CNI Configuration

This section describes how you can configure various CNIs with BIG-IP Next and BIG-IP Next CIS.

Static Route Support

Support for CIS to configure static routes in the BIG-IP Next through BIG-IP Next Central Manager with node subnets assigned to the nodes in the OpenShift/Kubernetes cluster. This enables direct routing from BIG-IP Next to Kubernetes Pods in cluster mode without requiring VXLAN tunnel configuration on BIG-IP Next.

Currently Static routes are supported with OVNKubernetes CNI and Flannel CNI.

Configuration

Note

Any changes to the CNI configuration after the installation requires CIS restart.

CNI can be configured in DeployConfig CR. Following is an example of configuring the static routing in BIG-IP Next CIS for ovn-k8s CNI:

spec:

   networkConfig:

      orchestrationCNI: ovn-k8s

      metaData:

         poolMemberType: auto

         networkCIDR: "10.1.0.0/16"

         staticRoutingMode: true

Note

  • Here, networkCIDR is an optional parameter and required if your nodes are using multiple network interfaces.
  • If you are changing the networkConfig, F5 recommends you restart the BIG-IP Next CIS controller so that changes can take effect.

Troubleshooting

In the case where static routes are not added, along with looking at BIG-IP Next CIS logs, check the following annotations to verify if the CNI is properly assigning podcidr and nodeip to the node.

Steps

  • kubectl describe node <nodename>.
  • Refer to the below table for annotations based on CNI configurations. BIG-IP Next CIS uses these annotations to read PodCIDR and nodeIP allocated to the node to create route records dynamically on the BIG-IP Next.
CNI Configured Annotations/Spec Required Description
ovn-k8s
OVNK8sNodeSubnetAnnotation =
“k8s.ovn.org/node-subnets”,OVNK8sNodeIPAnnotation = “k8s.ovn.org/node-primary-ifaddr” by default or OVNK8sNodeIPAnnotation = “k8s.ovn.org/host-addresses” if –static-route-node-cidr is configured in CIS deployment args.
k8s.ovn.org/node-subnets is PodCIDR allocated to the node.
node-primary-ifaddr should have nodeip reachable from the BIG-IP Next
flannel (default)
PodCIDR from node.Spec.PodCIDR, nodeIP from
node.Status.Addresses
PodCIDR is parsed from the node manifest using field node.Spec.
PodCIDR and nodeip is parsed using the field node.Status.Addresses

Note

To provide feedback on Container Ingress Services or this documentation, please file a GitHub Issue.