Install BIG-IP Next for Kubernetes¶

The BIG-IP Next for Kubernetes is deployed through the application of the BnkGatewayClass CR, which allows users to specify the desired state of the BIG-IP Next for Kubernetes cluster. The F5 Lifecycle Operator (FLO) utilizes this BnkGatewayClass CR as an input file to instantiate the BIG-IP Next for Kubernetes component CRs, which deploy the necessary BIG-IP Next for Kubernetes pods with predefined configurations. At the same time, the IPAM Operator utilizes the IPAM Controller CR, created by FLO, as an input file to deploy the IPAM Controller. For information on the bnkgatewayclass spec parameters featured in this example, or for a comprehensive list of available parameters that a user can use to define the desired state of BIG-IP Next for Kubernetes, see [bnkgatewayclass CRD parameters](# to be added).

Note: By default, the BNKGatewayClass CR deployment will install the product in the default namespace. However, this approach is not recommended. It is expected that customers provide a non-default tenant namespace when installing the FLO helm-chart. This will ensure that FLO is deployed in the designated user-provided tenant namespace. It is important that the BNKGatewayClass CR is also deployed in the same tenant namespace.

Prerequisites¶

Before you install BIG-IP Next for Kubernetes, ensure that the following prerequisites are met:

Perform helm login and apply FAR secret to pull the artifacts from FAR. For more information, see Artifacts via F5 Artifact Registry (FAR).
Configure cert-manager to create certificates for secure communication between pods, see Cert Manager.
Create self-signed CA secret and clusterissuer, see Cert Manager.
Obtained the JWT for this cluster from your MyF5 account.
Create far-secret in default, f5-operators, f5-utils or the namespace where you choose to install the product, see Create FAR secret in namespaces.
Create storageclass, see Storage Class.
Create Multus Network Attachment Definition.

Apply BnkGatewayClass CR¶

Create a file named bnkgatewayclass-cr.yaml with the following configuration.

apiVersion: k8s.f5.com/v1
kind: BNKGatewayClass
metadata:
  labels:
    app.kubernetes.io/name: f5-lifecycle-operator
    app.kubernetes.io/managed-by: kustomize
  name: bnkgatewayclass-sample
spec:
  manifestVersion: "2.0.0-1.7.8-0.3.37"
  containerPlatform: Generic
  telemetry:
    loggingSubsystem:
      enabled: true
    metricSubsystem:
      enabled: true
  certificate:
    clusterIssuer: sample-issuer
  deploymentSize: "Small"
  image:
    repository: "repo.f5.com/images"
    imagePullSecrets:
    - name: far-secret
    imagePullPolicy: Always
  networkAttachments:
  - sf-external
  - sf-internal
     
  # Features
  # CSRC Egress
  pseudoCNI:
    enabled: true
  # BGP
  dynamicRouting:
    enabled: true
  # Core dump files
  coreCollection:
    enabled: true
  # AFM
  firewallACL:
    enabled: true
 
  advanced:
    demoMode:
      enabled: false
    maintenanceMode:
      enabled: false
    pseudoCNI:
      env:
      - name: "EXCLUDE_CIDR"
        value: "100.96.8.0/11,100.96.0.0/11"
    #tmm:
    #  env:
    #  - name: "TMM_CALICO_ROUTER"
    #    value: "default"
    #  - name: "TMM_LOG_LEVEL"
    #    value: "Debug" 
 
    #firewallACL:
    #  env:
    #  -name: "LOG_LEVEL"
    #   value: "info"
 
    #cwc:
    #  env:

Before applying the BIG-IP Next for Kubernetes GatewayClass CR, ensure to modify the bnkgatewayclass-cr with the correct values for the below listed parameters. For a comprehensive list of available parameters that a user can use to define the desired state of BIG-IP Next for Kubernetes, see bnkgatewayclass CRD parameters.
- If you opt to use your local registry to pull the artifacts, make sure to update the repository parameter.
- Update the imagePullSecrets.name with actual secret to download artifacts from the registry, see Create FAR secret.
- Ensure that the certificate.clusterIssuer parameter in bnkgatewayclass-cr.yaml is properly updated with the metadata.name value of the cluster issuer, see Configure Cert Manager.
- Update the tmm.env.name if your cluster has calico CNI.
- Update the spec.containerPlatform with Generic.
- Ensure that the Network Attachment Definition is created in the same namespace where you plan to install FLO and BIG-IP Next for Kubernetes, see Multus Network Attachment Definition.
Apply the BnkGatewayClass CR to install BIG-IP Next for Kubernetes.
```
kubectl apply -f bnkgatewayclass-cr.yaml
```
The BIG-IP Next for Kubernetes is configured as defined in the BnkGatewayClass custom resource (CR) for the following configurations:
- telemetry.loggingSubsystem (Enabled by default):
  - Enables Fluent Bit sidecar for each component. For more information, see Fluent bit sidecar.
  - Enables Fluentd deployment.
- telemetry.metricSubsystem (Enabled by default):
  - Enables toda-tmstats container in the TMM pod. For more information, see Distributed Toda for Stats Aggregation.
  - Enables OpenTelemetry Collector deployment.
  - Enables Observer-Operator deployment.
  - Enables Observer and Observer-Receiver StatefulSet.
- pseudoCNI (Enabled by default):
  - Enables CSRC DaemonSet. For more information, see CSRC.
- dynamicRouting (Enabled by default):
  - Enables tmm-routing and tmrouted containers in the TMM pod.
  - Updates the f5-tmm-dynamic-routing-template ConfigMap for ZebOS configurations. For more information, see ZebOS ConfigMaps.
- coreCollection (Enabled by default):
  - Enables coremond DaemonSet. For more information, see BIG-IP Next for Kubernetes Coremond
- firewallACL (Enabled by default):
  - Enables AFM deployment.
  - Enables blobd sidecar in the TMM pod.
- demoMode:
  - Requires minimal resources for TMM (single thread, without HugePages and SR-IOV resources).
- maintenanceMode:
  - Allows manual editing of the resources. Disabling this mode will revert all manual changes.
- deploymentSize (Small | Medium | Large | Max):
  - TMM is deployed with deployment size, Small. For more information, see <Link to BnkGatewayClass CRD Parameters>

Check the BIG-IP Next for Kubernetes pods status.

kubectl get pods

Sample Output:

NAME                                         READY   STATUS    RESTARTS   AGE
f5-afm-6c67b7847d-mtw5q                      2/2     Running   0          102m
f5-cne-controller-686995cb98-jw4tp           4/4     Running   0          102m
f5-ipam-operator-598996c48b-h7jpm            1/1     Running   0          102m
f5-observer-0                                2/2     Running   0          102m
f5-observer-operator-9fc5cc595-5c5pw         2/2     Running   0          102m
f5-observer-receiver-0                       2/2     Running   0          102m
f5-tmm-zpqld                                 7/7     Running   0          102m
flo-f5-lifecycle-operator-66467b5bc5-zbtqq   2/2     Running   0          102m
otel-collector-77bd8dc574-lftjc              1/1     Running   0          102m

Check the BIG-IP Next for Kubernetes pods status running in f5-utils namespace.

kubectl get pods -n f5-utils

NAME                               READY   STATUS    RESTARTS   AGE
f5-coremond-2ghll                  2/2     Running   0          102m
f5-coremond-7vkcp                  2/2     Running   0          102m
f5-crdconversion-9c57f598b-6wdcw   2/2     Running   0          102m
f5-dssm-db-0                       3/3     Running   0          102m
f5-dssm-db-1                       3/3     Running   0          101m
f5-dssm-db-2                       3/3     Running   0          100m
f5-dssm-sentinel-0                 3/3     Running   0          102m
f5-dssm-sentinel-1                 3/3     Running   0          101m
f5-dssm-sentinel-2                 3/3     Running   0          100m
f5-ipam-ctlr-6bcf96585-gwp2j       2/2     Running   0          102m
f5-rabbit-6dd774fcd4-gnz8b         2/2     Running   0          102m
f5-spk-csrc-tfjh2                  2/2     Running   0          102m
f5-spk-cwc-76dfc9bd55-4j4cf        3/3     Running   0          102m
f5-toda-fluentd-855f54df8c-46x6k   1/1     Running   0          102m

Related Topics

Previous Next