k8s big-ip control 安裝使用

k8s big-ip control 安裝使用

0. 準備工做

網絡打通，這裏沒有使用fannel，沒有使用vxlan 。

在f5界面 建立f5分區。這裏是cce-test。

1. 安裝bigip control

kubectl create serviceaccount bigip-ctlr -n kube-system

kubectl get sa -n kube-system

建立ClusterRole ，ClusterRole

f5-k8s-sample-rbac.yaml

# for use in k8s clusters only
# for OpenShift, use the OpenShift-specific examples
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: bigip-ctlr-clusterrole
rules:
- apiGroups: ["", "extensions"]
  resources: ["nodes", "services", "endpoints", "namespaces", "ingresses", "pods"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["", "extensions"]
  resources: ["configmaps", "events", "ingresses/status"]
  verbs: ["get", "list", "watch", "update", "create", "patch"]
- apiGroups: ["", "extensions"]
  resources: ["secrets"]
  resourceNames: ["<secret-containing-bigip-login>"]
  verbs: ["get", "list", "watch"]

---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: bigip-ctlr-clusterrole-binding
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: bigip-ctlr-clusterrole
subjects:
- apiGroup: ""
  kind: ServiceAccount
  name: bigip-ctlr
  namespace: kube-system

kubectl get clusterroles.rbac.authorization.k8s.io -n kube-system

NAME                                                                   AGE
admin                                                                  2d12h
aggregate-network-attachment-definitions-admin                         2d12h
aggregate-network-attachment-definitions-edit                          2d12h
aggregate-network-attachment-definitions-view                          2d12h
bigip-ctlr-clusterrole                                                 46h
cluster-admin                                                          2d12h
copaddon-nginx-ingress                                                 2d12h
coredns                                                                2d12h
edit                                                                   2d12h

kubectl get clusterrolebindings.rbac.authorization.k8s.io -n kube-system

NAME                                                   AGE
auto-approve-csrs-for-group                            2d12h
auto-approve-renewals-for-nodes                        2d12h
auto-approve-renewals-for-nodes-server                 2d12h
bigip-ctlr-clusterrole-binding                         46h
f5-k8s-bigip-ctlr_basic.yaml

kubectl create secret generic bigip-login --namespace kube-system --from-literal=username=admin --from-literal=password=admin

kubectl describe secret bigip-login -n kube-system

kubectl apply -f f5-k8s-bigip-ctlr_basic.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: k8s-bigip-ctlr-deployment
  namespace: kube-system
spec:
  # DO NOT INCREASE REPLICA COUNT
  replicas: 1
  template:
    metadata:
      name: k8s-bigip-ctlr
      labels:
        app: k8s-bigip-ctlr
    spec:
      # Name of the Service Account bound to a Cluster Role with the required
      # permissions
      serviceAccountName: bigip-ctlr
      containers:
        - name: k8s-bigip-ctlr
          image: "f5networks/k8s-bigip-ctlr"
          imagePullPolicy: IfNotPresent
          env:
            - name: BIGIP_USERNAME
              valueFrom:
                secretKeyRef:
                  # Replace with the name of the Secret containing your login
                  # credentials
                  name: bigip-login
                  key: username
            - name: BIGIP_PASSWORD
              valueFrom:
                secretKeyRef:
                  # Replace with the name of the Secret containing your login
                  # credentials
                  name: bigip-login
                  key: password
          command: ["/app/bin/k8s-bigip-ctlr"]
          args: [
            # See the k8s-bigip-ctlr documentation for information about
            # all config options
            # https://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest
            "--bigip-username=$(BIGIP_USERNAME)",
            "--bigip-password=$(BIGIP_PASSWORD)",
            "--bigip-url=xxxxxxxxx",
            "--bigip-partition=cce-test",
            "--pool-member-type=cluster"
            ]
     # imagePullSecrets:
     #   # Secret that gives access to a private docker registry
     #   - name: f5-docker-images
     #   # Secret containing the BIG-IP system login credentials
     #   - name: bigip-login

指定bigip-url bigip-partition pool-member-type

看下deployment日誌有沒有報錯: kubectl logs k8s-bigip-ctlr-deployment-bcf87fdb8-ztj9f -n kube-system

2. 建立應用和對應f5 vs的configmap

建立應用，這裏以nginx爲例:

kubectl create deployment --image=nginx nginx1 kubectl expose deployment nginx1 --port=80

建立f5vs的configmap

f5-resource-vs-example.configmap.yaml

kind: ConfigMap
apiVersion: v1
metadata:
  name: nginx1.vs
  labels:
    f5type: virtual-server
data:
  # See the f5-schema table for schema-controller compatibility
  # https://clouddocs.f5.com/containers/latest/releases_and_versioning.html#f5-schema
  schema: "f5schemadb://bigip-virtual-server_v0.1.7.json"
  data: |
    {
      "virtualServer": {
        "backend": {
          "servicePort": 80,
          "serviceName": "nginx1",
          "healthMonitors": [{
            "interval": 30,
            "protocol": "http",
            "send": "GET / HTTP/1.1\r\nHost:abc.com\r\n\r\n",
            "recv": "200|OK",
            "timeout": 120
          }]
        },
        "frontend": {
          "virtualAddress": {
            "port": 80,
            "bindAddr": "xxxxxxxxxx"
          },
          "partition": "cce-test",
          "balance": "least-connections-member",
          "mode": "http"
        }
      }
    }

填寫backend, frontend。

官網有比較詳細的解釋，參數能夠添加不少。 https://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/v1.10/