Installing F5 IPAM Controller¶
Overview¶
An Operator is a method of packaging, deploying, and managing a Kubernetes application. A Kubernetes application is an application that is both deployed on Kubernetes and managed using the Kubernetes APIs and kubectl/oc tooling. You can think of Operators as the runtime that manages this type of application on Kubernetes. Conceptually, an Operator takes human operational knowledge and encodes it into software that is more easily packaged and shared with consumers.
The F5 IPAM (f5-ipam-controller) is a cloud-native connector that can use either Kubernetes or OpenShift as an orchestration platform. F5 IPAM Operator is a Service Operator which installs F5 IPAM Controller on OpenShift platforms 4.x.
Prerequisites¶
- Refer to the Prerequisites to install Container Ingress Services on OpenShift.
- For Infoblox as provider, configure Infoblox with network and netview. See Infoblox documentation for more information.
- Create persistent volume and persistent volume claim for static f5-ipam provider with the following command:
oc apply -f https://raw.githubusercontent.com/F5Networks/f5-ipam-controller/main/docs/config_examples/f5-ip-provider/localstorage-pv-pvc-example.yaml
Installing the Operator¶
Open the OCP web console and within the OCP web console, in the left Menu bar, click Operator Hub and search for “f5” to see the Certified F5 IPAM Operator.
Click F5 IPAM Controller > Install to go through the guided installation process.
Select the channel, installation mode, and approval strategy for operator.
When Operator is Subscribed, Operator is installed based on approval strategy. The default approval strategy is
Automatic
.- Manual: Requires administrator approval to install new updates.
- Automatic: Updated automatically when a new release is available.
Once the Operator is installed, create a F5IpamCtlr instance.
Select the YAML format for creating the F5IpamCtlr instance and update the operator parameters in the YAML file as follows:
Note
Please refer the Chart’s parameters below for Spec definition of F5IPamCtlr Resource.
You can see the created resource below.
Note
One F5IPamCtlr Resource is sufficient for all the CIS deployments in a cluster.
Installing FIC Using Helm Charts¶
This is the simplest way to install FIC on an OpenShift/Kubernetes cluster. Helm is a package manager for Kubernetes. Helm is Kubernetes version of yum or apt. Helm deploys something called charts, which you can think of as a packaged application. It is a collection of all your versioned, pre-configured application resources which can be deployed as one unit. This chart creates a Deployment for one Pod containing the F5 IPAM Controller, it’s supporting RBAC, and Service Account.
Prerequisites¶
- Refer to the CIS Prerequisites to install Container Ingress Services on Kubernetes or Openshift.
- Helm 3 should be installed.
- If you are using Infoblox as provider, configure Infoblox with network and netview. See Infoblox documentation for more information.
- Create persistent volume and persistent volume claim for static f5-ipam provider by using the command
oc apply -f https://raw.githubusercontent.com/F5Networks/f5-ipam-controller/main/docs/config_examples/f5-ip-provider/localstorage-pv-pvc-example.yaml
.
Installing the Chart
Add the FIC chart repository in Helm using following command:
helm repo add f5-ipam-stable https://f5networks.github.io/f5-ipam-controller/helm-charts/stable
Create values.yaml.
Install the Helm chart using the following command:
helm install -f values.yaml <new-chart-name> f5-ipam-stable/f5-ipam-controller
Chart Parameters¶
Parameter | Required | Default | Description |
---|---|---|---|
rbac.create | Optional | true | Create ClusterRole and ClusterRoleBinding. |
serviceAccount.name | Optional | f5-ipam-controller-serviceaccount | Name of the ServiceAccount for FIC controller. |
serviceAccount.create | Optional | true | Create service account for the FIC controller. |
namespace | Optional | kube-system | Name of namespace FIC lives and watches for IPAM resources. |
image.user | Optional | f5networks | FIC Controller image repository username. |
image.repo | Optional | f5-ipam-controller | FIC Controller image repository name. |
image.pullPolicy | Optional | Always | FIC Controller image pull policy. |
image.version | Optional | N/A | FIC Controller image tag. |
pvc.name | Optional | -f5-ipam-controller | Name of the persistent volume claim for FIC controller. |
pvc.create | Optional | false | Create persistent volume claim for FIC controller. |
pvc.storageClassName | Optional | N/A | Name of the storage class. |
pvc.accessMode | Optional | ReadWriteOnce | Access mode for the volume. |
pvc.storage | Optional | N/A | Required storage for FIC controller volume. |
volume.mountPath | Optional | N/A | Mount Path that the controller places the DB file. |
volume.mountName | Optional | N/A | Name of the volume mounted. |
nodeSelector | Optional | N/A | Dictionary of Node selector labels. |
tolerations | Optional | N/A | Array of labels. |
limits_cpu | Optional | 100m | CPU limits for the pod. |
limits_memory | Optional | 512Mi | Memory limits for the pod. |
requests_cpu | Optional | 100m | CPU request for the pod. |
requests_memory | Optional | 512Mi | Memory request for the pod. |
affinity | Optional | N/A | Dictionary of affinity. |
securityContext | Optional | N/A | Dictionary of securityContext. |
updateStrategy | Optional | RollingUpdate | Update strategy for FIC Controller Deployment.
For Example: RollingUpdate and Recreate |
See the FIC documentation for a full list of args supported for FIC Configuration Options.
Important
Helm value names cannot include the character -
which is commonly used in the names of parameters passed to the controller. To accomodate Helm, the parameter names in values.yaml use _
and then replace them with -
when rendering. For example: args.ip_range
is rendered as ip-range
as required by the FIC Controller.
If you have a specific use case for F5 products in the Kubernetes environment that would benefit from a curated chart, please open an issue describing your use case and providing example resources.
Uninstalling Helm Chart¶
Run the following command to uninstall the chart.
helm del <new-chart>
Note
To provide feedback on Container Ingress Services or this documentation, please file a GitHub Issue.