F5 Container Integrations v1.2

Current Page

Application Services Proxy

Cloud Foundry

Kubernetes

Mesos Marathon

OpenShift

Support

Troubleshooting

Tutorials

Cloud Docs Home > F5 Container Integrations Index

Install the BIG-IP Controller in OpenShift

You can install the BIG-IP Controller for Kubernetes in OpenShift via a Deployment. The Deployment creates a ReplicaSet that, in turn, launches a Pod running the BIG-IP Controller app.

Attention

These instructions are for the Openshift Origin Kubernetes distribution. If you are using standard Kubernetes, see Install the BIG-IP Controller for Kubernetes.

Initial Setup

  1. Add your BIG-IP device to the OpenShift Cluster.
  2. Create a new partition for Kubernetes on your BIG-IP system. The BIG-IP Controller can not manage objects in the /Common partition.
  3. Add a Kubernetes Secret containing your BIG-IP login credentials to your Kubernetes master node.
  4. Create a Kubernetes Secret containing your Docker login credentials (required if you need to pull the container image from a private Docker registry).

Important

You should create all BIG-IP Controller objects in the kube-system namespace, unless otherwise specified in the deployment instructions.

Set up RBAC Authentication for the BIG-IP Controller

  1. Create a Service Account.

    user@openshift:~$ oc create serviceaccount bigip-ctlr -n kube-system
    serviceaccount "bigip-ctlr" created
    
  2. Create a Cluster Role with the permissions shown in the table below.

    Resources Actions
    endpoints get, list, watch
    ingresses
    namespaces
    nodes
    services
    routes
    secrets
    configmaps get, list, watch, update, create, patch
    ingresses/status|
    events

    user@openshift:~$ oc create -f f5-kctlr-openshift-clusterrole.yaml
    clusterrole "system:bigip-ctlr" created
    
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    apiVersion: v1
    kind: ClusterRole
    metadata:
      annotations:
        authorization.openshift.io/system-only: "true"
      name: system:bigip-ctlr
    rules:
    - apiGroups:
      - ""
      - "extensions"
      resources:
      - nodes
      - services
      - endpoints
      - namespaces
      - ingresses
      - routes
      - secrets
      verbs:
      - get
      - list
      - watch
    - apiGroups:
      - ""
      - "extensions"
      resources:
      - configmaps
      - events
      - ingresses/status
      verbs:
      - get
      - list
      - watch
      - update
      - create
      - patch
    

    f5-kctlr-openshift-clusterrole.yaml

  3. Create a Cluster Role Binding.

    user@openshift:~$ oc create -f f5-kctlr-openshift-clusterrole-binding.yaml
    clusterrolebinding "bigip-ctlr-role" created
    
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    apiVersion: v1
    kind: ClusterRoleBinding
    metadata:
        name: bigip-ctlr-role
    userNames:
    - system:serviceaccount:kube-system:bigip-ctlr
    subjects:
    - kind: ServiceAccount
      namespace: kube-system
      name: bigip-ctlr
    roleRef:
      name: system:bigip-ctlr
    

    f5-kctlr-openshift-clusterrole-binding.yaml

Create a Deployment

Define an OpenShift Deployment using valid JSON or YAML.

Important

OpenShift Deployments must use the following required configuration parameters:

  • pool-member-type=cluster
  • openshift-sdn-name=</BIG-IP-partition/BIG-IP-vxlan-tunnel>
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: k8s-bigip-ctlr
  namespace: kube-system
spec:
  replicas: 1
  template:
    metadata:
      name: k8s-bigip-ctlr
      labels:
        app: k8s-bigip-ctlr
    spec:
      serviceAccountName: bigip-ctlr
      containers:
        - name: k8s-bigip-ctlr
          image: "f5networks/k8s-bigip-ctlr:1.1.0"
          env:
            - name: BIGIP_USERNAME
              valueFrom:
                secretKeyRef:
                  name: bigip-login
                  key: username
            - name: BIGIP_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: bigip-login
                  key: password
          command: ["/app/bin/k8s-bigip-ctlr"]
          args: [
            "--bigip-username=$(BIGIP_USERNAME)",
            "--bigip-password=$(BIGIP_PASSWORD)",
            "--bigip-url=10.190.24.171",
            "--bigip-partition=openshift",
            # To manage a single namespace, enter it below
            # (required in v1.0.0)
            # To manage all namespaces, omit the `namespace` entry
            # (default as of v1.1.0)
            # To manage multiple namespaces, enter a separate flag for each
            # namespace below (as of v1.1.0)
            "--namespace=default",
            "--pool-member-type=cluster",
            # Path to the BIG-IP VXLAN connected to the OpenShift HostSubnet
            "--openshift-sdn-name=/Common/openshift_vxlan"
            ]
      imagePullSecrets:
        - name: f5-docker-images

f5-k8s-bigip-ctlr_openshift-sdn.yaml

Upload the Deployment

Upload the Deployment to the OpenShift API server using oc apply. Be sure to create all resources in the kube-system namespace.

user@openshift-master:~$ oc apply -f f5-k8s-bigip-ctlr_openshift-sdn.yaml --namespace=kube-system
deployment "k8s-bigip-ctlr" created

Verify creation

When you create a Deployment, a ReplicaSet and Pod (s) launch automatically. You can use oc get to verify all of the objects launched successfully.

user@k8s-master:~$ oc get deployments --namespace=kube-system
NAME             DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
k8s-bigip-ctlr   1         1         1            1           1h

user@k8s-master:~$ oc get replicasets --namespace=kube-system
NAME                       DESIRED   CURRENT   AGE
k8s-bigip-ctlr-331478340   1         1         1h

user@k8s-master:~$ oc get pods --namespace=kube-system
NAME                                  READY     STATUS    RESTARTS   AGE
k8s-bigip-ctlr-331478340-ke0h9        1/1       Running   0          1h
kube-apiserver-172.16.1.19            1/1       Running   0          2d
kube-controller-manager-172.16.1.19   1/1       Running   0          2d
kube-dns-v11-2a66j                    4/4       Running   0          2d
kube-proxy-172.16.1.19                1/1       Running   0          2d
kube-proxy-172.16.1.21                1/1       Running   0          2d
kube-scheduler-172.16.1.19            1/1       Running   0          2d
kubernetes-dashboard-172.16.1.19      1/1       Running   0          2d