Version:

Version:

Version:

Version:


Table of Contents

Online Help

Deploy Kubernetes Agent on AWS EKS

In this tutorial, the Kubernetes agent will be deployed on the Kubernetes cluster node installed in AWS EKS.

First, the EC2 instance public IP address will need to be added to the EKS cluster node to allow access from the EC2 instance. Then the AWS user can log into an AWS EC2 instance and then connect to the EKS cluster node. Lastly, the fcli command line tool will be downloaded and executed in the EKS cluster node to deploy the Kubernetes agent.

Steps to Deploy Kubernetes Agent on AWS EKS Cluster - Part 1

  1. From AWS console, search and go to EC2, select an EC2 instance that you will be using, and record down the public IP address.
  2. Now search and go to EKS, and click on the kubernetes cluster and select Configuration > Networking tab.
  3. Click Manage networking, then click Advanced Settings drop down menu to add the EC2 instance public IP address to the list of public access endpoint, the IP should end in "/32".
  4. For example: if the IP 73.192.74.109, then enter 73.192.74.109/32. Then click Save changes.

  5. Go back to the EC2 instance, click Connect and select SSH client tab, use the command to connect to the instance on a SSH client like Git Bash, Putty, etc.
  6. When you log into the EC2 instance, type aws configure, enter your AWS Access Key ID and AWS Secret Access Key, leave Default region name and Default output format as empty. (The AWS Access Key ID and AWS Secret Access Key is only accessible to you when you created your AWS account)
  7. Now you can access the AWS EKS cluster, type aws eks --region <region> update-kuberconfig --name <cluster name>
  8. For example: aws eks --region us-west-2 update-kubeconfig --name autotestcluster

  9. Check to see if you have access to cluster nodes: kubectl get nodes
  10. Download the fcli command line tool: wget https://forticwp-kubernetes-agent.s3.amazonaws.com/linux/fcli
  11. Change the permission of the fcli command line tool: chmod +x fcli

Steps to Deploy Kubernetes Agent on AWS EKS Cluster - Part 2

  1.  There are two methods to deploy the Kubernetes agent controller. The first method of deployment is execute the fcli command tool in one command while the second method splits the command into multiple consecutive commands.
    1. Execute the deploy command as shown from Add Kubernetes Cluster page on kubectl command line:
    2. ./fcli deploy kubernetes --token <AccessToken> --region <Region>

    3. Execute the deploy command separately:
      1. fcli config <Token> Note: The token provided from Add Kubernetes Cluster page.
      2. When prompt for region, enter "global" for non-European region, and "eu" for European region.
      3. fcli deploy kubernetes

  2. If the fcli command was executed successfully, run the command below to verify it:
  3. kubectl get pods -n fortinet

  4. A successful deployment should look like below with all worker nodes, controller, and scanner in Running status.

Note: Make sure the scanner node has enough space to pull and scan images before deploying the Kubernetes Agent pods. To prevent the Kubernetes Agent pods from being deployed on nodes that are not ready, use the following command:

kubectl taint nodes <node name> node.kubernetes.io/not-ready:NoSchedule

Example: kubectl taint nodes ip-192-168-51-200.eu-central-1.compute.internal node.kubernetes.io/not-ready:NoSchedule

 

 

 

 

 

Deploy Kubernetes Agent on AWS EKS

In this tutorial, the Kubernetes agent will be deployed on the Kubernetes cluster node installed in AWS EKS.

First, the EC2 instance public IP address will need to be added to the EKS cluster node to allow access from the EC2 instance. Then the AWS user can log into an AWS EC2 instance and then connect to the EKS cluster node. Lastly, the fcli command line tool will be downloaded and executed in the EKS cluster node to deploy the Kubernetes agent.

Steps to Deploy Kubernetes Agent on AWS EKS Cluster - Part 1

  1. From AWS console, search and go to EC2, select an EC2 instance that you will be using, and record down the public IP address.
  2. Now search and go to EKS, and click on the kubernetes cluster and select Configuration > Networking tab.
  3. Click Manage networking, then click Advanced Settings drop down menu to add the EC2 instance public IP address to the list of public access endpoint, the IP should end in "/32".
  4. For example: if the IP 73.192.74.109, then enter 73.192.74.109/32. Then click Save changes.

  5. Go back to the EC2 instance, click Connect and select SSH client tab, use the command to connect to the instance on a SSH client like Git Bash, Putty, etc.
  6. When you log into the EC2 instance, type aws configure, enter your AWS Access Key ID and AWS Secret Access Key, leave Default region name and Default output format as empty. (The AWS Access Key ID and AWS Secret Access Key is only accessible to you when you created your AWS account)
  7. Now you can access the AWS EKS cluster, type aws eks --region <region> update-kuberconfig --name <cluster name>
  8. For example: aws eks --region us-west-2 update-kubeconfig --name autotestcluster

  9. Check to see if you have access to cluster nodes: kubectl get nodes
  10. Download the fcli command line tool: wget https://forticwp-kubernetes-agent.s3.amazonaws.com/linux/fcli
  11. Change the permission of the fcli command line tool: chmod +x fcli

Steps to Deploy Kubernetes Agent on AWS EKS Cluster - Part 2

  1.  There are two methods to deploy the Kubernetes agent controller. The first method of deployment is execute the fcli command tool in one command while the second method splits the command into multiple consecutive commands.
    1. Execute the deploy command as shown from Add Kubernetes Cluster page on kubectl command line:
    2. ./fcli deploy kubernetes --token <AccessToken> --region <Region>

    3. Execute the deploy command separately:
      1. fcli config <Token> Note: The token provided from Add Kubernetes Cluster page.
      2. When prompt for region, enter "global" for non-European region, and "eu" for European region.
      3. fcli deploy kubernetes

  2. If the fcli command was executed successfully, run the command below to verify it:
  3. kubectl get pods -n fortinet

  4. A successful deployment should look like below with all worker nodes, controller, and scanner in Running status.

Note: Make sure the scanner node has enough space to pull and scan images before deploying the Kubernetes Agent pods. To prevent the Kubernetes Agent pods from being deployed on nodes that are not ready, use the following command:

kubectl taint nodes <node name> node.kubernetes.io/not-ready:NoSchedule

Example: kubectl taint nodes ip-192-168-51-200.eu-central-1.compute.internal node.kubernetes.io/not-ready:NoSchedule