F5 Container Integrations

Current Page

Cloud Foundry

Kubernetes / OpenShift

Mesos Marathon

Support

Troubleshooting

Tutorials


View related articles on DevCentral

Cloud Docs Home > F5 Container Integrations Index

Add BIG-IP device to flannel VXLAN

This document provides step-by-step instructions for adding a BIG-IP device to a Kubernetes Cluster using flannel VXLAN. For more information about this integration, see BIG-IP and flannel VXLAN Integration.

Complete the following tasks to add a BIG-IP device to a Kubernetes Cluster Network using flannel.

Task table
Step Task
Deploy flannel for Kubernetes

Set up the BIG-IP system:

Add the BIG-IP device to the flannel overlay network

Deploy flannel for Kubernetes

If you haven’t already deployed flannel in your Kubernetes Cluster, you can do so using a kube-flannel manifest file. The manifest file defines all of the resources required to deploy flannel in Kubernetes.

Important

In the netconf.json section of the ConfigMap, the Backend.Type must be vxlan. The BIG-IP Controller doesn’t support other backend modes.

Set up the BIG-IP system

Important

The steps in this section require either Administrator or Resource Administrator permissions on the BIG-IP system.

Create a VXLAN tunnel

  1. Create a VXLAN profile with flooding-type none.

    create /net tunnels vxlan fl-vxlan port 8472 flooding-type none
    
  2. Create a VXLAN tunnel.

    • Set the local-address to an IP address from the network that will support the VXLAN overlay.
    • Set the key to 1 to grant the BIG-IP device access to all Cluster resources.

    create /net tunnels tunnel flannel_vxlan key 1 profile fl-vxlan local-address 172.16.1.3
    

Create a self IP in the VXLAN

  1. Identify the flannel subnet you want to assign to the BIG-IP system. Make sure it doesn’t overlap with a subnet that’s already in use by existing Nodes in the Kubernetes Cluster. You will assign this subnet to a “dummy” Node for the BIG-IP device later.
  2. Create a self IP using an address from the subnet you want to assign to the BIG-IP device.
create /net self 10.244.30.3/16 allow-service none vlan flannel_vxlan

Important

  • The subnet mask you assign to the self IP must match that of the flannel network (the default is /16).
  • When creating a self IP using the BIG-IP configuration utility instead of TMSH, you may need to provide the full netmask (for example, 255.255.0.0 instead of /16).
  • If you do not specify a traffic group, the self IP will use the BIG-IP system’s default.

Create a floating self IP in the VXLAN

Create a floating IP address in the subnet you want to assign to the BIG-IP device. Use the same subnet mask as the flannel network.

create /net self 10.244.30.4/16 allow-service none traffic-group traffic-group-1 vlan flannel_vxlan

Note

All virtual servers created by the BIG-IP Controller use the BIG-IP SNAT automap feature, which prefers floating IP addresses over static IPs. See BIG-IP SNATs and SNAT automap for more information.

Verify creation of the BIG-IP objects

You can use a TMOS shell or the BIG-IP configuration utility to verify object creation.

show /net tunnels tunnel flannel_vxlan
show /net running-config self 10.244.30.3/16
show /net running-config self 10.244.30.4/16

Add the BIG-IP device to the flannel overlay network

Flannel uses a set of custom Annotations to identify Nodes as part of the Cluster network. When you create a dummy Node resource for the BIG-IP that contains these Annotations, flannel can discover the BIG-IP device and monitor it as part of the VXLAN.

Find the VTEP MAC address

You can find the MAC address of your BIG-IP VXLAN tunnel using a TMOS shell.

show /net tunnels tunnel flannel_vxlan all-properties
-------------------------------------------------
Net::Tunnel: flannel_vxlan
-------------------------------------------------
MAC Address                     ab:12:cd:34:ef:56
...

Find the flannel Annotations

Run kubectl describe for any Node in the Cluster and make note of the flannel Annotations included in the Node description.

kubectl describe nodes <node>
...
flannel.alpha.coreos.com/backend-data:'{"VtepMAC":"<mac-address>"}'
flannel.alpha.coreos.com/backend-type: 'vxlan'
flannel.alpha.coreos.com/kube-subnet-manager: 'true'
flannel.alpha.coreos.com/public-ip: <node-ip-address>
...

Create a Kubernetes Node for the BIG-IP device

  1. Create a Kubernetes Node resource.

    • Include all of the flannel Annotations. Define the backend-data and public-ip Annotations with data from the BIG-IP VXLAN:

      flannel.alpha.coreos.com/backend-data:'{"VtepMAC":"<BIG-IP_mac-address>"}'

      flannel.alpha.coreos.com/public-ip: <BIG-IP_vtep-address>

      (This is the IP address you assigned to the VXLAN tunnel).

    • Set the podCIDR to the subnet you used to create the self IP and floating IP.

    apiVersion: v1
    kind: Node
    metadata:
      name: bigip
      annotations:
        # Provide the MAC address of the BIG-IP VXLAN tunnel
        flannel.alpha.coreos.com/backend-data: '{"VtepMAC":"ab:12:cd:34:ef:56"}'
        flannel.alpha.coreos.com/backend-type: "vxlan"
        flannel.alpha.coreos.com/kube-subnet-manager: "true"
        # Provide the IP address you assigned as the BIG-IP VTEP
        flannel.alpha.coreos.com/public-ip: 172.16.1.3
    spec:
      # Define the flannel subnet you want to assign to the BIG-IP device.
      # Be sure this subnet does not collide with any other Nodes' subnets.
      podCIDR: 10.244.30.0/24
    

    f5-kctlr-bigip-node.yaml

  2. Upload the Node resource to the Kubernetes API server.

    kubectl create -f f5-kctlr-bigip-node.yaml
    
  3. Verify creation of the BIG-IP Node.

    kubectl get nodes
    NAME           STATUS    AGE       VERSION
    bigip          Ready     5m        v1.7.5
    k8s-master-0   Ready     2d        v1.7.5
    k8s-worker-0   Ready     2d        v1.7.5
    k8s-worker-1   Ready     2d        v1.7.5
    

You should now be able to successfully send traffic through the BIG-IP system to and from endpoints within your Kubernetes Cluster.

What’s Next

See also

If you get a configuration error when trying to create a virtual server using an iApp, see Troubleshoot Your Kubernetes Deployment.