Add BIG-IP device to OpenShift Cluster Network

This document provides step-by-step instructions for integrating a standalone BIG-IP device into an OpenShift Cluster Network.

Complete the following tasks to add a BIG-IP device to an OpenShift cluster network.

Task Summary
Step Task

Create a Node for the BIG-IP device:

Set up the BIG-IP system:

Create a Node for the BIG-IP device

OpenShift SDN uses custom Annotations to identify Nodes as part of the Cluster network.

  • pod.network.openshift.io/fixed-vnid-host: "0"
  • pod.network.openshift.io/assign-subnet: "true"

When you include these Annotations in a HostSubnet manifest, the SDN recognizes the new Node and allocates a subnet to it.

Create a HostSubnet

Define a HostSubnet manifest using valid YAML or JSON.

For the hostIP, provide an IP address from the BIG-IP network that will support the VXLAN overlay.

apiVersion: v1
kind: HostSubnet
metadata:
  name: f5-bigip-01
  annotations:
    pod.network.openshift.io/fixed-vnid-host: "0"
    pod.network.openshift.io/assign-subnet: "true"
# provide a name for the BIG-IP device's host Node
host: f5-bigip-node-01
# Provide an IP address to serve as the BIG-IP VTEP in the OpenShift SDN
hostIP: 172.16.1.28

HostSubnet - BIG-IP Standalone

Upload the Host Subnet to the OpenShift API server

Use the oc create command to upload the HostSubnet file(s) to the OpenShift API server.

oc create -f f5-kctlr-openshift-hostsubnet.yaml
hostsubnet "f5-bigip-01" created

Verify creation of the HostSubnet(s)

Important

Note the subnet that the OpenShift SDN assigned to the BIG-IP host Node.

oc get hostsubnet
NAME                  HOST                  HOST IP         SUBNET
f5-big-ip             f5-bigip-node         172.16.1.28     10.129.2.0/14

Set up the BIG-IP system

Important

The steps in this section require either Administrator or Resource Administrator permissions on the BIG-IP system.

Create a VXLAN tunnel

  1. Create a BIG-IP VXLAN profile with flooding-type multi-point.

    create /net tunnels vxlan ose-vxlan flooding-type multipoint
    
  2. Create a BIG-IP VXLAN tunnel.

    • Set the local-address to the BIG-IP HostSubnet’s hostIP address.
    • Set the key to 0 to grant the BIG-IP device access to all OpenShift projects and subnets.
    create /net tunnels tunnel openshift_vxlan key 0 profile ose-vxlan local-address 172.16.1.28
    

Create a self IP in the VXLAN

Create a self IP address in the VXLAN tunnel.

  • The self IP range must fall within the cluster subnet mask. Use the command oc get clusternetwork to find the correct subnet mask for your cluster.
  • If you use the BIG-IP configuration utility to create a self IP, you may need to provide the full netmask instead of the CIDR notation.
create /net self 10.129.2.3/14 allow-service none vlan openshift_vxlan

Create a floating self IP in the VXLAN

Create a floating IP address on the BIG-IP device. Use an IP address from the subnet that the OpenShift SDN allocated to the BIG-IP’s HostSubnet.

create /net self 10.129.2.4/14 allow-service none traffic-group traffic-group-1 vlan openshift_vxlan

Note

By default, the BIG-IP Controller uses BIG-IP Automap SNAT for all of the virtual servers it creates. From k8s-bigip-ctlr v1.5.0 forward, you can designate a specific SNAT pool in the Controller Deployment instead of using SNAT automap.

In environments where the BIG-IP connects to the Cluster network, the self IP used as the BIG-IP VTEP serves as the SNAT pool for all origin addresses within the Cluster. The subnet mask you provide when you create the self IP defines the addresses available to the SNAT pool.

Verify creation of the BIG-IP objects

You can use a TMOS shell or the BIG-IP configuration utility to verify object creation.

show /net tunnels tunnel openshift_vxlan
show /net running-config self 10.129.2.3/14
show /net running-config self 10.129.2.4/14

See also

If you’re having trouble with your network setup, see Network troubleshooting.