Cloud Docs Home > F5 Application Services Proxy Index

Install the ASP in Kubernetes

The Application Services Proxy, or ASP, runs on each node in a Kubernetes Cluster. Create a ConfigMap to configure the ASP; then, create a DaemonSet to run the ASP in a pod on each node in your cluster.

Initial Setup

Before you deploy the Application Services Proxy, complete the following tasks:

  1. Accept the Terms of Service in Docker Store.

  2. Create a Secret containing your Docker login credentials (required to pull the asp image from Docker Store).

    Kubernetes’ documentation provides instructions for creating the Secret:

    Important

    • If you encounter an error when logging in to Docker, you may need to use sudo: sudo docker login.
    • You must create the Secret in the kube-system namespace so the ASP can find it.
  3. Set up the ASP ephemeral store. [1]

  4. Find the unique identifier(s) for each node in the Cluster (for example, the Node IP). You’ll need to provide this information in the ASP ConfigMap if you want to set up health checks.

    $ kubectl get nodes -o 'custom-columns=IP:.spec.externalID'
    IP
    172.16.1.3
    172.16.1.5
    172.16.1.6
    

Set up and launch the ASP

The ASP consists of a ConfigMap and a DaemonSet. The former contains the ASP’s Global and orchestration configuration parameters. The latter launches and manages a set of Pods running the ASP application. You can define both resources in a single YAML file.

Important

  • You can use the ASP with or without ASP health monitors and health sharding. [2]

    The example shown below includes the sections pertaining to health sharding (highlighted). Click the link below to download an example that excludes these sections.

    f5-asp-k8s-no-health-sharding.yaml

  • Be sure to include the Secret containing your Docker login credentials in the DaemonSet.

  1. Define the ASP resources.

      1
      2
      3
      4
      5
      6
      7
      8
      9
     10
     11
     12
     13
     14
     15
     16
     17
     18
     19
     20
     21
     22
     23
     24
     25
     26
     27
     28
     29
     30
     31
     32
     33
     34
     35
     36
     37
     38
     39
     40
     41
     42
     43
     44
     45
     46
     47
     48
     49
     50
     51
     52
     53
     54
     55
     56
     57
     58
     59
     60
     61
     62
     63
     64
     65
     66
     67
     68
     69
     70
     71
     72
     73
     74
     75
     76
     77
     78
     79
     80
     81
     82
     83
     84
     85
     86
     87
     88
     89
     90
     91
     92
     93
     94
     95
     96
     97
     98
     99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    110
    111
    112
    113
    114
    115
    116
    117
    118
    119
    120
    121
    kind: ConfigMap
    apiVersion: v1
    metadata:
      name: f5-asp-config
      namespace: kube-system
    data:
      asp.config.json: |
        {
          "global": {
            "console-log-level": "info",
            "ephemeral-store": {
              # Cluster IP address of the ephemeral store Service
              "host": "<ephemeral-store-service_cluster-IP>",
              "port": 8087,
              // required for ASP health sharding
              "components": {
                "health": {
                  "nodes": [
                    // Provide the Node ID for each node the ASP daemonset will run on
                    "172.16.1.3",
                    "172.16.1.5",
                    "172.16.1.6",
                    "<...>"
                  ],
                  "replication-count": 2
                }
              }
            }
          },
          "orchestration": {
            "kubernetes": {
              "config-file": "/var/run/kubernetes/proxy-plugin/service-ports.json",
              "poll-interval": 500
            }
          },
          "stats": {
              "url": "<splunk_url>",
              "token": "<splunk_auth_token>",
              "flush-interval": 10000,
              "backend": "splunk"
            }
        }
    ---
    apiVersion: extensions/v1beta1
    kind: DaemonSet
    metadata:
      name: f5-asp
      namespace: kube-system
    spec:
      template:
        metadata:
          labels:
            name: f5-asp
        spec:
          hostNetwork: true
          containers:
            - name: f5-asp
              image: "store/f5networks/asp:1.1.0"
              args:
                # config-file corresponds to the "asp.config.json" section
                # of the ConfigMap containing the global ASP configurations
                # DO NOT CHANGE
                - --config-file
                - /etc/configmap/asp.config.json
              securityContext:
                privileged: false
              # Required for ASP health data sharding
              env:
              - name: ASP_HEALTH_NODE_ID
                valueFrom:
                  fieldRef:
                    # K8s will supply the value for this field using
                    # one of the Node IDs provided in the ASP global ConfigMap
                    fieldPath: spec.nodeName
              volumeMounts:
              # mount a new directory
              - name: plugin-config
                # the path the directory will be added to; DO NOT CHANGE
                mountPath: /var/run/kubernetes/proxy-plugin
                readOnly: true
              # mount a new directory
              - name: asp-config
                # the path the directory will be added to; DO NOT CHANGE
                mountPath: /etc/configmap
              # mount a directory for the ephemeral store user
              - name: user-asp
                # the path the directory will be added to; DO NOT CHANGE
                # the user certificate and key are mounted at this location
                mountPath: /ephemeral-store-certs/myuser
                readOnly: true
              # mount a directory for the ephemeral store Root
              - name: rootca-cert
                # the path the directory will be added to; DO NOT CHANGE
                mountPath: /ephemeral-store-certs/rootca-cert
                readOnly: true
          # For Kubernetes v1.6.x and higher add toleration to make asp
          # run on master node. For Kubernetes v1.4.x remove toleration
          tolerations:
            - effect: NoSchedule
              key: node-role.kubernetes.io/master
          volumes:
            - name: plugin-config
              hostPath:
                path: /var/run/kubernetes/proxy-plugin
            - name: asp-config
              # replace with name of your ASP ConfigMap
              configMap:
                name: f5-asp-config
            - name: user-asp
              secret:
                # The Kubernetes Secret containing the ephemeral store user's
                # certificate and key
                secretName: ephemeral-store-user-myuser
            - name: rootca-cert
              # The Kubernetes Secret containing the Root certificate and key
              secret:
                secretName: ephemeral-store-user-rootca-cert
          # provide the name of the Secret containing the Docker login credentials
          # REQUIRED TO PULL THE ASP IMAGE FROM DOCKER STORE
          imagePullSecrets:
            - name: <my-docker-secret>
    

    f5-asp-k8s-example-daemonset.yaml

  2. Upload the resources to the Kubernetes API server.

    $ kubectl create -f f5-asp-k8s.yaml
    configmap "f5-asp-config" created
    daemonset "f5-asp" created
    
  3. Verify creation of the resources.

    Listing 1 ASP ConfigMap
    $ kubectl get configmap f5-asp-config -o yaml --namespace kube-system
    apiVersion: v1
    data:
      asp.config.json: |
        {
          "global": {
            "console-log-level": "info",
            "ephemeral-store": {
              # Cluster IP address of the ephemeral store Service
              "host": "10.2.11.4",
              "port": 8087
              "components": {
                "health": {
                  "nodes": [
                    # values should match the node name/IP on which the ASP daemonset will be running.
                    "172.16.1.3",
                    "172.16.1.5"
                  ]
                  "replication-count": 2
                }
              }
            }
          },
          "orchestration": {
            "kubernetes": {
              "config-file": "/var/run/kubernetes/proxy-plugin/service-ports.json",
              "poll-interval": 500
            }
          }
          "stats": {
            "url": "<splunk_url>",
            "token": "<splunk_auth_token>",
            "flush-interval": 10000,
            "backend": "splunk"
          }
        }
    kind: ConfigMap
    metadata:
      creationTimestamp: 2017-09-29T16:28:00Z
      name: f5-asp-config
      namespace: kube-system
      resourceVersion: "151448"
      selfLink: /api/v1/namespaces/kube-system/configmaps/f5-asp-config
      uid: 290f8517-a533-11e7-8fb7-fa163e4bc92a
    

    Listing 2 ASP Pods
    $ kubectl get pods --namespace kube-system -o wide
    NAME                                  READY     STATUS    RESTARTS   AGE       IP            NODE
    f5-asp-2uore                          1/1       Running   0          55m       172.16.1.21   172.16.1.21
    f5-asp-r4e94                          1/1       Running   0          55m       172.16.1.19   172.16.1.19
    k8s-bigip-ctlr-1439955937-fkfb2       1/1       Running   0          1d        10.2.5.3      172.16.1.21
    kube-apiserver-172.16.1.19            1/1       Running   0          11d       172.16.1.19   172.16.1.19
    kube-controller-manager-172.16.1.19   1/1       Running   0          11d       172.16.1.19   172.16.1.19
    kube-dns-v11-mp8ts                    4/4       Running   0          2d        10.2.5.2      172.16.1.21
    kube-proxy-172.16.1.19                1/1       Running   7          12m       172.16.1.19   172.16.1.19
    kube-proxy-172.16.1.21                1/1       Running   11         4m        172.16.1.21   172.16.1.21
    kube-scheduler-172.16.1.19            1/1       Running   0          11d       172.16.1.19   172.16.1.19
    kubernetes-dashboard-172.16.1.19      1/1       Running   2          11d       172.16.1.19   172.16.1.19
    

    Note

    • You should see one (1) f5-asp instance and one (1) kube-proxy instance for each node in the cluster.
    • The ASP instances may display an error status if all of the Ephemeral Store Pods haven’t successfully launched yet. These errors will resolve once all Pods are online.

Next Steps

Footnotes

[1]Required as of asp v1.1.0.
[2]In Kubernetes, one (1) ASP instance runs on every node. All instances share the same set of global configurations. This means every ASP instance will send probes to every node in the cluster. Health sharding reduces the number of redundant health probesby assigning a range of endpoints to each instance. F5 recommends using health sharding to reduce the amount of redundant probes across the cluster.