Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    FortiADC Kubernetes Controller Deployment Guide

    Home FortiADC Kubernetes Controller FortiADC Kubernetes Controller Deployment Guide

    Preparing for the Validating and Conversion Webhook Servers

    Preparing for the Validating and Conversion Webhook Servers

    Starting with version 3.1.0, the FortiADC Kubernetes Controller introduces Validating and Conversion Webhook Servers. This component acts as a security gatekeeper, ensuring that any Ingress or Custom Resource configuration is technically valid before it is accepted by the cluster and pushed to the FortiADC appliance.

    Why cert-manager is Required

    The Kubernetes API server requires an encrypted HTTPS connection to communicate with the webhook server. To facilitate this mandatory secure TLS connection, you must deploy cert-manager to automate the issuance and management of the required certificates.

    Upon deployment, the controller uses cert-manager to establish a self-signed ClusterIssuer and a Certificate resource, ensuring all internal communication remains encrypted.

    You must complete the cert-manager installation before installing or upgrading to FortiADC Kubernetes Controller 3.1.0. If cert-manager is not running, the controller pod will fail to initialize.

    Installation Steps

    Compatibility has been verified with cert-manager v1.19.1. Follow these steps to deploy it using Helm:

    1. Add the Jetstack Helm repository:

      helm repo add jetstack https://charts.jetstack.io
helm repo update

    2. Install cert-manager: The following command creates the cert-manager namespace and installs the necessary Custom Resource Definitions (CRDs):

      helm install --debug cert-manager jetstack/cert-manager \
       --namespace cert-manager \
       --create-namespace \
       --version v1.19.1 \
       --set crds.enabled=true

    3. Verify the installation: Ensure the cert-manager pods are running before proceeding to the controller deployment:

      kubectl get pods -n cert-manager

    For more information, see the cert-manager documentation: https://cert-manager.io/docs/installation/.

    Previous
    Next

    Preparing for the Validating and Conversion Webhook Servers

    Preparing for the Validating and Conversion Webhook Servers

    Starting with version 3.1.0, the FortiADC Kubernetes Controller introduces Validating and Conversion Webhook Servers. This component acts as a security gatekeeper, ensuring that any Ingress or Custom Resource configuration is technically valid before it is accepted by the cluster and pushed to the FortiADC appliance.

    Why cert-manager is Required

    The Kubernetes API server requires an encrypted HTTPS connection to communicate with the webhook server. To facilitate this mandatory secure TLS connection, you must deploy cert-manager to automate the issuance and management of the required certificates.

    Upon deployment, the controller uses cert-manager to establish a self-signed ClusterIssuer and a Certificate resource, ensuring all internal communication remains encrypted.

    You must complete the cert-manager installation before installing or upgrading to FortiADC Kubernetes Controller 3.1.0. If cert-manager is not running, the controller pod will fail to initialize.

    Installation Steps

    Compatibility has been verified with cert-manager v1.19.1. Follow these steps to deploy it using Helm:

    1. Add the Jetstack Helm repository:

      helm repo add jetstack https://charts.jetstack.io
helm repo update

    2. Install cert-manager: The following command creates the cert-manager namespace and installs the necessary Custom Resource Definitions (CRDs):

      helm install --debug cert-manager jetstack/cert-manager \
       --namespace cert-manager \
       --create-namespace \
       --version v1.19.1 \
       --set crds.enabled=true

    3. Verify the installation: Ensure the cert-manager pods are running before proceeding to the controller deployment:

      kubectl get pods -n cert-manager

    For more information, see the cert-manager documentation: https://cert-manager.io/docs/installation/.

    Previous
    Next