Installation
Install FortiADC Ingress Controller using Helm Charts.
Currently, only Helm 3 (version 3.6.3 or later) is supported. |
Helm Charts ease the installation of FortiADC Ingress Controller in the Kubernetes cluster. By using the Helm 3 installation tool, most of the Kubernetes objects required for FortiADC Ingress Controller can be deployed in one simple command.
The Kubernetes objects required for FortiADC Ingress Controller are listed below:
Kubernetes object |
Description |
---|---|
Deployment | By configuring the replica and pod template in the Kubernetes deployment, the deployment ensures FortiADC Ingress Controller provides a non-terminated service. |
Service Account | The service account is used in FortiADC Ingress Controller. |
Cluster Role | A cluster role defines the permission on the Kubernetes cluster-scoped Ingress-related objects. |
Cluster Role Binding | The cluster role is bound to the service account used for FortiADC Ingress Controller, allowing FortiADC Ingress Controller to access and operate the Kubernetes cluster-scoped Ingress-related objects. |
Ingress Class | The IngressClass "fadc-ingress-controller" is created for FortiADC Ingress Controller to identify the Ingress resource. If the Ingress is defined with the IngressClass "fadc-ingress-controller", FortiADC Ingress Controller will manage this Ingress resource. |
The Helm Chart is composed of a collection of files that describe the related set of Kubernetes required by FortiADC Ingress Controller; one of which is the values.yaml
file that provides the default configuration for deploying the Kubernetes objects listed above.
Below lists parts of the value in the values.yaml
file.
# Default values for fadc-k8s-ctrl. # This is a YAML-formatted file. # Declare variables to be passed into your templates. # FortiADC Ingress Controller image from Dockerhub.com image: repository: fortinet/fortiadc-ingress pullPolicy: IfNotPresent tag: "1.0.0" serviceAccount: create: true annotations: {} name: "fortiadc-ingress # Define Ingress Class for FortiADC Ingress Controller controller: ingressClassResource: name: "fadc-ingress-controller" enabled: true default: true controllerValue: "fortinet.com/fadc-ingress-controller" # You can decide parameters defined in annotation of Ingress to # be optional or mandatory. # FortiADC Ingress Controller will check the parameter if it is # marked as mandatory. parameters: virtualServerNatSrcPool : "optional" virtualServerWafProfile : "optional" virtualServerAvProfile : "optional" virtualServerDosProfile : "optional" virtualServerCaptchaProfile : "optional" virtualServerPersistence : "optional"
In some scenarios, you may want to override some of the values included in the |
To get the verbose output, add |
Get Repo Information
To get the repository information:
helm repo add fortiadc-ingress-controller https://fortinet.github.io/fortiadc-ingress/ helm repo update
Install the Helm Chart
You can specify a particular Kubernetes namespace in which FortiADC Ingress Controller will be deployed.
By default, if no Kubernetes namespace is specified, the default namespace would be "default". The RELEASE_NAME
is the name you give to this chart installation:
helm install [RELEASE_NAME] --namespace [Kubernetes NameSpace] \ fortiadc-ingress-controller/fadc-k8s-ctrl
In the example below, the Helm chart is installed with the release name "first-release" in the Kubernetes namespace "fortiadc-ingress":
user@master-node ~> helm install first-release --namespace fortiadc-ingress \ fortiadc-ingress-controller/fadc-k8s-ctrl
If you want to override values in the Helm Chart, you can use --set
flags in the command. In the example below, you can set the virtualServerWafProfile parameter as mandatory:
user@master-node ~> helm install --debug first-release \ --set parameters.virtualServerWafProfile="mandatory" \ --namespace fortiadc-ingress fortiadc-ingress-controller/fadc-k8s-ctrl
Moreover, you can create a new namespace and deploy FortiADC Ingress Controller within the namespace at the same time:
helm install first-release --namespace fortiadc-ingress \ --create-namespace --wait fortiadc-ingress-controller/fadc-k8s-ctrl
Upgrade the Helm Chart
You can specify the namespace with the --namespace
option. Use --install
option to install the release with RELEASE_NAME if it does not exist.
Note: The --reset-values
option will remove all the user-supplied values. For example, if you had specified the virtualServerWafProfile parameter to be mandatory in a previous upgrade or install, the value will be reset to optional. The --reset-values
option ensures all the values are directly from the updated repository.
helm repo update helm upgrade --reset-values --debug -n [Kubernetes NameSpace] [RELEASE_NAME] \ fortiadc-ingress-controller/fadc-k8s-ctrl --install
You can also change the field of values.yaml
with the --set
command.
To see which values you can change, please refer to https://github.com/fortinet/fortiadc-ingress/blob/main/charts/fadc-k8s-ctrl-1.0.0/values.yaml.
In the example below, you can override the value for the virtualServerWafProfile parameter to make it mandatory:
helm upgrade --debug -n [Kubernetes NameSpace] \ --set parameters.virtualServerWafProfile="mandatory" \ [RELEASE_NAME] fortiadc-ingress-controller/fadc-k8s-ctrl
Using the --debug
option, you can check the Helm debug information “USER-SUPPLIED VALUES” to check if you have all the value set as you need.
Release "first-release" has been upgraded. Happy Helming! NAME: first-release LAST DEPLOYED: Mon Apr 18 09:07:46 2022 NAMESPACE: fortiadc-ingress STATUS: deployed REVISION: 2 TEST SUITE: None USER-SUPPLIED VALUES: parameters: virtualServerWafProfile: mandatory
Check the Installation
Check to see if the FortiADC Ingress Controller is installed correctly:
helm history -n [Kubernetes NameSpace] [RELEASE_NAME]
The helm history command shows the installation information:
user@master-node ~> helm history -n fortiadc-ingress first-release REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION 1 Tue Feb 8 05:37:33 2022 superseded fadc-k8s-ctrl-0.1.0 1.0.0 Install complete
You can also use the kubectl command to check the installation:
kubectl get -n [namespace] deployments
kubectl get -n [namespace] pods
You will get the FortiADC Ingress Controller deployment and pod status like the following:
user@master-node ~> kubectl get -n fortiadc-ingress deployments NAME READY UP-TO-DATE AVAILABLE AGE first-release-fadc-k8s-ctrl 1/1 1 1 8s
user@master-node ~> kubectl get -n fortiadc-ingress pods NAME READY STATUS RESTARTS AGE first-release-fadc-k8s-ctrl-6447856856-h5skx 1/1 Running 0 8s
Check the log of the FortiADC Ingress Controller:
kubectl logs -n [namespace] -f [pod name]
You can get the FortiADC Ingress Controller logs like the following:
user@master-node ~> kubectl logs -n fortiadc-ingress -f \ first-release-fadc-k8s-ctrl-6447856856-h5skx Starting fortiadc ingress controller time=="2021-10-13T06:27:56Z"level=info msg="Starting FortiADC Ingress controller"
Uninstall the Helm Chart
To uninstall the Helm Chart:
helm uninstall [RELEASE_NAME]
To uninstall the FortiADC Ingress Controller in the specified Kubernetes namespace:
helm uninstall [RELEASE_NAME] --namespace [Kubernetes NameSpace]