Merge pull request #926 from hlxsites/runtime-pascal1-podman-CWP-61840

Podman updates (CWP-61840)

docs/en/compute-edition/33/admin-guide/install/deploy-defender/container/container.adoc

@@ -68,6 +68,19 @@ image::install-defender-deploy-page.png[width=800]
 .. Under *Deployment method*, select *Single Defender*.
 
 .. In *Defender type*, select *Container Defender - Linux* or *Container Defender - Windows*.
++ 
+When you select *Container Defender - Linux*, *Container Runtime Type* field appears.
+
+.. In *Container Runtime Type*, select *Podman* or *Docker*.
++ 
+When you select Podman, the installation script includes the `--install-podman` argument.
+If your infrastructure uses a custom Podman runtime socket path, you can specify it using the `--podman-socket` argument.
++ 
+For example, to use Podman with a custom runtime socket path, the final command would look like this:
+
++
+`curl -sSL --header "#####<Bearer TOKEN>####" -X POST <TENANT URL>/api/v1/scripts/defender.sh | sudo bash -s -- -c "stage-consoles-cwp.cloud.twistlock.com" -v --install-podman --podman-socket "<custom_runtime_socket_path>"`
+
 ifdef::compute_edition[]
 .. Select the way Defender connects to Console.
 +

docs/en/compute-edition/33/admin-guide/install/deploy-defender/defender-types.adoc

@@ -37,7 +37,7 @@ To avoid manually deploying Defenders on each container, VM, or host, you can us
 
 xref:./container/container.adoc[Deploy a container Defender] on any host that runs a container workload.
 Container Defender protects both your containers and the underlying host.
-Docker must be installed on the host because this Defender type runs as a container.
+Docker or Podman (for Linux Container Defender) must be installed on the host because this Defender type runs as a container.
 
 Container Defender offers the richest set of capabilities.
 The deployment is also the simplest.

docs/en/compute-edition/33/admin-guide/install/deploy-defender/host/windows-host.adoc

@@ -5,7 +5,7 @@ A single instance of Prisma Cloud Console can simultaneously protect both Window
 Prisma Cloud’s Intelligence Stream includes vulnerability data from Microsoft, so as new CVEs are reported, Prisma Cloud can detect them in your Windows images.
 
 The architecture for Defender on Windows is different than Defender on Linux.
-The Defender runs as a Docker container on Linux, and as a Windows service on Windows.
+The Defender runs as a Docker or a Podman container on Linux, and as a Windows service on Windows.
 On Linux, it is implemented as runtime protection in the userspace, and on Windows it is implemented using Windows drivers.
 This is because there is no concept of capabilities in Windows Docker containers like there is on Linux.
 Defender on Windows runs as service so it can acquire the permissions it needs to secure the containers on your host.

docs/en/compute-edition/33/admin-guide/technology-overviews/defender-architecture.adoc

@@ -94,7 +94,7 @@ Defender is responsible for enforcing vulnerability and compliance blocking rule
 When a blocking rule is created, Defender moves the original runC binary to a new path and inserts a Prisma Cloud runC shim binary in its place.
 
 When a command to create a container is issued, it propagates down the layers of the container orchestration stack, eventually terminating at runC.
-Regardless of your environment (Docker, Kubernetes, or OpenShift, etc) and underlying CRI provider, runC does the actual work of instantiating a container.
+Regardless of your environment (Docker, Podman, Kubernetes, or OpenShift) and underlying CRI provider, runC does the actual work of instantiating a container.
 
 image::defender_runc.png[width=350]
 

docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/container/container.adoc

@@ -42,7 +42,20 @@ image::runtime-security/install-defender-deploy-page.png[]
 
 . Under *Deployment method*, select *Single Defender*.
 
-. Select your desired *Defender type*
+. Select your desired *Defender type*.
++ 
+When you select *Container Defender - Linux* option as the Defender type, *Container Runtime Type* field appears.
+
+. In *Container Runtime Type*, select *Podman* or *Docker*.
++ 
+When you select Podman, the installation script includes the `--install-podman` argument.
+If your infrastructure uses a custom Podman runtime socket path, you can specify it using the `--podman-socket` argument.
+
++ 
+For example, to use Podman with a custom runtime socket path, the final command would look like this:
+
++ 
+`curl -sSL --header "#####<Bearer TOKEN>####" -X POST <TENANT URL>/api/v1/scripts/defender.sh | sudo bash -s -- -c "stage-consoles-cwp.cloud.twistlock.com" -v --install-podman --podman-socket "<custom_runtime_socket_path>"`
 
 . Under *The name that Defender will use to connect to this Console* select the correct item from the list of IP addresses and hostnames pre-populated in the drop-down list.
 After adding a SAN, your IP address or hostname will be available in the drop-down list.

docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/defender-architecture.adoc

@@ -84,7 +84,7 @@ Defender is responsible for enforcing vulnerability and compliance blocking rule
 When a blocking rule is created, Defender moves the original runC binary to a new path and inserts a Prisma Cloud runC shim binary in its place.
 
 When a command to create a container is issued, it propagates down the layers of the container orchestration stack, eventually terminating at runC.
-Regardless of your environment (Docker, Kubernetes, or OpenShift, etc) and underlying CRI provider, runC does the actual work of instantiating a container.
+Regardless of your environment (Docker, Podman, Kubernetes, or OpenShift) and underlying CRI provider, runC does the actual work of instantiating a container.
 
 image::runtime-security/defender-runc.png[]
 

docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/defender-types.adoc

@@ -28,7 +28,7 @@ To avoid manually deploying Defenders on each container, VM, or host, you can us
 
 xref:./container/container.adoc[Deploy a container Defender] on any host that runs a container workload.
 Container Defender protects both your containers and the underlying host.
-Docker must be installed on the host because this Defender type runs as a container.
+Docker or Podman (for Linux Container Defender) must be installed on the host because this Defender type runs as a container.
 
 Container Defender offers the richest set of capabilities.
 The deployment is also the simplest.

docs/en/enterprise-edition/content-collections/runtime-security/install/deploy-defender/host/windows-host.adoc

@@ -6,7 +6,7 @@ A single instance of Prisma Cloud Console can simultaneously protect both Window
 Prisma Cloud’s Intelligence Stream includes vulnerability data from Microsoft, so as new CVEs are reported, Prisma Cloud can detect them in your Windows images.
 
 The architecture for Defender on Windows is different than Defender on Linux.
-The Defender runs as a Docker container on Linux, and as a Windows service on Windows.
+The Defender runs as a Docker or a Podman container on Linux, and as a Windows service on Windows.
 On Linux, it is implemented as runtime protection in the userspace, and on Windows it is implemented using Windows drivers.
 This is because there is no concept of capabilities in Windows Docker containers like there is on Linux.
 Defender on Windows runs as service so it can acquire the permissions it needs to secure the containers on your host.