Resource Group is a container that holds various resources that the profile is entitled to on FortiCWP.
In Container Protection, a resource item includes Credential Group, Registry and Image Group, Jenkins Server Group, and Cluster Group.
When selecting cluster resources, make sure the corresponding resources under the same platform is included to enable access to the cluster data.
For example, when the Google Container registry and image are added to the resource group, then the credential of the Google service account needs to be added in the same resource group to enable access to the registry data.
Only Global Admin, Admin, and Cloud Provision Admin can create and edit Resource groups
|Resource Group Name||Container Resources|
Configure > Credential Store - account credential data as well as other places that show relevant credential info.
|Registry and Image Group||
FortiView > Container Image - container image details as well as other places that show relevant image info.
Configure > Registry - registry data as well as other places that show relevant registry info.
|Jenkins Server Group||FortiView > CI/CD Integration - Jenkin server and CI/CD integration data as well as other places that show relevant CI/CD integration info.|
|Cluster Group||Configure > Kubernetes Cluster - all Kubernetes cluster data as well as other places that show relevant cluster info.|
FortiCWP utilizes regex rules in pattern matching. for more information on regex syntax and pattern matching examples, please see Appendix C - Regex Syntax Rule .
The steps below add a resource from every section, but not every section is required to be filled to create a resource group.
- Go to ADMIN > Resource Group from Container Protection navigation menu.
- Click +Create New to create a new resource group.
- Give a Resource Group Name and Description (optional) for the resource group.
- In Cluster Name section, enter a regex, then press
Enterto filter the cluster names.
- In Add Credential section, enter a regex then press
Enterto filter the credential names.
- In Add Registry and Image section, add the registry associated with the credentials added earlier by entering a regex and press
- In Add Jenkins Server section, enter a regex then press
Enterto filter through the Jenkins server.
- Click Create Resource Group to finish.
For example, enter ".*gke.*" to add all cluster names that have "gke".
Click See Matched Cluster to verify the clusters to be added.
For example, enter "GKE.*" to match a credential name that starts with "GKE".
Click See Matched Credential to verify the credential to be added.
For example, enter "gcr.*" to match a registry name that starts with "gcr".
The default value in Image in Matched Registry field is ".*" where it will match all images in the registry. If only a specific image needs to be added, delete the ".*" and enter a new regex.
Click See Matched Regsitry to verify the registry to be added.
(Tips: enter ".*" to see all available Jenkins server then enter a regex to filter)
For example, enter ".*log4j.*" to match a server name that has "log4j"
Click See Matched Jenkins Server to verify the Jenkins server to be added.
When there are other resources with similar name added to Container Protection, it will be captured by the regex rule and included in the same resource group.