F5 Container Integrations

Current Page

Cloud Foundry

Kubernetes / OpenShift

Mesos Marathon

Support

Troubleshooting

Tutorials


View related articles on DevCentral

Cloud Docs Home > F5 Container Integrations Index

Add BIG-IP device to OpenShift Cluster Network

This document provides step-by-step instructions for integrating a BIG-IP device into an OpenShift Cluster Network. If you are already using the OpenShift F5 Router, see Replace the OpenShift F5 Router with the BIG-IP Controller.

Complete the following tasks to add a BIG-IP device to an OpenShift cluster network.

Task Table
Step Task
Add the BIG-IP Device to OpenShift SDN

Set up the BIG-IP system:

Add the BIG-IP Device to OpenShift SDN

OpenShift SDN uses custom Annotations to identify Nodes as part of the Cluster network. Include the Annotations shown below in a HostSubnet manifest to allocate a subnet for the BIG-IP device.

pod.network.openshift.io/fixed-vnid-host: "0"

pod.network.openshift.io/assign-subnet: "true"

  1. Create a HostSubnet manifest.

    Define the hostIP with a self IP address from the BIG-IP network that will support the VXLAN overlay.

    apiVersion: v1
    kind: HostSubnet
    metadata:
      name: big-ip
      annotations:
        pod.network.openshift.io/fixed-vnid-host: "0"
        pod.network.openshift.io/assign-subnet: "true"
    # provide a name for the BIG-IP device's host
    host: f5-server
    # Provide an IP address to serve as the BIG-IP VTEP in the OpenShift SDN
    hostIP: 172.16.1.28
    

    f5-kctlr-openshift-hostsubnet.yaml

  2. Upload the Host Subnet to the OpenShift API server.

    oc create -f f5-kctlr-openshift-hostsubnet.yaml
    
  3. Verify creation of the HostSubnet and note the assigned subnet.

    oc get hostsubnet
    NAME                  HOST                  HOST IP         SUBNET
    big-ip                f5-server             172.16.1.28     10.129.2.0/23
    master.internal.net   master.internal.net   172.16.1.10     10.129.0.0/23
    node1.internal.net    node1.internal.net    172.16.1.24     10.130.0.0/23
    node2.internal.net    node2.internal.net    172.16.1.25     10.128.0.0/23
    

Set up the BIG-IP system

Important

The steps in this section require either Administrator or Resource Administrator permissions on the BIG-IP system.

Create a VXLAN tunnel

  1. Create a BIG-IP VXLAN profile with flooding-type multi-point.

    create /net tunnels vxlan vxlan-mp flooding-type multipoint
    
  2. Create a BIG-IP VXLAN tunnel.

    • Set the local-address to the same IP address you used for the OpenShift HostSubnet hostIP.
    • Set the key to 0 to grant the BIG-IP device access to all OpenShift projects and subnets.

    create /net tunnels tunnel openshift_vxlan key 0 profile vxlan-mp local-address 172.16.1.28
    

Create a self IP in the VXLAN

Create a self IP address in the VXLAN tunnel. Use an address from the subnet allocated by the OpenShift SDN.

create /net self 10.129.2.3/23 allow-service none vlan openshift_vxlan

Important

  • The subnet mask you assign to the self IP must match that of the subnet assigned by the OpenShift SDN (in this example, /23).
  • When creating a self IP using the BIG-IP configuration utility instead of TMSH, you may need to provide the full netmask (for example, 255.255.254.0 instead of /23).
  • If you do not specify a traffic group, the self IP will use the BIG-IP system’s default.

Create a floating self IP in the VXLAN

Create a floating IP address in the subnet assigned by the OpenShift SDN.

create /net self 10.129.2.4/23 allow-service none traffic-group traffic-group-1 vlan openshift_vxlan

Note

All virtual servers created by the BIG-IP Controller use the BIG-IP SNAT automap feature, which prefers floating IP addresses over static IPs. See BIG-IP SNATs and SNAT automap for more information.

Verify creation of the BIG-IP objects

You can use a TMOS shell or the BIG-IP configuration utility to verify object creation.

show /net tunnels tunnel openshift_vxlan
show /net running-config self 10.129.2.3/23
show /net running-config self 10.129.2.4/23

You should now be able to successfully send traffic through the BIG-IP system to and from endpoints within your OpenShift Cluster.

What’s Next

See also

If you’re having trouble with your network setup, see Network troubleshooting.