Fortinet black logo

Online Help

Home FortiCWP 21.3.0 Online Help

Deploy Kubernetes Agent Controller

21.3.0
22.2.a
22.1.0
21.3.0
21.2.1
21.2.0
21.1.0
20.3.0
20.2.0
20.1.0
4.4.0
4.2.0
Copy Link
Copy Doc ID e0288d11-27c1-11ec-8c53-00505692583a:926783

Deploy Kubernetes Agent Controller

After you pressed Add Kubernetes Cluster, follow the steps below to deploy the Kubernetes Agent controller to the Kubernetes Cluster.

  1. Click download fcli to download the fcli command line tool for deploying Container Protection on the Kubernetes Cluster.

    2. If the fcli download link does not work, use the following download links:

    Operating System

    FCLI Command Line Tool Download Link
    Mac OS https://forticwp-kubernetes-agent.s3.amazonaws.com/mac/fcli
    Linux https://forticwp-kubernetes-agent.s3.amazonaws.com/linux/fcli
  2. Transfer the file to a location where there is access to the Kubernetes cluster using kubectl. On the command line, change the permission of the fcli command line tool:

    3. chmod +x fcli

  3. Kubectl is used to access the Kubernetes cluster. Make sure the Kubectl user that is configured to access the Kubernetes cluster has cluster-admin access.

    4. For Example, use the following command to display the Kubectl config file which provides the current context and user information:

    Kubectl config view

    For setting up the cluster-admin access, the user needs to have the following rules setup:

    - apiGroups - *

    - resources - *

    - verbs - *

    This is how the rules in the cluster admin file should be configured:

  4. There are two methods to deploy the Kubernetes agent controller. The first method of deployment is executed in one command while the second method splits the command into multiple consecutive commands.
    1. Execute the deploy command shown as is from Add Kubernetes Cluster page on kubectl:

      2. ./fcli deploy kubernetes --token <AccessToken> --region <Region>

    2. Execute the deploy command separately:
      1. fcli config <Token> Note: The token provided from Add Kubernetes Cluster page.
      2. When prompt for region, enter "global" for non-European region, and "eu" for European region.
      3. fcli deploy kubernetes

  5. If the fcli command was executed successfully, run the command below to verify it:

    6. kubectl get pods -n fortinet

  6. A successful deployment should look like below with the command:

Note: Make sure the scanner node has enough space to pull and scan images before deploying the Kubernetes Agent pods. To prevent the Kubernetes Agent pods from being deployed on nodes that are not ready, use the following command:

kubectl taint nodes <node name> node.kubernetes.io/not-ready:NoSchedule

Example: kubectl taint nodes ip-192-168-51-200.eu-central-1.compute.internal node.kubernetes.io/not-ready:NoSchedule

Previous
Next

Deploy Kubernetes Agent Controller

After you pressed Add Kubernetes Cluster, follow the steps below to deploy the Kubernetes Agent controller to the Kubernetes Cluster.

  1. Click download fcli to download the fcli command line tool for deploying Container Protection on the Kubernetes Cluster.

    2. If the fcli download link does not work, use the following download links:

    Operating System

    FCLI Command Line Tool Download Link
    Mac OS https://forticwp-kubernetes-agent.s3.amazonaws.com/mac/fcli
    Linux https://forticwp-kubernetes-agent.s3.amazonaws.com/linux/fcli
  2. Transfer the file to a location where there is access to the Kubernetes cluster using kubectl. On the command line, change the permission of the fcli command line tool:

    3. chmod +x fcli

  3. Kubectl is used to access the Kubernetes cluster. Make sure the Kubectl user that is configured to access the Kubernetes cluster has cluster-admin access.

    4. For Example, use the following command to display the Kubectl config file which provides the current context and user information:

    Kubectl config view

    For setting up the cluster-admin access, the user needs to have the following rules setup:

    - apiGroups - *

    - resources - *

    - verbs - *

    This is how the rules in the cluster admin file should be configured:

  4. There are two methods to deploy the Kubernetes agent controller. The first method of deployment is executed in one command while the second method splits the command into multiple consecutive commands.
    1. Execute the deploy command shown as is from Add Kubernetes Cluster page on kubectl:

      2. ./fcli deploy kubernetes --token <AccessToken> --region <Region>

    2. Execute the deploy command separately:
      1. fcli config <Token> Note: The token provided from Add Kubernetes Cluster page.
      2. When prompt for region, enter "global" for non-European region, and "eu" for European region.
      3. fcli deploy kubernetes

  5. If the fcli command was executed successfully, run the command below to verify it:

    6. kubectl get pods -n fortinet

  6. A successful deployment should look like below with the command:

Note: Make sure the scanner node has enough space to pull and scan images before deploying the Kubernetes Agent pods. To prevent the Kubernetes Agent pods from being deployed on nodes that are not ready, use the following command:

kubectl taint nodes <node name> node.kubernetes.io/not-ready:NoSchedule

Example: kubectl taint nodes ip-192-168-51-200.eu-central-1.compute.internal node.kubernetes.io/not-ready:NoSchedule

Previous
Next