Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Online Help

    Home FortiCWP 21.3.0 Online Help
    21.3.0
    22.2.a
    22.1.0
    21.3.0
    21.2.1
    21.2.0
    21.1.0
    20.3.0
    20.2.0
    20.1.0
    4.4.0
    4.2.0

    Deploy Kubernetes Agent Controller

    Deploy Kubernetes Agent Controller

    After you pressed Add Kubernetes Cluster, follow the steps below to deploy the Kubernetes Agent controller to the Kubernetes Cluster.

    1. Click download fcli to download the fcli command line tool for deploying Container Protection on the Kubernetes Cluster.

      2. If the fcli download link does not work, use the following download links:

      Operating System

      FCLI Command Line Tool Download Link
      Mac OS https://forticwp-kubernetes-agent.s3.amazonaws.com/mac/fcli
      Linux https://forticwp-kubernetes-agent.s3.amazonaws.com/linux/fcli
    2. Transfer the file to a location where there is access to the Kubernetes cluster using kubectl. On the command line, change the permission of the fcli command line tool:

      3. chmod +x fcli

    3. Kubectl is used to access the Kubernetes cluster. Make sure the Kubectl user that is configured to access the Kubernetes cluster has cluster-admin access.

      4. For Example, use the following command to display the Kubectl config file which provides the current context and user information:

      Kubectl config view

      For setting up the cluster-admin access, the user needs to have the following rules setup:

      - apiGroups - *

      - resources - *

      - verbs - *

      This is how the rules in the cluster admin file should be configured:

    4. There are two methods to deploy the Kubernetes agent controller. The first method of deployment is executed in one command while the second method splits the command into multiple consecutive commands.
      1. Execute the deploy command shown as is from Add Kubernetes Cluster page on kubectl:

        2. ./fcli deploy kubernetes --token <AccessToken> --region <Region>

      2. Execute the deploy command separately:
        1. fcli config <Token> Note: The token provided from Add Kubernetes Cluster page.
        2. When prompt for region, enter "global" for non-European region, and "eu" for European region.
        3. fcli deploy kubernetes

    5. If the fcli command was executed successfully, run the command below to verify it:

      6. kubectl get pods -n fortinet

    6. A successful deployment should look like below with the command:

    Note: Make sure the scanner node has enough space to pull and scan images before deploying the Kubernetes Agent pods. To prevent the Kubernetes Agent pods from being deployed on nodes that are not ready, use the following command:

    kubectl taint nodes <node name> node.kubernetes.io/not-ready:NoSchedule

    Example: kubectl taint nodes ip-192-168-51-200.eu-central-1.compute.internal node.kubernetes.io/not-ready:NoSchedule

    Previous
    Next

    Deploy Kubernetes Agent Controller

    Deploy Kubernetes Agent Controller

    After you pressed Add Kubernetes Cluster, follow the steps below to deploy the Kubernetes Agent controller to the Kubernetes Cluster.

    1. Click download fcli to download the fcli command line tool for deploying Container Protection on the Kubernetes Cluster.

      2. If the fcli download link does not work, use the following download links:

      Operating System

      FCLI Command Line Tool Download Link
      Mac OS https://forticwp-kubernetes-agent.s3.amazonaws.com/mac/fcli
      Linux https://forticwp-kubernetes-agent.s3.amazonaws.com/linux/fcli
    2. Transfer the file to a location where there is access to the Kubernetes cluster using kubectl. On the command line, change the permission of the fcli command line tool:

      3. chmod +x fcli

    3. Kubectl is used to access the Kubernetes cluster. Make sure the Kubectl user that is configured to access the Kubernetes cluster has cluster-admin access.

      4. For Example, use the following command to display the Kubectl config file which provides the current context and user information:

      Kubectl config view

      For setting up the cluster-admin access, the user needs to have the following rules setup:

      - apiGroups - *

      - resources - *

      - verbs - *

      This is how the rules in the cluster admin file should be configured:

    4. There are two methods to deploy the Kubernetes agent controller. The first method of deployment is executed in one command while the second method splits the command into multiple consecutive commands.
      1. Execute the deploy command shown as is from Add Kubernetes Cluster page on kubectl:

        2. ./fcli deploy kubernetes --token <AccessToken> --region <Region>

      2. Execute the deploy command separately:
        1. fcli config <Token> Note: The token provided from Add Kubernetes Cluster page.
        2. When prompt for region, enter "global" for non-European region, and "eu" for European region.
        3. fcli deploy kubernetes

    5. If the fcli command was executed successfully, run the command below to verify it:

      6. kubectl get pods -n fortinet

    6. A successful deployment should look like below with the command:

    Note: Make sure the scanner node has enough space to pull and scan images before deploying the Kubernetes Agent pods. To prevent the Kubernetes Agent pods from being deployed on nodes that are not ready, use the following command:

    kubectl taint nodes <node name> node.kubernetes.io/not-ready:NoSchedule

    Example: kubectl taint nodes ip-192-168-51-200.eu-central-1.compute.internal node.kubernetes.io/not-ready:NoSchedule

    Previous
    Next