Add BIG-IP device to flannel VXLAN

This document provides step-by-step instructions for adding a BIG-IP device to a Kubernetes Cluster using flannel VXLAN. For more information about this integration, see BIG-IP and flannel VXLAN Integration.

Complete the following tasks to add a BIG-IP device to a Kubernetes Cluster Network using flannel.

Task Summary
Step Task
Deploy flannel for Kubernetes

Set up the BIG-IP system:

Add the BIG-IP device to the flannel overlay network

Deploy flannel for Kubernetes

If you haven’t already deployed flannel in your Kubernetes Cluster, you can do so using a kube-flannel manifest file. The manifest file defines all of the resources required to deploy flannel in Kubernetes.

Important

In the netconf.json section of the ConfigMap, the Backend.Type must be vxlan. The BIG-IP Controller doesn’t support other backend modes.

Set up the BIG-IP system

Important

The steps in this section require either Administrator or Resource Administrator permissions on the BIG-IP system.

Create a VXLAN tunnel

  1. Create a VXLAN profile with flooding-type none.

    create /net tunnels vxlan fl-vxlan port 8472 flooding-type none
    
  2. Create a VXLAN tunnel.

    • Set the local-address to an IP address from the network that will support the VXLAN overlay.
    • Set the key to 1 to grant the BIG-IP device access to all Cluster resources.
    create /net tunnels tunnel flannel_vxlan key 1 profile fl-vxlan local-address 172.16.1.28
    

Create a self IP in the VXLAN

  1. Identify the flannel subnet you want to assign to the BIG-IP system. Make sure it doesn’t overlap with a subnet that’s already in use by existing Nodes in the Kubernetes Cluster. You will assign this subnet to a “dummy” Node for the BIG-IP device later.
  2. Create a self IP using an address from the subnet you want to assign to the BIG-IP device.

Important

  • The self IP range must fall within the cluster subnet mask. The flannel network’s default subnet mask is /16.
  • If you use the BIG-IP configuration utility to create a self IP, you may need to provide the full netmask instead of the CIDR notation.
create /net self 10.129.2.3/16 allow-service none vlan flannel_vxlan

Create a floating self IP in the VXLAN

Create a floating IP address in the flannel subnet you assigned to the BIG-IP device.

create /net self 10.129.2.4/16 allow-service none traffic-group traffic-group-1 vlan flannel_vxlan

Note

By default, the BIG-IP Controller uses BIG-IP Automap SNAT for all of the virtual servers it creates. From k8s-bigip-ctlr v1.5.0 forward, you can designate a specific SNAT pool in the Controller Deployment instead of using SNAT automap.

In environments where the BIG-IP connects to the Cluster network, the self IP used as the BIG-IP VTEP serves as the SNAT pool for all origin addresses within the Cluster. The subnet mask you provide when you create the self IP defines the addresses available to the SNAT pool.

Verify creation of the BIG-IP objects

You can use a TMOS shell or the BIG-IP configuration utility to verify object creation.

show /net tunnels tunnel flannel_vxlan
show /net running-config self 10.129.2.3/16
show /net running-config self 10.129.2.4/16

Add the BIG-IP device to the flannel overlay network

Flannel uses a set of custom Annotations to identify Nodes as part of the Cluster network. When you create a dummy Node resource for the BIG-IP that contains these Annotations, flannel can discover the BIG-IP device and monitor it as part of the VXLAN.

Find the VTEP MAC address

You can find the MAC address of your BIG-IP VXLAN tunnel using a TMOS shell.

show /net tunnels tunnel flannel_vxlan all-properties
-------------------------------------------------
Net::Tunnel: flannel_vxlan
-------------------------------------------------
MAC Address                   ab:12:cd:34:ef:56
...

Find the flannel Annotations

Run kubectl describe for any Node in the Cluster and make note of the flannel Annotations included in the Node description.

kubectl describe nodes
...
flannel.alpha.coreos.com/backend-data:'{"VtepMAC":"<mac-address>"}'
flannel.alpha.coreos.com/backend-type: 'vxlan'
flannel.alpha.coreos.com/kube-subnet-manager: 'true'
flannel.alpha.coreos.com/public-ip: <node-ip-address>
...

Create a Kubernetes Node for the BIG-IP device

  1. Create a “dummy” Kubernetes Node resource.

    Include all of the flannel Annotations. Define the backend-data and public-ip Annotations with data from the BIG-IP VXLAN:

    flannel.alpha.coreos.com/backend-data:'{"VtepMAC":"<BIG-IP_mac-address>"}'

    flannel.alpha.coreos.com/public-ip: <BIG-IP_vtep-address>

    (This is the IP address you assigned to the VXLAN tunnel).

    apiVersion: v1
    kind: Node
    metadata:
      name: bigip
      annotations:
        # Provide the MAC address of the BIG-IP VXLAN tunnel
        flannel.alpha.coreos.com/backend-data: '{"VtepMAC":"ab:12:cd:34:ef:56"}'
        flannel.alpha.coreos.com/backend-type: "vxlan"
        flannel.alpha.coreos.com/kube-subnet-manager: "true"
        # Provide the IP address you assigned as the BIG-IP VTEP
        flannel.alpha.coreos.com/public-ip: 172.16.1.3
    spec:
      # Define the flannel subnet you want to assign to the BIG-IP device.
      # Be sure this subnet does not collide with any other Nodes' subnets.
      podCIDR: 10.129.3.0/24
    

    f5-kctlr-bigip-node.yaml

  2. Upload the Node resource to the Kubernetes API server.

    kubectl create -f f5-kctlr-bigip-node.yaml
    
  3. Verify creation of the Node.

    kubectl get nodes
    NAME           STATUS    AGE       VERSION
    bigip          NotReady  5m        v1.7.5
    k8s-master-0   Ready     2d        v1.7.5
    k8s-worker-0   Ready     2d        v1.7.5
    k8s-worker-1   Ready     2d        v1.7.5
    

What’s Next

Now that your BIG-IP device is part of the Cluster network, you’ll need to Deploy the BIG-IP Controller.

See also

  • If you’re having trouble with your network setup, see Network troubleshooting. (This troubleshooting issue references the OpenShift Cluster Network, but the concepts are the same.)
  • If you get a traffic group configuration error when trying to create a virtual server with an iApp, see Troubleshoot Your Kubernetes Deployment.