Fortinet black logo

FortiADC Ingress Controller

Home FortiADC 7.0.0 FortiADC Ingress Controller
7.0.0
7.2.0
7.0.0

Installation

Installation

Install FortiADC Ingress Controller using Helm Charts.

Currently, only Helm 3 (version 3.6.3 or later) is supported.

Helm Charts ease the installation of FortiADC Ingress Controller in the Kubernetes cluster. By using the Helm 3 installation tool, most of the Kubernetes objects required for FortiADC Ingress Controller can be deployed in one simple command.

The Kubernetes objects required for FortiADC Ingress Controller are listed below:

Kubernetes object

Description
Deployment By configuring the replica and pod template in the Kubernetes deployment, the deployment ensures FortiADC Ingress Controller provides a non-terminated service.
Service Account The service account is used in FortiADC Ingress Controller.
Cluster Role A cluster role defines the permission on the Kubernetes cluster-scoped Ingress-related objects.
Cluster Role Binding The cluster role is bound to the service account used for FortiADC Ingress Controller, allowing FortiADC Ingress Controller to access and operate the Kubernetes cluster-scoped Ingress-related objects.
Ingress Class The IngressClass "fadc-ingress-controller" is created for FortiADC Ingress Controller to identify the Ingress resource. If the Ingress is defined with the IngressClass "fadc-ingress-controller", FortiADC Ingress Controller will manage this Ingress resource.

The Helm Chart is composed of a collection of files that describe the related set of Kubernetes required by FortiADC Ingress Controller; one of which is the values.yaml file that provides the default configuration for deploying the Kubernetes objects listed above.

Below lists parts of the value in the values.yaml file.

# Default values for fadc-k8s-ctrl.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# FortiADC Ingress Controller image from Dockerhub.com
image:
  repository: fortinet/fortiadc-ingress
  pullPolicy: IfNotPresent
  tag: "1.0.0"

serviceAccount:
  create: true
  annotations: {}
  name: "fortiadc-ingress

# Define Ingress Class for FortiADC Ingress Controller
controller:
  ingressClassResource:
    name: "fadc-ingress-controller"
    enabled: true
    default: true
    controllerValue: "fortinet.com/fadc-ingress-controller"
# You can decide parameters defined in annotation of Ingress to 
# be optional or mandatory.
# FortiADC Ingress Controller will check the parameter if it is
# marked as mandatory.
parameters:
  virtualServerNatSrcPool : "optional"
  virtualServerWafProfile : "optional"
  virtualServerAvProfile : "optional"
  virtualServerDosProfile : "optional"
  virtualServerCaptchaProfile : "optional"
  virtualServerPersistence : "optional"

In some scenarios, you may want to override some of the values included in the values.yaml, such as for an image tag or parameter properties. As the values.yaml file is packed in the Helm Chart package, you can override the values when installing or upgrading the Helm Chart (see Install the Helm Chart and Upgrade the Helm Chart). For more details on the parameters, see Configuration parameters.

To get the verbose output, add --debug option for all the Helm commands.

Get Repo Information

To get the repository information:

helm repo add fortiadc-ingress-controller https://fortinet.github.io/fortiadc-ingress/ 
helm repo update

Install the Helm Chart

You can specify a particular Kubernetes namespace in which FortiADC Ingress Controller will be deployed.

By default, if no Kubernetes namespace is specified, the default namespace would be "default". The RELEASE_NAME is the name you give to this chart installation:

helm install  [RELEASE_NAME] --namespace [Kubernetes NameSpace] \
fortiadc-ingress-controller/fadc-k8s-ctrl

In the example below, the Helm chart is installed with the release name "first-release" in the Kubernetes namespace "fortiadc-ingress": 

user@master-node ~> helm install first-release --namespace fortiadc-ingress \
fortiadc-ingress-controller/fadc-k8s-ctrl

If you want to override values in the Helm Chart, you can use --set flags in the command. In the example below, you can set the virtualServerWafProfile parameter as mandatory:

user@master-node ~> helm install --debug first-release \
--set parameters.virtualServerWafProfile="mandatory" \
--namespace fortiadc-ingress fortiadc-ingress-controller/fadc-k8s-ctrl

Moreover, you can create a new namespace and deploy FortiADC Ingress Controller within the namespace at the same time:

helm install first-release --namespace fortiadc-ingress \
--create-namespace --wait fortiadc-ingress-controller/fadc-k8s-ctrl

Upgrade the Helm Chart

You can specify the namespace with the --namespace option. Use --install option to install the release with RELEASE_NAME if it does not exist.

Note: The --reset-values option will remove all the user-supplied values. For example, if you had specified the virtualServerWafProfile parameter to be mandatory in a previous upgrade or install, the value will be reset to optional. The --reset-values option ensures all the values are directly from the updated repository.

helm repo update
helm upgrade --reset-values --debug -n [Kubernetes NameSpace] [RELEASE_NAME] \
fortiadc-ingress-controller/fadc-k8s-ctrl --install

You can also change the field of values.yaml with the --set command.

To see which values you can change, please refer to https://github.com/fortinet/fortiadc-ingress/blob/main/charts/fadc-k8s-ctrl-1.0.0/values.yaml.

In the example below, you can override the value for the virtualServerWafProfile parameter to make it mandatory:

helm upgrade --debug -n [Kubernetes NameSpace] \
--set parameters.virtualServerWafProfile="mandatory" \
[RELEASE_NAME] fortiadc-ingress-controller/fadc-k8s-ctrl

Using the --debug option, you can check the Helm debug information “USER-SUPPLIED VALUES” to check if you have all the value set as you need.

Release "first-release" has been upgraded. Happy Helming!
NAME: first-release
LAST DEPLOYED: Mon Apr 18 09:07:46 2022
NAMESPACE: fortiadc-ingress
STATUS: deployed
REVISION: 2
TEST SUITE: None
USER-SUPPLIED VALUES:
parameters:
  virtualServerWafProfile: mandatory

Check the Installation

Check to see if the FortiADC Ingress Controller is installed correctly:

helm history -n [Kubernetes NameSpace] [RELEASE_NAME]

The helm history command shows the installation information:

user@master-node ~> helm history -n fortiadc-ingress first-release
REVISION        UPDATED                         STATUS          CHART                    APP VERSION     DESCRIPTION
1               Tue Feb  8 05:37:33 2022        superseded      fadc-k8s-ctrl-0.1.0      1.0.0           Install complete

You can also use the kubectl command to check the installation:

kubectl get -n [namespace] deployments
kubectl get -n [namespace] pods

You will get the FortiADC Ingress Controller deployment and pod status like the following:

user@master-node ~> kubectl get -n fortiadc-ingress deployments
NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
first-release-fadc-k8s-ctrl   1/1     1            1           8s

user@master-node ~> kubectl get -n fortiadc-ingress pods
NAME                                           READY   STATUS    RESTARTS   AGE
first-release-fadc-k8s-ctrl-6447856856-h5skx   1/1     Running   0          8s

Check the log of the FortiADC Ingress Controller:

kubectl logs -n [namespace] -f [pod name]

You can get the FortiADC Ingress Controller logs like the following:

user@master-node ~> kubectl logs -n fortiadc-ingress -f \
first-release-fadc-k8s-ctrl-6447856856-h5skx 

Starting fortiadc ingress controller
time=="2021-10-13T06:27:56Z"level=info msg="Starting FortiADC Ingress controller"

Uninstall the Helm Chart

To uninstall the Helm Chart:

helm uninstall [RELEASE_NAME]

To uninstall the FortiADC Ingress Controller in the specified Kubernetes namespace:

helm uninstall [RELEASE_NAME] --namespace [Kubernetes NameSpace]

Previous
Next

Installation

Install FortiADC Ingress Controller using Helm Charts.

Currently, only Helm 3 (version 3.6.3 or later) is supported.

Helm Charts ease the installation of FortiADC Ingress Controller in the Kubernetes cluster. By using the Helm 3 installation tool, most of the Kubernetes objects required for FortiADC Ingress Controller can be deployed in one simple command.

The Kubernetes objects required for FortiADC Ingress Controller are listed below:

Kubernetes object

Description
Deployment By configuring the replica and pod template in the Kubernetes deployment, the deployment ensures FortiADC Ingress Controller provides a non-terminated service.
Service Account The service account is used in FortiADC Ingress Controller.
Cluster Role A cluster role defines the permission on the Kubernetes cluster-scoped Ingress-related objects.
Cluster Role Binding The cluster role is bound to the service account used for FortiADC Ingress Controller, allowing FortiADC Ingress Controller to access and operate the Kubernetes cluster-scoped Ingress-related objects.
Ingress Class The IngressClass "fadc-ingress-controller" is created for FortiADC Ingress Controller to identify the Ingress resource. If the Ingress is defined with the IngressClass "fadc-ingress-controller", FortiADC Ingress Controller will manage this Ingress resource.

The Helm Chart is composed of a collection of files that describe the related set of Kubernetes required by FortiADC Ingress Controller; one of which is the values.yaml file that provides the default configuration for deploying the Kubernetes objects listed above.

Below lists parts of the value in the values.yaml file.

# Default values for fadc-k8s-ctrl.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# FortiADC Ingress Controller image from Dockerhub.com
image:
  repository: fortinet/fortiadc-ingress
  pullPolicy: IfNotPresent
  tag: "1.0.0"

serviceAccount:
  create: true
  annotations: {}
  name: "fortiadc-ingress

# Define Ingress Class for FortiADC Ingress Controller
controller:
  ingressClassResource:
    name: "fadc-ingress-controller"
    enabled: true
    default: true
    controllerValue: "fortinet.com/fadc-ingress-controller"
# You can decide parameters defined in annotation of Ingress to 
# be optional or mandatory.
# FortiADC Ingress Controller will check the parameter if it is
# marked as mandatory.
parameters:
  virtualServerNatSrcPool : "optional"
  virtualServerWafProfile : "optional"
  virtualServerAvProfile : "optional"
  virtualServerDosProfile : "optional"
  virtualServerCaptchaProfile : "optional"
  virtualServerPersistence : "optional"

In some scenarios, you may want to override some of the values included in the values.yaml, such as for an image tag or parameter properties. As the values.yaml file is packed in the Helm Chart package, you can override the values when installing or upgrading the Helm Chart (see Install the Helm Chart and Upgrade the Helm Chart). For more details on the parameters, see Configuration parameters.

To get the verbose output, add --debug option for all the Helm commands.

Get Repo Information

To get the repository information:

helm repo add fortiadc-ingress-controller https://fortinet.github.io/fortiadc-ingress/ 
helm repo update

Install the Helm Chart

You can specify a particular Kubernetes namespace in which FortiADC Ingress Controller will be deployed.

By default, if no Kubernetes namespace is specified, the default namespace would be "default". The RELEASE_NAME is the name you give to this chart installation:

helm install  [RELEASE_NAME] --namespace [Kubernetes NameSpace] \
fortiadc-ingress-controller/fadc-k8s-ctrl

In the example below, the Helm chart is installed with the release name "first-release" in the Kubernetes namespace "fortiadc-ingress": 

user@master-node ~> helm install first-release --namespace fortiadc-ingress \
fortiadc-ingress-controller/fadc-k8s-ctrl

If you want to override values in the Helm Chart, you can use --set flags in the command. In the example below, you can set the virtualServerWafProfile parameter as mandatory:

user@master-node ~> helm install --debug first-release \
--set parameters.virtualServerWafProfile="mandatory" \
--namespace fortiadc-ingress fortiadc-ingress-controller/fadc-k8s-ctrl

Moreover, you can create a new namespace and deploy FortiADC Ingress Controller within the namespace at the same time:

helm install first-release --namespace fortiadc-ingress \
--create-namespace --wait fortiadc-ingress-controller/fadc-k8s-ctrl

Upgrade the Helm Chart

You can specify the namespace with the --namespace option. Use --install option to install the release with RELEASE_NAME if it does not exist.

Note: The --reset-values option will remove all the user-supplied values. For example, if you had specified the virtualServerWafProfile parameter to be mandatory in a previous upgrade or install, the value will be reset to optional. The --reset-values option ensures all the values are directly from the updated repository.

helm repo update
helm upgrade --reset-values --debug -n [Kubernetes NameSpace] [RELEASE_NAME] \
fortiadc-ingress-controller/fadc-k8s-ctrl --install

You can also change the field of values.yaml with the --set command.

To see which values you can change, please refer to https://github.com/fortinet/fortiadc-ingress/blob/main/charts/fadc-k8s-ctrl-1.0.0/values.yaml.

In the example below, you can override the value for the virtualServerWafProfile parameter to make it mandatory:

helm upgrade --debug -n [Kubernetes NameSpace] \
--set parameters.virtualServerWafProfile="mandatory" \
[RELEASE_NAME] fortiadc-ingress-controller/fadc-k8s-ctrl

Using the --debug option, you can check the Helm debug information “USER-SUPPLIED VALUES” to check if you have all the value set as you need.

Release "first-release" has been upgraded. Happy Helming!
NAME: first-release
LAST DEPLOYED: Mon Apr 18 09:07:46 2022
NAMESPACE: fortiadc-ingress
STATUS: deployed
REVISION: 2
TEST SUITE: None
USER-SUPPLIED VALUES:
parameters:
  virtualServerWafProfile: mandatory

Check the Installation

Check to see if the FortiADC Ingress Controller is installed correctly:

helm history -n [Kubernetes NameSpace] [RELEASE_NAME]

The helm history command shows the installation information:

user@master-node ~> helm history -n fortiadc-ingress first-release
REVISION        UPDATED                         STATUS          CHART                    APP VERSION     DESCRIPTION
1               Tue Feb  8 05:37:33 2022        superseded      fadc-k8s-ctrl-0.1.0      1.0.0           Install complete

You can also use the kubectl command to check the installation:

kubectl get -n [namespace] deployments
kubectl get -n [namespace] pods

You will get the FortiADC Ingress Controller deployment and pod status like the following:

user@master-node ~> kubectl get -n fortiadc-ingress deployments
NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
first-release-fadc-k8s-ctrl   1/1     1            1           8s

user@master-node ~> kubectl get -n fortiadc-ingress pods
NAME                                           READY   STATUS    RESTARTS   AGE
first-release-fadc-k8s-ctrl-6447856856-h5skx   1/1     Running   0          8s

Check the log of the FortiADC Ingress Controller:

kubectl logs -n [namespace] -f [pod name]

You can get the FortiADC Ingress Controller logs like the following:

user@master-node ~> kubectl logs -n fortiadc-ingress -f \
first-release-fadc-k8s-ctrl-6447856856-h5skx 

Starting fortiadc ingress controller
time=="2021-10-13T06:27:56Z"level=info msg="Starting FortiADC Ingress controller"

Uninstall the Helm Chart

To uninstall the Helm Chart:

helm uninstall [RELEASE_NAME]

To uninstall the FortiADC Ingress Controller in the specified Kubernetes namespace:

helm uninstall [RELEASE_NAME] --namespace [Kubernetes NameSpace]

Previous
Next