Deploy the F5 / Kubernetes Container ConnectorΒΆ
- All of the following commands and yaml files are contained within the "f5-kube-demo" github repo.
$ git clone https://github.com/vtog/f5-kube-demo.git
Note
For a more thorough explanation see http://clouddocs.f5.com/containers/v2/kubernetes/index.html
Basic f5 container connector deployment commands:
- Create bigip login secret
$ kubectl create secret generic bigip-login -n kube-system --from-literal=username=admin --from-literal=password=admin
- Create kubernetes service account for bigip controller
$ kubectl create serviceaccount k8s-bigip-ctlr -n kube-system
- Create cluster role for bigip service account (admin rights, but can be modified for your environment)
$ kubectl create clusterrolebinding k8s-bigip-ctlr-clusteradmin --clusterrole=cluster-admin --serviceaccount=kube-system:k8s-bigip-ctlr
Note
Use one or the other of the following commands depending on deployment type. nodeport vs. cluster (see http://clouddocs.f5.com/containers/v2/kubernetes/kctlr-modes.html)
- NodePort example
$ kubectl create -f f5-nodeport-deployment.yaml
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: k8s-bigip-ctlr-deployment namespace: kube-system spec: replicas: 1 template: metadata: name: k8s-bigip-ctlr labels: app: k8s-bigip-ctlr spec: serviceAccountName: k8s-bigip-ctlr containers: - name: k8s-bigip-ctlr image: "f5networks/k8s-bigip-ctlr:1.5.1" imagePullPolicy: IfNotPresent env: - name: BIGIP_USERNAME valueFrom: secretKeyRef: name: bigip-login key: username - name: BIGIP_PASSWORD valueFrom: secretKeyRef: name: bigip-login key: password command: ["/app/bin/k8s-bigip-ctlr"] args: [ "--bigip-username=$(BIGIP_USERNAME)", "--bigip-password=$(BIGIP_PASSWORD)", "--bigip-url=10.1.10.60", "--bigip-partition=kubernetes", "--namespace=default", "--pool-member-type=nodeport" ]
- ClusterIP example
$ kubectl create -f f5-cluster-deployment.yaml
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: k8s-bigip-ctlr-deployment namespace: kube-system spec: replicas: 1 template: metadata: name: k8s-bigip-ctlr labels: app: k8s-bigip-ctlr spec: serviceAccountName: k8s-bigip-ctlr containers: - name: k8s-bigip-ctlr image: "f5networks/k8s-bigip-ctlr:1.5.1" imagePullPolicy: IfNotPresent env: - name: BIGIP_USERNAME valueFrom: secretKeyRef: name: bigip-login key: username - name: BIGIP_PASSWORD valueFrom: secretKeyRef: name: bigip-login key: password command: ["/app/bin/k8s-bigip-ctlr"] args: [ "--bigip-username=$(BIGIP_USERNAME)", "--bigip-password=$(BIGIP_PASSWORD)", "--bigip-url=10.1.10.60", "--bigip-partition=kubernetes", "--namespace=default", "--pool-member-type=cluster", "--flannel-name=fl-vxlan" ]
$ kubectl create -f f5-bigip-node.yaml
apiVersion: v1 kind: Node metadata: name: bigip1 annotations: #Replace MAC with your BIGIP Flannel VXLAN Tunnel MAC flannel.alpha.coreos.com/backend-data: '{"VtepMAC":"2c:c2:60:23:0c:58"}' flannel.alpha.coreos.com/backend-type: "vxlan" flannel.alpha.coreos.com/kube-subnet-manager: "true" #Replace IP with Self-IP for your deployment flannel.alpha.coreos.com/public-ip: "10.1.10.60" spec: #Replace Subnet with your BIGIP Flannel Subnet podCIDR: "10.244.20.0/24"
Note
Be sure to find and update the "VtepMaC" with the correct address from the f5 CLI
$ tmsh show net tunnels tunnel fl-vxlan all-properties
- Verify f5 container connector is up and running
$ kubectl get pods -n kube-system -o wide