Install the FIC

Prerequisites

  • Refer to the Prerequisites to install Container Ingress Services on OpenShift.

  • For Infoblox as provider, configure Infoblox with network and netview. See Infoblox documentation for more information.

  • Create persistent volume and persistent volume claim for static f5-ipam provider with the following command:

    oc apply -f https://raw.githubusercontent.com/F5Networks/f5-ipam-controller/main/docs/config_examples/f5-ip-provider/localstorage-pv-pvc-example.yaml

Install Using Operator

An Operator is a method of packaging, deploying, and managing a Kubernetes application. A Kubernetes application is an application that is both deployed on Kubernetes and managed using the Kubernetes APIs and kubectl/oc tooling. You can think of Operators as the runtime that manages this type of application on Kubernetes. Conceptually, an Operator takes human operational knowledge and encodes it into software that is more easily packaged and shared with consumers.

The F5 IPAM (f5-ipam-controller) is a cloud-native connector that can use either Kubernetes or OpenShift as an orchestration platform. F5 IPAM Operator is a Service Operator which installs F5 IPAM Controller on OpenShift platforms 4.x.

  1. Open the OCP web console and within the OCP web console, in the left Menu bar, click Operator Hub and search for “f5” to see the Certified F5 IPAM Operator.

    _images/ipam-step1.png
  2. Click F5 IPAM Controller > Install to go through the guided installation process.

    _images/ipam-step2.png
  3. Select the channel, installation mode, and approval strategy for operator.

    When Operator is Subscribed, Operator is installed based on approval strategy. The default approval strategy is Automatic.

    • Manual: Requires administrator approval to install new updates.
    • Automatic: Updated automatically when a new release is available.
    _images/ipam-step3.png
  4. Once the Operator is installed, create a F5IpamCtlr instance.

    _images/ipam-step4.png
  5. Select the YAML format for creating the F5IpamCtlr instance and update the operator parameters in the YAML file as follows:

    _images/ipam-step5.png

    Note

    Please refer the Chart’s parameters below for Spec definition of F5IPamCtlr Resource.

  6. You can see the created resource below.

    _images/ipam-step6.png

    Note

    One F5IPamCtlr Resource is sufficient for all the CIS deployments in a cluster.

Install the FIC Using Helm Charts

This is the simplest way to install FIC on an OpenShift/Kubernetes cluster. Helm is a package manager for Kubernetes. Helm is Kubernetes version of yum or apt. Helm deploys something called charts, which you can think of as a packaged application. It is a collection of all your versioned, pre-configured application resources which can be deployed as one unit. This chart creates a Deployment for one Pod containing the F5 IPAM Controller, it’s supporting RBAC, and Service Account.

Prerequisites

  • Refer to the BIG-IP Next CIS Prerequisites to install Container Ingress Services on Kubernetes or Openshift.
  • Helm 3 should be installed.
  • If you are using Infoblox as provider, configure Infoblox with network and netview. See Infoblox documentation for more information.
  • Create persistent volume and persistent volume claim for static f5-ipam provider, use the command oc apply -f https://raw.githubusercontent.com/F5Networks/f5-ipam-controller/main/docs/config_examples/f5-ip-provider/localstorage-pv-pvc-example.yaml.

Installing the Chart

  1. Add the FIC chart repository in Helm using following command:

    helm repo add f5-ipam-stable https://f5networks.github.io/f5-ipam-controller/helm-charts/stable
    
  2. Create values.yaml.

  3. Install the Helm chart using the following command:

    helm install -f values.yaml <new-chart-name> f5-ipam-stable/f5-ipam-controller
    

Chart Parameters

Parameter Required Default Description
rbac.create Optional true Create ClusterRole and ClusterRoleBinding.
serviceAccount.name Optional f5-ipam-controller-serviceaccount Name of the ServiceAccount for FIC controller.
serviceAccount.create Optional true Create service account for the FIC controller.
namespace Optional kube-system Name of namespace FIC lives and watches for IPAM resources.
image.user Optional f5networks FIC Controller image repository username.
image.repo Optional f5-ipam-controller FIC Controller image repository name.
image.pullPolicy Optional Always FIC Controller image pull policy.
image.version Optional N/A FIC Controller image tag.
pvc.name Optional -f5-ipam-controller Name of the persistent volume claim for FIC controller.
pvc.create Optional false Create persistent volume claim for FIC controller.
pvc.storageClassName Optional N/A Name of the storage class.
pvc.accessMode Optional ReadWriteOnce Access mode for the volume.
pvc.storage Optional N/A Required storage for FIC controller volume.
volume.mountPath Optional N/A Mount Path that the controller places the DB file.
volume.mountName Optional N/A Name of the volume mounted.
nodeSelector Optional N/A Dictionary of Node selector labels.
tolerations Optional N/A Array of labels.
limits_cpu Optional 100m CPU limits for the pod.
limits_memory Optional 512Mi Memory limits for the pod.
requests_cpu Optional 100m CPU request for the pod.
requests_memory Optional 512Mi Memory request for the pod.
affinity Optional N/A Dictionary of affinity.
securityContext Optional N/A Dictionary of securityContext.
updateStrategy Optional RollingUpdate
Update strategy for FIC Controller Deployment. For
Example: RollingUpdate and Recreate

See the FIC documentation for a full list of args supported for FIC Configuration Options.

Important

Helm value names cannot include the character - which is commonly used in the names of parameters passed to the controller. To accomodate Helm, the parameter names in values.yaml use _ and then replace them with - ``when rendering. For example: ``args.ip_range is rendered as ip-range as required by the FIC Controller.

Uninstall the Helm Chart

Run the following command to uninstall the chart.

helm **del** <new-chart>

Install the FIC Manually

Install the RBAC

Download the RBAC required and Install the RBAC for FIC Controller.

kubectl create -f clusterrole.yaml

Configuring the Static IPAM

When IPAM controller is configured for Static IPAM using default ipam-provider, it uses lightweight sqliteDB for IP address management.

Use Kubernetes volume mounts to maintain persistent IP addresses during a restart or replacement of the F5 IPAM Controller container.

You can use any of the persistent storage options supported by Kubernetes.

The following examples showcase local persistent storage. Ensure mount directory (/tmp/localstorage in the example below) is present on the node.

Note

  • Users must review security aspects and limitations with each of the storage options as per their requirements.
  • Local storage ties your application to a specific node as mentioned in nodeAffinity of persistentVolume.
  1. Create the persistenceVolume and persistenceVolumeClaim.

    kubectl create -f https://github.com/F5Networks/f5-ipam-controller/raw/main/docs/config_examples/f5-ip-provider/localstorage-pv-pvc-example.yaml
    
  2. Download the sample FIC deployment file.

    • Configuring Static IPAM with ipv4.

      wget https://github.com/F5Networks/f5-ipam-controller/raw/main/docs/config_examples/f5-ip-provider/ipv4-addr-range-default-provider-deployment.yaml
      -o sample-fic-ctlr.yaml
      
    • Configuring Static IPAM with ipv6.

      wget https://github.com/F5Networks/f5-ipam-controller/raw/main/docs/config_examples/f5-ip-provider/ipv4-addr-range-default-provider-deployment.yaml
      -o sample-fic-ctlr.yaml
      

      Note

      • Use securityContext to modify mount directory permissions.
      • Do not modify 1200 as it is the UID of IPAM Controller user.
      • Update the IPAM deployment with volumeMount and securityContext.
  3. Update the sample deployment file with required image and parameters and install the FIC Controller.

    kubectl create -f sample-fic-ctlr.yaml
    

See also Deploying F5 IPAM Controller for more information.

Configure the FIC with Infoblox

  1. Download the sample FIC deployment file.

    wget https://github.com/F5Networks/f5-ipam-controller/raw/main/docs/config_examples/infoblox/infoblox-deployment.yaml
    -o sample-fic-ctlr.yaml
    
  2. Update the sample deployment file with required image and parameters and install the FIC Controller.

    kubectl create -f sample-fic-ctlr.yaml
    

See also F5 IPAM Controller and CIS using Infoblox IPAM Integration for more information.

Uninstalling FIC Manually

To uninstall FIC, run the following commands:

kubectl delete -f sample-fic-ctlr.yaml
kubectl delete -f clusterrole.yaml

Optionally, Delete the persistenceVolume and persistenceVolumeClaim.

kubectl delete -f https://github.com/F5Networks/f5-ipam-controller/raw/main/docs/config_examples/f5-ip-provider/localstorage-pv-pvc-example.yaml

Note

To provide feedback on Container Ingress Services or this documentation, please file a GitHub Issue.