Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    FortiADC Kubernetes Controller Deployment Guide

    Home FortiADC Kubernetes Controller FortiADC Kubernetes Controller Deployment Guide

    Service Annotations

    Service Annotations

    You can define the health check profile and SSL profile in the Kubernetes service annotation.

    The health check profile and SSL profile will be automatically configured in the corresponding real server pool on FortiADC.

    Parameter

    Description

    Default
    health-check-ctrl Enable/disable the health checking for the real server pool. disable
    health-check-relation

    • AND — All of the selected health checks must pass for the server to be considered available.

    • OR — One of the selected health checks must pass for the server to be considered available.

    health-check-list

    One or more health check configuration names. Concatenate the health check names with a space between each name.

    For example: "LB_HLTHCK_ICMP LB_HLTHCK_HTTP".

    For more details, see the FortiADC Administration Guide on health checks.
    real-server-ssl-profile

    Specify the real server SSL profile name. Real server profiles determine settings for communication between FortiADC and the backend real servers.

    The default is NONE, which is applicable for non-SSL traffic.

    For more details, see the FortiADC Administration Guide on SSL profiles.

    		 NONE

    overlay_tunnel

    Specify the overlay tunnel name. This is used for services with the ClusterIP type.

    Here is an example service.yaml with health check parameters:

    kind: Service
apiVersion: v1
metadata:
  labels:
  name: default-http-backend
  namespace: default
  annotations: {
    "health-check-ctrl" : "enable",
    "health-check-relation" : "OR",
    "health-check-list" : "LB_HLTHCK_ICMP",
    "real-server-ssl-profile" : "NONE"
  }
spec:
  type: NodePort
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  sessionAffinity: None
    Previous
    Next

    Service Annotations

    Service Annotations

    You can define the health check profile and SSL profile in the Kubernetes service annotation.

    The health check profile and SSL profile will be automatically configured in the corresponding real server pool on FortiADC.

    Parameter

    Description

    Default
    health-check-ctrl Enable/disable the health checking for the real server pool. disable
    health-check-relation

    • AND — All of the selected health checks must pass for the server to be considered available.

    • OR — One of the selected health checks must pass for the server to be considered available.

    health-check-list

    One or more health check configuration names. Concatenate the health check names with a space between each name.

    For example: "LB_HLTHCK_ICMP LB_HLTHCK_HTTP".

    For more details, see the FortiADC Administration Guide on health checks.
    real-server-ssl-profile

    Specify the real server SSL profile name. Real server profiles determine settings for communication between FortiADC and the backend real servers.

    The default is NONE, which is applicable for non-SSL traffic.

    For more details, see the FortiADC Administration Guide on SSL profiles.

    		 NONE

    overlay_tunnel

    Specify the overlay tunnel name. This is used for services with the ClusterIP type.

    Here is an example service.yaml with health check parameters:

    kind: Service
apiVersion: v1
metadata:
  labels:
  name: default-http-backend
  namespace: default
  annotations: {
    "health-check-ctrl" : "enable",
    "health-check-relation" : "OR",
    "health-check-list" : "LB_HLTHCK_ICMP",
    "real-server-ssl-profile" : "NONE"
  }
spec:
  type: NodePort
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  sessionAffinity: None
    Previous
    Next