F5 Container Integrations v1.2

Current Page

Application Services Proxy

Cloud Foundry

Kubernetes

Mesos Marathon

OpenShift

Support

Troubleshooting

Tutorials

Cloud Docs Home > F5 Container Integrations Index

Install the BIG-IP Controller in Kubernetes

The BIG-IP Controller for Kubernetes installs via a Kubernetes Deployment. The Deployment creates a ReplicaSet that, in turn, launches a Pod running the BIG-IP Controller app.

Attention

These instructions are for a standard Kubernetes environment. If you are using OpenShift, see Install the BIG-IP Controller for Kubernetes in OpenShift Origin.

Initial Setup

  1. Create a new partition for Kubernetes on your BIG-IP system. The BIG-IP Controller can not manage objects in the /Common partition.
  2. Add a Kubernetes Secret containing your BIG-IP login credentials to your Kubernetes master node.
  3. Create a Kubernetes Secret containing your Docker login credentials (required if you need to pull the container image from a private Docker registry).

Important

You should create all BIG-IP Controller objects in the kube-system namespace, unless otherwise specified in the deployment instructions.

Create a Deployment

  1. Define a Kubernetes Deployment using valid JSON or YAML.

    The deployment example below also creates a ServiceAccount for the controller to use.

    Example Kubernetes Manifest
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: k8s-bigip-ctlr-deployment
      namespace: kube-system
    spec:
      replicas: 1
      template:
        metadata:
          name: k8s-bigip-ctlr
          labels:
            app: k8s-bigip-ctlr
        spec:
          serviceAccountName: bigip-ctlr-serviceaccount
          containers:
            - name: k8s-bigip-ctlr
              # replace the version as needed
              image: "f5networks/k8s-bigip-ctlr:1.1.0"
              env:
                - name: BIGIP_USERNAME
                  valueFrom:
                    secretKeyRef:
                      name: bigip-login
                      key: username
                - name: BIGIP_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: bigip-login
                      key: password
              command: ["/app/bin/k8s-bigip-ctlr"]
              args: [
                "--bigip-username=$(BIGIP_USERNAME)",
                "--bigip-password=$(BIGIP_PASSWORD)",
                "--bigip-url=10.190.24.171",
                "--bigip-partition=kubernetes",
                # To manage a single namespace, enter it below
                # (required in v1.0.0)
                # To manage all namespaces, omit the `namespace` entry
                # (default as of v1.1.0)
                # To manage multiple namespaces, enter a separate flag for each
                # namespace below (as of v1.1.0)
                "--namespace=default",
                ]
          imagePullSecrets:
            - name: f5-docker-images
    
    ---
    
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: bigip-ctlr-serviceaccount
      namespace: kube-system
    

    f5-k8s-bigip-ctlr_image-secret.yaml

Set up RBAC Authentication

Note

Create a cluster role and cluster role binding. These resources allow the BIG-IP Controller to monitor and update the resources it manages.

You can restrict the permissions granted in the cluster role as needed for your deployment. Those shown below are the supported permission set.

Example ClusterRole and ClusterRoleBinding
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# for use in k8s clusters using RBAC
# for Openshift use the openshift specific examples
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: bigip-ctlr-clusterrole
rules:
- apiGroups:
  - ""
  resources:
  - nodes
  - services
  - endpoints
  - namespaces
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - extensions
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - configmaps
  - events
  verbs:
  - get
  - list
  - watch
  - update
  - create
  - patch
- apiGroups:
  - "extensions"
  resources:
  - ingresses/status
  verbs:
  - get
  - list
  - watch
  - update
  - create
  - patch

---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: bigip-ctlr-clusterrole-binding
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: bigip-ctlr-clusterrole
subjects:
- kind: ServiceAccount
  name: bigip-ctlr-serviceaccount
  namespace: kube-system

f5-k8s-sample-rbac.yaml

Upload the Deployment

Upload the Deployment, Cluster Role, and Cluster Role Binding to the Kubernetes API server using kubectl apply. Be sure to create all resources in the kube-system namespace.

user@k8s-master:~$ kubectl apply -f f5-k8s-bigip-ctlr_image-secret.yaml --namespace=kube-system
user@k8s-master:~$ kubectl apply -f f5-k8s-sample-rbac.yaml --namespace=kube-system

Verify creation

When you create a Deployment, a ReplicaSet and Pod (s) launch automatically. Use kubectl to verify all of the objects launched successfully.

user@k8s-master:~$ kubectl get deployments --namespace=kube-system
NAME             DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
k8s-bigip-ctlr   1         1         1            1           1h

user@k8s-master:~$ kubectl get replicasets --namespace=kube-system
NAME                       DESIRED   CURRENT   AGE
k8s-bigip-ctlr-331478340   1         1         1h

user@k8s-master:~$ kubectl get pods --namespace=kube-system
NAME                                  READY     STATUS    RESTARTS   AGE
k8s-bigip-ctlr-331478340-ke0h9        1/1       Running   0          1h
kube-apiserver-172.16.1.19            1/1       Running   0          2d
kube-controller-manager-172.16.1.19   1/1       Running   0          2d
kube-dns-v11-2a66j                    4/4       Running   0          2d
kube-proxy-172.16.1.19                1/1       Running   0          2d
kube-proxy-172.16.1.21                1/1       Running   0          2d
kube-scheduler-172.16.1.19            1/1       Running   0          2d
kubernetes-dashboard-172.16.1.19      1/1       Running   0          2d