Attaching Virtual Servers to Services

You can use F5 resources to attach custom BIG-IP virtual servers to Services in both Kubernetes and OpenShift.

Overview

An F5 Resource ConfigMap lets you expose individual Services to external traffic. Use an F5 resource if you need:

  • Greater flexibility and customization than Ingresses, and Routes.
  • To deploy an iApp.
  • L4 ingress (TCP or UDP).
  • L7 ingress on non-standard ports. For example 8080, or 8443.
Task summary
Step Task
Define a virtual server for a Service
Upload the ConfigMap to the API Server
Verify changes on the BIG-IP system

Define a virtual server for a Service

Define the virtual server you want to create in an F5 resource JSON blob. Include the JSON blob in the data section of a Kubernetes ConfigMap resource.

HTTP Example

If your Service looks like this:

apiVersion: v1
kind: Service
metadata:
  name: myService
  labels:
    app: myApp
spec:
  ports:
  - protocol: TCP
    port: 80
    targetPort: 9376
  type: clusterIP

Your HTTP ConfigMap might look like this:

kind: ConfigMap
apiVersion: v1
metadata:
  name: myApp.vs
  labels:
    f5type: virtual-server
data:
  # https://clouddocs.f5.com/containers/latest/releases_and_versioning.html#f5-schema
  schema: "f5schemadb://bigip-virtual-server_v0.1.7.json"
  data: |
    {
      "virtualServer": {
        "backend": {
          "servicePort": 80,
          }]
        },
        "frontend": {
          "virtualAddress": {
            "port": 8080,
            "bindAddr": "1.2.3.4"
          },
          "partition": "k8s",
          "balance": "least-connections-member",
          "mode": "http"
        }
      }

f5-resource-vs-example.configmap.yaml

F5 Resource options

  • The ConfigMap servicePort option, maps to the Service port option. The BIG-IP Controller uses this to relate the Pod Node Ports and Endpoints to the BIG-IP virtual server.
  • The Service targetPort option is the Pod/Container port to which you want to send traffic.
  • You can replace balance: round-robin with any of the supported BIG-IP load balancing modes: [1]

Upload the ConfigMap to the API Server

If you want to create both HTTP and HTTPS virtual servers for the same Service, create a ConfigMap for each port. You can pass the names of both YAML files in your apply option, or include both resources in a single manifest file.

Kubernetes

When uploading resources that don’t reside in the default namespace, specify the correct namespace using the --namespace (or -n) flag.

kubectl apply -f <filename.yaml> [--namespace=<resource-namespace>]

OpenShift

When uploading resources that don’t reside in the default or current Project, specify the correct Project using the --namespace (or -n) flag.

oc apply -f <filename.yaml> [--namespace=<resource-project>]

Verify changes on the BIG-IP system

You can use the BIG-IP configuration utility or a TMOS shell to verify creation/modification/deletion of BIG-IP objects.

Configuration Utility

  • Go to Local Traffic ‣ Virtual Servers.
  • Select the correct partition from the Partition drop-down menu.

TMOS Management Console

admin@(bigip)(cfg-sync Standalone)(Active)(/Common) cd my-partition
admin@(bigip)(cfg-sync Standalone)(Active)(/my-partition) tmsh
admin@(bigip)(cfg-sync Standalone)(Active)(/my-partition)(tmos)$ show ltm virtual
------------------------------------------------------------------
Ltm::Virtual Server: default_myApp.vs_173.16.2.2_80
------------------------------------------------------------------
Status
  Availability     : available
  State            : enabled
  Reason           : The virtual server is available
  CMP              : enabled
  CMP Mode         : all-cpus
  Destination      : 173.16.2.2:80
...
Ltm::Virtual Server: default_myApp.vs_173.16.2.2_443
------------------------------------------------------------------
Status
  Availability     : available
  State            : enabled
  Reason           : The virtual server is available
  CMP              : enabled
  CMP Mode         : all-cpus
  Destination      : 173.16.2.2:443
...

Removing or replacing Services

If you remove the Service associated with an F5 resource ConfigMap from the API server, the BIG-IP Controller will remove all BIG-IP objects associated with that Service.

If you remove a Service, you should also delete the F5 Resource ConfigMap associated with it.

When replacing a Service, you should create a new F5 resource ConfigMap that meets the new Service’s needs.

What’s Next

You can modify your BIG-IP configuration using the BIG-IP Controller.

Footnotes

[1]The BIG-IP Controller supports BIG-IP load balancing algorithms that do not require additional configuration parameters. You can view the full list of supported algorithms in the f5-cccl schema. See the BIG-IP Local Traffic Management Basics user guide for information about each load balancing mode.