F5 Container Integrations v1.2

Current Page

Application Services Proxy

Cloud Foundry

Kubernetes

Mesos Marathon

OpenShift

Support

Troubleshooting

Tutorials

Cloud Docs Home > F5 Container Integrations Index

How to add your BIG-IP device to an OpenShift Cluster

Tasks

Complete the following tasks to add a BIG-IP device to an OpenShift cluster network.

Step Task
Create a host subnet in your OpenShift cluster.
Create a VXLAN tunnel on the BIG-IP device.
Assign an overlay address from the subnet to a BIG-IP Self IP address.

Tip

The examples provided here deploy the BIG-IP Controller to the ‘default’ namespace and assign it a Service Account named ‘bigip-ctlr’.

Create a new OpenShift HostSubnet

  1. Define a HostSubnet using valid JSON or YAML.

    Important

    You must include the “annotation” section shown in the example below. The VNID 0 grants the BIG-IP device access to all OpenShift projects.

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    apiVersion: v1
    kind: HostSubnet
    metadata:
      name: f5-server
      annotations:
        pod.network.openshift.io/fixed-vnid-host: "0"
        pod.network.openshift.io/assign-subnet: "true"
    # provide a name for the node that will serve as BIG-IP's entry into the cluster
    host: f5-server
    # The hostIP address will be the BIG-IP interface address routable to the
    # OpenShift Origin nodes.
    # This address is the BIG-IP VTEP in the SDN's VXLAN.
    hostIP: 172.16.1.28
    

    f5-kctlr-openshift-hostsubnet.yaml

    user@openshift:~$ oc create -f f5-kctlr-openshift-hostsubnet.yaml
    
  2. Verify creation of the HostSubnet.

    $ oc get hostsubnet
    NAME                  HOST                  HOST IP         SUBNET
    f5-server             f5-server             172.16.1.28     10.129.2.0/23
    master.internal.net   master.internal.net   172.16.1.10     10.129.0.0/23
    node1.internal.net    node1.internal.net    172.16.1.24     10.130.0.0/23
    node2.internal.net    node2.internal.net    172.16.1.25     10.128.0.0/23
    

Create a BIG-IP VXLAN tunnel

  1. Create a new BIG-IP VXLAN profile using multi-point flooding.

    admin@BIG-IP(cfg-sync Standalone)(Active)(/Common)(tmos)$ create net tunnels vxlan vxlan-mp flooding-type multipoint
    
  2. Verify creation of the VXLAN profile.

    admin@BIG-IP(cfg-sync Standalone)(Active)(/Common)(tmos)$ list net tunnels vxlan vxlan-mp
    
  3. Create a new BIG-IP VXLAN tunnel.

    • Use the OpenShift HostSubnet’s hostIP address as the VXLAN local-address (the BIG-IP VTEP).
    • Set the key to 0 to grant the BIG-IP device access to all OpenShift projects and subnets.
    • Use the OpenShift HostSubnet’s hostIP address as the VXLAN local-address (the VTEP).
    • The key must be 0 if you want to give the BIG-IP access to all OpenShift subnets.
    admin@BIG-IP(cfg-sync Standalone)(Active)(/Common)(tmos)$ create net tunnels tunnel openshift_vxlan key 0 profile vxlan-mp local-address 172.16.1.28
    
  4. Verify creation of the VXLAN tunnel.

    admin@BIG-IP(cfg-sync Standalone)(Active)(/Common)(tmos)$ list net tunnels tunnel openshift_vxlan
    

Add the BIG-IP device to the OpenShift overlay network

  1. Create a BIG-IP self IP address.

    • Use an address in the range defined in the HostSubnet allocated earlier. This ensures that all VXLAN traffic is correctly routed via the openshift_vxlan tunnel. [1]
    • Assign asubnet mask that matches that of the OpenShift SDN cluster network. In OpenShift Origin 1.4, for example, the default is /14.
    • If you don’t specify a traffic group, the self IP uses the BIG-IP system’s default.
    admin@BIG-IP(cfg-sync Standalone)(Active)(/Common)(tmos)$ create net self 10.129.2.10/14 allow-service all vlan openshift_vxlan