Install the FIC¶
Prerequisites¶
Refer to the Prerequisites to install Container Ingress Services on OpenShift.
For Infoblox as provider, configure Infoblox with network and netview. See Infoblox documentation for more information.
Create persistent volume and persistent volume claim for static f5-ipam provider with the following command:
oc apply -f https://raw.githubusercontent.com/F5Networks/f5-ipam-controller/main/docs/config_examples/f5-ip-provider/localstorage-pv-pvc-example.yaml
Install Using Operator¶
An Operator is a method of packaging, deploying, and managing a Kubernetes application. A Kubernetes application is an application that is both deployed on Kubernetes and managed using the Kubernetes APIs and kubectl/oc tooling. You can think of Operators as the runtime that manages this type of application on Kubernetes. Conceptually, an Operator takes human operational knowledge and encodes it into software that is more easily packaged and shared with consumers.
The F5 IPAM (f5-ipam-controller) is a cloud-native connector that can use either Kubernetes or OpenShift as an orchestration platform. F5 IPAM Operator is a Service Operator which installs F5 IPAM Controller on OpenShift platforms 4.x.
Open the OCP web console and within the OCP web console, in the left Menu bar, click Operator Hub and search for “f5” to see the Certified F5 IPAM Operator.
Click F5 IPAM Controller > Install to go through the guided installation process.
Select the channel, installation mode, and approval strategy for operator.
When Operator is Subscribed, Operator is installed based on approval strategy. The default approval strategy is Automatic.
- Manual: Requires administrator approval to install new updates.
- Automatic: Updated automatically when a new release is available.
Once the Operator is installed, create a F5IpamCtlr instance.
Select the YAML format for creating the F5IpamCtlr instance and update the operator parameters in the YAML file as follows:
Note
Please refer the Chart’s parameters below for Spec definition of
F5IPamCtlr
Resource.You can see the created resource below.
Note
One
F5IPamCtlr
Resource is sufficient for all the CIS deployments in a cluster.
Install the FIC Using Helm Charts¶
This is the simplest way to install FIC on an OpenShift/Kubernetes cluster. Helm is a package manager for Kubernetes. Helm is Kubernetes version of yum or apt. Helm deploys something called charts, which you can think of as a packaged application. It is a collection of all your versioned, pre-configured application resources which can be deployed as one unit. This chart creates a Deployment for one Pod containing the F5 IPAM Controller, it’s supporting RBAC, and Service Account.
Prerequisites¶
- Refer to the BIG-IP Next CIS Prerequisites to install Container Ingress Services on Kubernetes or Openshift.
- Helm 3 should be installed.
- If you are using Infoblox as provider, configure Infoblox with network and netview. See Infoblox documentation for more information.
- Create persistent volume and persistent volume claim for static
f5-ipam provider, use the command
oc apply -f https://raw.githubusercontent.com/F5Networks/f5-ipam-controller/main/docs/config_examples/f5-ip-provider/localstorage-pv-pvc-example.yaml
.
Installing the Chart¶
Add the FIC chart repository in Helm using following command:
helm repo add f5-ipam-stable https://f5networks.github.io/f5-ipam-controller/helm-charts/stable
Create values.yaml.
Install the Helm chart using the following command:
helm install -f values.yaml <new-chart-name> f5-ipam-stable/f5-ipam-controller
Chart Parameters¶
Parameter | Required | Default | Description |
---|---|---|---|
rbac.create | Optional | true | Create ClusterRole and ClusterRoleBinding. |
serviceAccount.name | Optional | f5-ipam-controller-serviceaccount | Name of the ServiceAccount for FIC controller. |
serviceAccount.create | Optional | true | Create service account for the FIC controller. |
namespace | Optional | kube-system | Name of namespace FIC lives and watches for IPAM resources. |
image.user | Optional | f5networks | FIC Controller image repository username. |
image.repo | Optional | f5-ipam-controller | FIC Controller image repository name. |
image.pullPolicy | Optional | Always | FIC Controller image pull policy. |
image.version | Optional | N/A | FIC Controller image tag. |
pvc.name | Optional | -f5-ipam-controller | Name of the persistent volume claim for FIC controller. |
pvc.create | Optional | false | Create persistent volume claim for FIC controller. |
pvc.storageClassName | Optional | N/A | Name of the storage class. |
pvc.accessMode | Optional | ReadWriteOnce | Access mode for the volume. |
pvc.storage | Optional | N/A | Required storage for FIC controller volume. |
volume.mountPath | Optional | N/A | Mount Path that the controller places the DB file. |
volume.mountName | Optional | N/A | Name of the volume mounted. |
nodeSelector | Optional | N/A | Dictionary of Node selector labels. |
tolerations | Optional | N/A | Array of labels. |
limits_cpu | Optional | 100m | CPU limits for the pod. |
limits_memory | Optional | 512Mi | Memory limits for the pod. |
requests_cpu | Optional | 100m | CPU request for the pod. |
requests_memory | Optional | 512Mi | Memory request for the pod. |
affinity | Optional | N/A | Dictionary of affinity. |
securityContext | Optional | N/A | Dictionary of securityContext. |
updateStrategy | Optional | RollingUpdate |
|
See the FIC documentation for a full list of args supported for FIC Configuration Options.
Important
Helm value names cannot include the character -
which is commonly
used in the names of parameters passed to the controller. To
accomodate Helm, the parameter names in values.yaml use _
and then
replace them with - ``when rendering. For example: ``args.ip_range
is
rendered as ip-range
as required by the FIC Controller.
Uninstall the Helm Chart¶
Run the following command to uninstall the chart.
helm **del** <new-chart>
Install the FIC Manually¶
Install the RBAC¶
Download the RBAC required and Install the RBAC for FIC Controller.
kubectl create -f clusterrole.yaml
Configuring the Static IPAM¶
When IPAM controller is configured for Static IPAM using default ipam-provider, it uses lightweight sqliteDB for IP address management.
Use Kubernetes volume mounts to maintain persistent IP addresses during a restart or replacement of the F5 IPAM Controller container.
You can use any of the persistent storage options supported by Kubernetes.
The following examples showcase local persistent storage. Ensure mount
directory (/tmp/localstorage
in the example below) is present on the
node.
Note
- Users must review security aspects and limitations with each of the storage options as per their requirements.
- Local storage ties your application to a specific node as mentioned in nodeAffinity of persistentVolume.
Create the
persistenceVolume
andpersistenceVolumeClaim
.kubectl create -f https://github.com/F5Networks/f5-ipam-controller/raw/main/docs/config_examples/f5-ip-provider/localstorage-pv-pvc-example.yaml
Download the sample FIC deployment file.
Configuring Static IPAM with ipv4.
wget https://github.com/F5Networks/f5-ipam-controller/raw/main/docs/config_examples/f5-ip-provider/ipv4-addr-range-default-provider-deployment.yaml -o sample-fic-ctlr.yaml
Configuring Static IPAM with ipv6.
wget https://github.com/F5Networks/f5-ipam-controller/raw/main/docs/config_examples/f5-ip-provider/ipv4-addr-range-default-provider-deployment.yaml -o sample-fic-ctlr.yaml
Note
- Use securityContext to modify mount directory permissions.
- Do not modify 1200 as it is the UID of IPAM Controller user.
- Update the IPAM deployment with volumeMount and securityContext.
Update the sample deployment file with required image and parameters and install the FIC Controller.
kubectl create -f sample-fic-ctlr.yaml
See also Deploying F5 IPAM Controller for more information.
Configure the FIC with Infoblox¶
Download the sample FIC deployment file.
wget https://github.com/F5Networks/f5-ipam-controller/raw/main/docs/config_examples/infoblox/infoblox-deployment.yaml -o sample-fic-ctlr.yaml
Update the sample deployment file with required image and parameters and install the FIC Controller.
kubectl create -f sample-fic-ctlr.yaml
See also F5 IPAM Controller and CIS using Infoblox IPAM Integration for more information.
Uninstalling FIC Manually¶
To uninstall FIC, run the following commands:
kubectl delete -f sample-fic-ctlr.yaml
kubectl delete -f clusterrole.yaml
Optionally, Delete the persistenceVolume
and persistenceVolumeClaim
.
kubectl delete -f https://github.com/F5Networks/f5-ipam-controller/raw/main/docs/config_examples/f5-ip-provider/localstorage-pv-pvc-example.yaml
Note
To provide feedback on Container Ingress Services or this documentation, please file a GitHub Issue.