Created on 10-21-2020 03:20 AM Edited on 02-05-2024 01:07 AM By Jean-Philippe_P
Description
This article explains private Cloud K8s SDN connector.
Solution
FortiOS automatically updates dynamic addresses for Kubernetes (K8S) by using a K8S SDN connector, enabling FortiOS to manage K8S pods as global address objects, as with other connectors.
This includes mapping the following attributes from K8S instances to dynamic address groups in FortiOS:
# config system sdn-connector- Create a dynamic firewall address for the configured K8S SDN connector with the supported K8S filter.
edit "kubernetes1"
set type kubernetes
set server "172.18.64.38"
set server-port 6443
set secret-token xxxxx
set update-interval 30
next
end
# config firewall address- Confirm that the K8S SDN connector resolves dynamic firewall IP addresses using the configured filter:
edit "k8s_nodename"
set type dynamic
set sdn "kubernetes1"
set filter "K8S_NodeName=van-201669-pc1"
next
end
# config firewall address
edit "k8s_nodename"
set uuid 462112a2-1ab1-51e9-799c-652621ba8c0c
set type dynamic
set sdn "kubernetes1"
set filter "K8S_NodeName=van-201669-pc1"
# config list
edit "172.16.65.227"
next
end
next
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.