Fortinet black logo

Version:

Version:

Version:

Version:


Table of Contents

Online Help

Create Resource Group in Container Protection

Resource Group is a container that holds various resources that the profile is entitled to on FortiCWP.

In Container Protection, a resource item includes Credential Group, Registry and Image Group, Jenkins Server Group, and Cluster Group.

When selecting cluster resources, make sure the corresponding resources under the same platform is included to enable access to the cluster data.

For example, when the Google Container registry and image are added to the resource group, then the credential of the Google service account needs to be added in the same resource group to enable access to the registry data.

Only Global Admin, Admin, and Cloud Provision Admin can create and edit Resource groups

Resource Group Name Container Resources
Credential Group

Configure > Credential Store - account credential data as well as other places that show relevant credential info.

Registry and Image Group

FortiView > Container Image - container image details as well as other places that show relevant image info.

Configure > Registry - registry data as well as other places that show relevant registry info.

Jenkins Server Group FortiView > CI/CD Integration - Jenkin server and CI/CD integration data as well as other places that show relevant CI/CD integration info.
Cluster Group Configure > Kubernetes Cluster - all Kubernetes cluster data as well as other places that show relevant cluster info.

Create Resource Group by Rule Matching

FortiCWP utilizes regex rules in pattern matching. for more information on regex syntax and pattern matching examples, please see Appendix C - Regex Syntax Rule .

The steps below add a resource from every section, but not every section is required to be filled to create a resource group.

  1. Go to ADMIN > Resource Group from Container Protection navigation menu.
  2. Click +Create New to create a new resource group.
  3. Give a Resource Group Name and Description (optional) for the resource group.
  4. In Cluster Name section, enter a regex, then press Enter to filter the cluster names.
  5. For example, enter ".*gke.*" to add all cluster names that have "gke".

    Click See Matched Cluster to verify the clusters to be added.

  6. In Add Credential section, enter a regex then press Enter to filter the credential names.
  7. For example, enter "GKE.*" to match a credential name that starts with "GKE".

    Click See Matched Credential to verify the credential to be added.

  8. In Add Registry and Image section, add the registry associated with the credentials added earlier by entering a regex and press Enter.
  9. For example, enter "gcr.*" to match a registry name that starts with "gcr".

    The default value in Image in Matched Registry field is ".*" where it will match all images in the registry. If only a specific image needs to be added, delete the ".*" and enter a new regex.

    Click See Matched Regsitry to verify the registry to be added.

  10. In Add Jenkins Server section, enter a regex then press Enter to filter through the Jenkins server.
  11. (Tips: enter ".*" to see all available Jenkins server then enter a regex to filter)

    For example, enter ".*log4j.*" to match a server name that has "log4j"

    Click See Matched Jenkins Server to verify the Jenkins server to be added.

  12. Click Create Resource Group to finish.

When there are other resources with similar name added to Container Protection, it will be captured by the regex rule and included in the same resource group.

 

 

 

 

 

 

 

 

 

 

Create Resource Group in Container Protection

Resource Group is a container that holds various resources that the profile is entitled to on FortiCWP.

In Container Protection, a resource item includes Credential Group, Registry and Image Group, Jenkins Server Group, and Cluster Group.

When selecting cluster resources, make sure the corresponding resources under the same platform is included to enable access to the cluster data.

For example, when the Google Container registry and image are added to the resource group, then the credential of the Google service account needs to be added in the same resource group to enable access to the registry data.

Only Global Admin, Admin, and Cloud Provision Admin can create and edit Resource groups

Resource Group Name Container Resources
Credential Group

Configure > Credential Store - account credential data as well as other places that show relevant credential info.

Registry and Image Group

FortiView > Container Image - container image details as well as other places that show relevant image info.

Configure > Registry - registry data as well as other places that show relevant registry info.

Jenkins Server Group FortiView > CI/CD Integration - Jenkin server and CI/CD integration data as well as other places that show relevant CI/CD integration info.
Cluster Group Configure > Kubernetes Cluster - all Kubernetes cluster data as well as other places that show relevant cluster info.

Create Resource Group by Rule Matching

FortiCWP utilizes regex rules in pattern matching. for more information on regex syntax and pattern matching examples, please see Appendix C - Regex Syntax Rule .

The steps below add a resource from every section, but not every section is required to be filled to create a resource group.

  1. Go to ADMIN > Resource Group from Container Protection navigation menu.
  2. Click +Create New to create a new resource group.
  3. Give a Resource Group Name and Description (optional) for the resource group.
  4. In Cluster Name section, enter a regex, then press Enter to filter the cluster names.
  5. For example, enter ".*gke.*" to add all cluster names that have "gke".

    Click See Matched Cluster to verify the clusters to be added.

  6. In Add Credential section, enter a regex then press Enter to filter the credential names.
  7. For example, enter "GKE.*" to match a credential name that starts with "GKE".

    Click See Matched Credential to verify the credential to be added.

  8. In Add Registry and Image section, add the registry associated with the credentials added earlier by entering a regex and press Enter.
  9. For example, enter "gcr.*" to match a registry name that starts with "gcr".

    The default value in Image in Matched Registry field is ".*" where it will match all images in the registry. If only a specific image needs to be added, delete the ".*" and enter a new regex.

    Click See Matched Regsitry to verify the registry to be added.

  10. In Add Jenkins Server section, enter a regex then press Enter to filter through the Jenkins server.
  11. (Tips: enter ".*" to see all available Jenkins server then enter a regex to filter)

    For example, enter ".*log4j.*" to match a server name that has "log4j"

    Click See Matched Jenkins Server to verify the Jenkins server to be added.

  12. Click Create Resource Group to finish.

When there are other resources with similar name added to Container Protection, it will be captured by the regex rule and included in the same resource group.