Installing F5 IPAM Controller

Overview

An Operator is a method of packaging, deploying, and managing a Kubernetes application. A Kubernetes application is an application that is both deployed on Kubernetes and managed using the Kubernetes APIs and kubectl/oc tooling. You can think of Operators as the runtime that manages this type of application on Kubernetes. Conceptually, an Operator takes human operational knowledge and encodes it into software that is more easily packaged and shared with consumers.

The F5 IPAM (f5-ipam-controller) is a cloud-native connector that can use either Kubernetes or OpenShift as an orchestration platform. F5 IPAM Operator is a Service Operator which installs F5 IPAM Controller on OpenShift platforms 4.x.

Prerequisites

  • Refer to the Prerequisites to install Container Ingress Services on OpenShift.
  • For Infoblox as provider, configure Infoblox with network and netview. See Infoblox documentation for more information.
  • Create persistent volume and persistent volume claim for static f5-ipam provider with the following command:
oc apply -f https://raw.githubusercontent.com/F5Networks/f5-ipam-controller/main/docs/config_examples/f5-ip-provider/localstorage-pv-pvc-example.yaml

Installing the Operator

  1. Open the OCP web console and within the OCP web console, in the left Menu bar, click Operator Hub and search for “f5” to see the Certified F5 IPAM Operator.

    ../../_images/ipam-install-1.png

  2. Click F5 IPAM Controller > Install to go through the guided installation process.

    ../../_images/ipam-install-2.png

  3. Select the channel, installation mode, and approval strategy for operator.

    When Operator is Subscribed, Operator is installed based on approval strategy. The default approval strategy is Automatic.

    • Manual: Requires administrator approval to install new updates.
    • Automatic: Updated automatically when a new release is available.
    ../../_images/ipam-install-3.png
  4. Once the Operator is installed, create a F5IpamCtlr instance.

    ../../_images/ipam-install-4.png

  5. Select the YAML format for creating the F5IpamCtlr instance and update the operator parameters in the YAML file as follows:

    ../../_images/ipam-install-5.png

    Note

    Please refer the Chart’s parameters below for Spec definition of F5IPamCtlr Resource.

  6. You can see the created resource below.

    ../../_images/ipam-install-6.png

    Note

    One F5IPamCtlr Resource is sufficient for all the CIS deployments in a cluster.

Installing FIC Using Helm Charts

This is the simplest way to install FIC on an OpenShift/Kubernetes cluster. Helm is a package manager for Kubernetes. Helm is Kubernetes version of yum or apt. Helm deploys something called charts, which you can think of as a packaged application. It is a collection of all your versioned, pre-configured application resources which can be deployed as one unit. This chart creates a Deployment for one Pod containing the F5 IPAM Controller, it’s supporting RBAC, and Service Account.

Prerequisites

  • Refer to the CIS Prerequisites to install Container Ingress Services on Kubernetes or Openshift.
  • Helm 3 should be installed.
  • If you are using Infoblox as provider, configure Infoblox with network and netview. See Infoblox documentation for more information.
  • Create persistent volume and persistent volume claim for static f5-ipam provider by using the command oc apply -f https://raw.githubusercontent.com/F5Networks/f5-ipam-controller/main/docs/config_examples/f5-ip-provider/localstorage-pv-pvc-example.yaml.

Installing the Chart

  1. Add the FIC chart repository in Helm using following command:

    helm repo add f5-ipam-stable https://f5networks.github.io/f5-ipam-controller/helm-charts/stable
    
  2. Create values.yaml.

  3. Install the Helm chart using the following command:

    helm install -f values.yaml <new-chart-name> f5-ipam-stable/f5-ipam-controller
    

Chart Parameters

Parameter Required Default Description
rbac.create Optional true Create ClusterRole and ClusterRoleBinding.
serviceAccount.name Optional f5-ipam-controller-serviceaccount Name of the ServiceAccount for FIC controller.
serviceAccount.create Optional true Create service account for the FIC controller.
namespace Optional kube-system Name of namespace FIC lives and watches for IPAM resources.
image.user Optional f5networks FIC Controller image repository username.
image.repo Optional f5-ipam-controller FIC Controller image repository name.
image.pullPolicy Optional Always FIC Controller image pull policy.
image.version Optional N/A FIC Controller image tag.
pvc.name Optional -f5-ipam-controller Name of the persistent volume claim for FIC controller.
pvc.create Optional false Create persistent volume claim for FIC controller.
pvc.storageClassName Optional N/A Name of the storage class.
pvc.accessMode Optional ReadWriteOnce Access mode for the volume.
pvc.storage Optional N/A Required storage for FIC controller volume.
volume.mountPath Optional N/A Mount Path that the controller places the DB file.
volume.mountName Optional N/A Name of the volume mounted.
nodeSelector Optional N/A Dictionary of Node selector labels.
tolerations Optional N/A Array of labels.
limits_cpu Optional 100m CPU limits for the pod.
limits_memory Optional 512Mi Memory limits for the pod.
requests_cpu Optional 100m CPU request for the pod.
requests_memory Optional 512Mi Memory request for the pod.
affinity Optional N/A Dictionary of affinity.
securityContext Optional N/A Dictionary of securityContext.

See the FIC documentation for a full list of args supported for FIC Configuration Options.

Important

Helm value names cannot include the character - which is commonly used in the names of parameters passed to the controller. To accomodate Helm, the parameter names in values.yaml use _ and then replace them with - when rendering. For example: args.ip_range is rendered as ip-range as required by the FIC Controller.

If you have a specific use case for F5 products in the Kubernetes environment that would benefit from a curated chart, please open an issue describing your use case and providing example resources.

Uninstalling Helm Chart

Run the following command to uninstall the chart.

helm del <new-chart>

Note

To provide feedback on Container Ingress Services or this documentation, please file a GitHub Issue.