Configuration parameters
Annotation in Routes
Configuration parameters are required to be specified in the Routes annotation to enable FortiADC Kubernetes Controller to determine how to deploy the Routes resource.
|
Parameter |
Description |
Default |
|---|---|---|
|
ingress-controller |
Set the value to fadc-ingress-controller. FortiADC Kubernetes Controller will use this to identify the OpenShift Route. Note: This parameter is required. |
|
| fortiadc-ip |
The Routes will be deployed on FortiADC with the given IP address or domain name. Note: This parameter is required. |
|
|
fortiadc-admin-port |
FortiADC HTTPS service port. |
443 |
|
fortiadc-login |
The OpenShift secret name preserves the FortiADC authentication information. Note: This parameter is required. |
|
| fortiadc-vdom |
Specify which VDOM to deploy the Routes resource if VDOM is enabled on FortiADC. |
root |
| fortiadc-ctrl-log |
Enable/disable the FortiADC Kubernetes Controller log. Once enabled, FortiADC Kubernetes Controller will print the verbose log the next time the Routes is updated. |
enable |
| virtual-server-ip |
The virtual server IP of the virtual server to be configured on FortiADC. This IP will be used as the address of the Routes. Note: This parameter is required. |
|
|
virtual-server-interface |
The FortiADC network interface for the client to access the virtual server. Note: This parameter is required. |
|
|
virtual-server-port |
Default is 80. If TLS is specified in the Routes, then the default is 443. Note: If the fortiadc-ip is the same as the virtual-server-ip, you should specify virtual-server-port to be other than 80/443 or change the system default reserved HTTP/HTTPS port on FortiADC. For more details, see the FortiADC Administration Guide on Management service ports. |
80 for HTTP service. 443 for HTTPS service. |
|
load-balance-method |
Specify the predefined or user-defined method configuration name. For more details, see the FortiADC Administration Guide on load balancing methods. |
LB_METHOD_ROUND_ROBIN |
|
load-balance-profile |
Default is LB_PROF_HTTP. If TLS is specified in the Routes, then the default is LB_PROF_HTTPS. |
LB_PROF_HTTP LB_PROF_HTTPS |
|
virtual-server-addr-type |
IPv4 or IPv6. |
ipv4 |
|
virtual-server-traffic-group |
Specify the traffic group for the virtual server. For more details, see the FortiADC Administration Guide on traffic groups. |
default |
|
virtual-server-nat-src-pool |
Specify the NAT source pool. For more details, see the FortiADC Administration Guide on NAT source pools. |
|
|
virtual-server-waf-profile |
Specify the WAF profile name. For more details, see the FortiADC Administration Guide on WAF profiles. |
|
|
virtual-server-av-profile |
Specify the AV profile name. For more details, see the FortiADC Administration Guide on AV profiles. |
|
|
virtual-server-dos-profile |
Specify the DoS profile name. For more details, see the FortiADC Administration Guide on DoS profiles. |
|
|
virtual-server-captcha-profile |
Specify the Captcha profile name. For more details, see the FortiADC Administration Guide on Captcha profiles. Note: This field is available if WAF profile or DoS profile is specified. |
|
|
virtual-server-fortiview |
Enable/disable FortiView. |
disable |
|
virtual-server-traffic-log |
Enable/disable the traffic log. |
disable |
|
virtual-server-wccp |
Enable/disable WCCP. For more details, see the FortiADC Administration Guide on WCCP. |
disable |
|
virtual-server-persistence |
Specify a predefined or user-defined persistence configuration name. For more details, see the FortiADC Administration Guide on persistence rules. |
|
|
virtual-server-fortigslb-publicip-type |
Specify the public IP type for the virtual server as either IPv4 or IPv6. |
ipv4 |
|
virtual-server-fortigslb-publicip |
Specify the virtual server public IP address. |
|
|
virtual-server-fortigslb-1clickgslb |
Enable/disable the FortiGSLB One-click GSLB server. |
disable |
|
virtual-server-fortigslb-hostname |
The Host Name option is available if One-click GSLB Server is enabled. Enter the hostname part of the FQDN. For example: Note: You can use |
|
|
virtual-server-fortigslb-domainname |
The Domain Name option is available if One-click GSLB Server is enabled. The domain name must end with a period. For example: |
|
For more details on configuring parameters with virtual-server prefix and load-balance prefix, please reference FortiADC Administration Guide on Configuring virtual servers.
Annotation in Service
You can define the health check profile and SSL profile in the OpenShift service annotation.
The health check profile and SSL profile will be automatically configured in the corresponding real server pool on FortiADC.
|
Parameter |
Description |
Default |
|---|---|---|
| health-check-ctrl | Enable/disable the health checking for the real server pool. | disable |
| health-check-relation |
|
|
| health-check-list |
One or more health check configuration names. Concatenate the health check names with a space between each name. For example: "LB_HLTHCK_ICMP LB_HLTHCK_HTTP". For more details, see the FortiADC Administration Guide on health checks. |
|
| real-server-ssl-profile |
Specify the real server SSL profile name. Real server profiles determine settings for communication between FortiADC and the backend real servers. The default is NONE, which is applicable for non-SSL traffic. For more details, see the FortiADC Administration Guide on SSL profiles. |
NONE |
Here is an example service.yaml with health check parameters:
kind: Service
apiVersion: v1
metadata:
labels:
name: default-http-backend
namespace: default
annotations: {
"health-check-ctrl" : "enable",
"health-check-relation" : "OR",
"health-check-list" : "LB_HLTHCK_ICMP",
"real-server-ssl-profile" : "NONE"
}
spec:
type: NodePort
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
sessionAffinity: None