Enter your credential and click next Go the portal.checkpoint.com and link your user center account

1.3 Kubernetes Onboarding

Step

Instructions

Connect to the Kubernetes Server VM via SSH Client via one of the following options:

Click on the Kubernetes Server VM on the Environment Viewer page.

Connect from the Putty client on the Windows-Console VM.

Key	Value
IP Address	10.160.131.158
Username	root
Password	Cpwins1!

Note - if you already have access to the Kubernetes cluster, you can use that instead of the supplied "Kubernetes Server" server and skip step 2.

Execute the following commands:

Copy

sudo su
export MINIKUBE_IN_STYLE=false
minikube start --driver=none --insecure-registry="0.0.0.0/0" --kubernetes-version="1.17.0" --container-runtime=docker --auto-update-drivers=false
minikube addons enable ingress

Note It might take a few minutes to complete. You can continue while it works in the background.

In Infinity Portal > CLOUDGUARD > CWPP - Workload Protection.

Navigate to the Environments section in the Assets tab,

Click on Kubernetes.

Fill in any name that you'd like, e.g.: DemoPoint-k8s-<your_name>.

Click on Add Service Account and enter name, e.g. k8s-key-<your_name>.

Click Close on the New Service Account Details window.

The API Key ID and Secret will be filled automatically in relevant fields in the wizard.

Enter the following namespace : checkpoint.

Important - All the commands on the guide use the namespace : checkpoint , if you will create other namespace - you will need to update the namespace on the commands.

Mark all checkboxes to get all features and Press NEXT.

Select your account for Organizational Unit and Press NEXT.

Copy and execute the helm command from the instructions summary to the Kubernetes Server machine:

Once execution is finished and status is deployed click NEXT:

Wait for status SUCCESS and Press on FINISH.

If the synchronization fails, check that the agents are in a ready state:

kubectl get pods -n checkpoint

Once all the agents are in a Running state, you can re-validate the synchronization.

Important - In case you see an error or fail message you can click on finish and review the Kubernetes environment until all blades status are ok. You will see a warning sign until it is ok.

Make sure to refresh the page.

After you finish all of the lab scenarios, remember to remove your cluster protected asset from the Kubernetes environment.

You will need to delete any policy you created before doing so.