Fortinet black logo

Administration Guide

Creating Kubernetes connector

Creating Kubernetes connector

With FortiManager, you can create a fabric connector for Kubernetes, and then import address names from Kubernetes to automatically create dynamic objects that you can use in policies. When you install the policies to one or more FortiGate units, FortiGate uses the information and Fortinet SDN Connector to communicate with Kubernetes and dynamically populate the objects with IP addresses.

When you create a fabric connector for Kubernetes, you are specifying how FortiGate can communicate with Kubernetes through Fortinet SDN Connector. As a result, you are configuring communication and authentication information for Fortinet SDN Connector.

If ADOMs are enabled, you can create multiple fabric connectors per ADOM; however, each fabric connector requires a unique IP address.

Requirements:

  • FortiManagerwith ADOM version 6.2 or later.
  • FortiGate is managed by FortiManager.
  • The managed FortiGate unit is configured to work with Kubernetes.
To create a fabric connector object for Kubernetes:
  1. Go to Fabric View > Fabric > Connectors, and click Create New. The Create New Fabric Connector wizard is displayed.
  2. Under Private SDN, select Kubernetes. The Kubernetes screen is displayed.

  3. Configure the following options, and click OK:

    Name

    Type a name for the fabric connector object.

    Type

    Displays Kubernetes.

    IP

    Type the IP address for the SDN Connector.

    Port

    Specify the port for the Fortinet SDN Connector.

    Select one of the following options:

    • Click Use Default to use the default port.
    • Click Specify and specify the port.

    Secret Token

    Specify a secret token for the Fortinet SDN Connector.

    Update Interval (s)

    Specify the update interval for the Fortinet SDN Connector.

    Select one of the following options:

    • Click Use Default to use the default interval.
    • Click Specify and specify the interval.

    Status

    Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

  4. Go to Policy & Objects > Security Fabric > Fabric Connectors. Select the connector and click Import.
  5. The Kubernetes connector is imported. Click Close to close the import dialog.
  6. Create a Policy Package and install it to a FortiGate device. The Kubernetes connector object is synced with the FortiGate device.

Kubernetes Service must be enabled on the server side for AWS, Azure, OCI and, GCP for Kubernetes to function for the particular cloud platform. Once the service is enabled, Kubernetes can be configured for the particular cloud platform on FortiManager.

Creating Kubernetes connector

With FortiManager, you can create a fabric connector for Kubernetes, and then import address names from Kubernetes to automatically create dynamic objects that you can use in policies. When you install the policies to one or more FortiGate units, FortiGate uses the information and Fortinet SDN Connector to communicate with Kubernetes and dynamically populate the objects with IP addresses.

When you create a fabric connector for Kubernetes, you are specifying how FortiGate can communicate with Kubernetes through Fortinet SDN Connector. As a result, you are configuring communication and authentication information for Fortinet SDN Connector.

If ADOMs are enabled, you can create multiple fabric connectors per ADOM; however, each fabric connector requires a unique IP address.

Requirements:

  • FortiManagerwith ADOM version 6.2 or later.
  • FortiGate is managed by FortiManager.
  • The managed FortiGate unit is configured to work with Kubernetes.
To create a fabric connector object for Kubernetes:
  1. Go to Fabric View > Fabric > Connectors, and click Create New. The Create New Fabric Connector wizard is displayed.
  2. Under Private SDN, select Kubernetes. The Kubernetes screen is displayed.

  3. Configure the following options, and click OK:

    Name

    Type a name for the fabric connector object.

    Type

    Displays Kubernetes.

    IP

    Type the IP address for the SDN Connector.

    Port

    Specify the port for the Fortinet SDN Connector.

    Select one of the following options:

    • Click Use Default to use the default port.
    • Click Specify and specify the port.

    Secret Token

    Specify a secret token for the Fortinet SDN Connector.

    Update Interval (s)

    Specify the update interval for the Fortinet SDN Connector.

    Select one of the following options:

    • Click Use Default to use the default interval.
    • Click Specify and specify the interval.

    Status

    Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

  4. Go to Policy & Objects > Security Fabric > Fabric Connectors. Select the connector and click Import.
  5. The Kubernetes connector is imported. Click Close to close the import dialog.
  6. Create a Policy Package and install it to a FortiGate device. The Kubernetes connector object is synced with the FortiGate device.

Kubernetes Service must be enabled on the server side for AWS, Azure, OCI and, GCP for Kubernetes to function for the particular cloud platform. Once the service is enabled, Kubernetes can be configured for the particular cloud platform on FortiManager.