Native Ingress Annotations

Configuration parameters are required to be specified in the Ingress annotation to enable FortiADC Kubernetes Controller to determine how to deploy the Ingress resource.

Parameter	Description	Default
fortiadc-ip	The Ingress will be deployed on FortiADC with the given IP address or domain name. This parameter is required.
fortiadc-admin-port	FortiADC HTTPS service port.	443
fortiadc-login	The Kubernetes secret name preserves the FortiADC authentication information. This parameter is required.
fortiadc-vdom	Specify which VDOM to deploy the Ingress resource if VDOM is enabled on FortiADC.	root
fortiadc-ctrl-log	Enable/disable the FortiADC Kubernetes Controller log. Once enabled, FortiADC Kubernetes Controller will print the verbose log the next time the Ingress is updated.	enable
virtual-server-ip	The virtual server IP of the virtual server to be configured on FortiADC. This IP will be used as the address of the Ingress. This parameter is required.
virtual-server-interface	The FortiADC network interface for the client to access the virtual server. This parameter is required.
virtual-server-port	Default is 80. If TLS is specified in the Ingress, then the default is 443. Note: If the fortiadc-ip is the same as the virtual-server-ip, you should specify virtual-server-port to be other than 80/443 or change the system default reserved HTTP/HTTPS port on FortiADC. For more details, see the FortiADC Administration Guide on Management service ports.	80 for HTTP service. 443 for HTTPS service.
load-balance-method	Specify the predefined or user-defined method configuration name. For more details, see the FortiADC Administration Guide on load balancing methods.	LB_METHOD_ROUND_ROBIN
load-balance-profile	Default is LB_PROF_HTTP. If TLS is specified in the Ingress, then the default is LB_PROF_HTTPS.	LB_PROF_HTTP LB_PROF_HTTPS
virtual-server-addr-type	IPv4 or IPv6.	ipv4
virtual-server-traffic-group	Specify the traffic group for the virtual server. For more details, see the FortiADC Administration Guide on traffic groups.	default
virtual-server-nat-src-pool	Specify the NAT source pool. For more details, see the FortiADC Administration Guide on NAT source pools.
virtual-server-waf-profile	Specify the WAF profile name. For more details, see the FortiADC Administration Guide on WAF profiles.
virtual-server-av-profile	Specify the AV profile name. For more details, see the FortiADC Administration Guide on AV profiles.
virtual-server-dos-profile	Specify the DoS profile name. For more details, see the FortiADC Administration Guide on DoS profiles.
virtual-server-captcha-profile	Specify the Captcha profile name. For more details, see the FortiADC Administration Guide on Captcha profiles. Note: This field is available if WAF profile or DoS profile is specified.
virtual-server-fortiview	Enable/disable FortiView.	disable
virtual-server-traffic-log	Enable/disable the traffic log.	disable
virtual-server-wccp	Enable/disable WCCP. For more details, see the FortiADC Administration Guide on WCCP.	disable
virtual-server-persistence	Specify a predefined or user-defined persistence configuration name. For more details, see the FortiADC Administration Guide on persistence rules.
virtual-server-fortigslb-publicip-type	Specify the public IP type for the virtual server as either IPv4 or IPv6.	ipv4
virtual-server-fortigslb-publicip	Specify the virtual server public IP address.
virtual-server-fortigslb-1clickgslb	Enable/disable the FortiGSLB One-click GSLB server.	disable
virtual-server-fortigslb-hostname	The Host Name option is available if One-click GSLB Server is enabled. Enter the hostname part of the FQDN. For example: `www`. Note: You can use `@` to denote the zone root. The value substitute for `@` is the preceding `$ORIGIN` directive.
virtual-server-fortigslb-domainname	The Domain Name option is available if One-click GSLB Server is enabled. The domain name must end with a period. For example: `example.com`.

For more details on configuring parameters with virtual-server prefix and load-balance prefix, please reference FortiADC Administration Guide on Configuring virtual servers.

Native Ingress Annotations

Configuration parameters are required to be specified in the Ingress annotation to enable FortiADC Kubernetes Controller to determine how to deploy the Ingress resource.

Parameter	Description	Default
fortiadc-ip	The Ingress will be deployed on FortiADC with the given IP address or domain name. This parameter is required.
fortiadc-admin-port	FortiADC HTTPS service port.	443
fortiadc-login	The Kubernetes secret name preserves the FortiADC authentication information. This parameter is required.
fortiadc-vdom	Specify which VDOM to deploy the Ingress resource if VDOM is enabled on FortiADC.	root
fortiadc-ctrl-log	Enable/disable the FortiADC Kubernetes Controller log. Once enabled, FortiADC Kubernetes Controller will print the verbose log the next time the Ingress is updated.	enable
virtual-server-ip	The virtual server IP of the virtual server to be configured on FortiADC. This IP will be used as the address of the Ingress. This parameter is required.
virtual-server-interface	The FortiADC network interface for the client to access the virtual server. This parameter is required.
virtual-server-port	Default is 80. If TLS is specified in the Ingress, then the default is 443. Note: If the fortiadc-ip is the same as the virtual-server-ip, you should specify virtual-server-port to be other than 80/443 or change the system default reserved HTTP/HTTPS port on FortiADC. For more details, see the FortiADC Administration Guide on Management service ports.	80 for HTTP service. 443 for HTTPS service.
load-balance-method	Specify the predefined or user-defined method configuration name. For more details, see the FortiADC Administration Guide on load balancing methods.	LB_METHOD_ROUND_ROBIN
load-balance-profile	Default is LB_PROF_HTTP. If TLS is specified in the Ingress, then the default is LB_PROF_HTTPS.	LB_PROF_HTTP LB_PROF_HTTPS
virtual-server-addr-type	IPv4 or IPv6.	ipv4
virtual-server-traffic-group	Specify the traffic group for the virtual server. For more details, see the FortiADC Administration Guide on traffic groups.	default
virtual-server-nat-src-pool	Specify the NAT source pool. For more details, see the FortiADC Administration Guide on NAT source pools.
virtual-server-waf-profile	Specify the WAF profile name. For more details, see the FortiADC Administration Guide on WAF profiles.
virtual-server-av-profile	Specify the AV profile name. For more details, see the FortiADC Administration Guide on AV profiles.
virtual-server-dos-profile	Specify the DoS profile name. For more details, see the FortiADC Administration Guide on DoS profiles.
virtual-server-captcha-profile	Specify the Captcha profile name. For more details, see the FortiADC Administration Guide on Captcha profiles. Note: This field is available if WAF profile or DoS profile is specified.
virtual-server-fortiview	Enable/disable FortiView.	disable
virtual-server-traffic-log	Enable/disable the traffic log.	disable
virtual-server-wccp	Enable/disable WCCP. For more details, see the FortiADC Administration Guide on WCCP.	disable
virtual-server-persistence	Specify a predefined or user-defined persistence configuration name. For more details, see the FortiADC Administration Guide on persistence rules.
virtual-server-fortigslb-publicip-type	Specify the public IP type for the virtual server as either IPv4 or IPv6.	ipv4
virtual-server-fortigslb-publicip	Specify the virtual server public IP address.
virtual-server-fortigslb-1clickgslb	Enable/disable the FortiGSLB One-click GSLB server.	disable
virtual-server-fortigslb-hostname	The Host Name option is available if One-click GSLB Server is enabled. Enter the hostname part of the FQDN. For example: `www`. Note: You can use `@` to denote the zone root. The value substitute for `@` is the preceding `$ORIGIN` directive.
virtual-server-fortigslb-domainname	The Domain Name option is available if One-click GSLB Server is enabled. The domain name must end with a period. For example: `example.com`.

For more details on configuring parameters with virtual-server prefix and load-balance prefix, please reference FortiADC Administration Guide on Configuring virtual servers.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

FortiADC Kubernetes Controller Deployment Guide

Native Ingress Annotations

Native Ingress Annotations

Native Ingress Annotations

Native Ingress Annotations