Add BIG-IP device to OpenShift Cluster Network

This document provides step-by-step instructions for integrating a standalone BIG-IP device into an OpenShift Cluster Network.

Complete the following tasks to add a BIG-IP device to an OpenShift cluster network.

Task Summary
Step Task

Create a Node for the BIG-IP device:

Set up the BIG-IP system:

Create a Node for the BIG-IP device

OpenShift SDN uses custom Annotations to identify Nodes as part of the Cluster network.

  • pod.network.openshift.io/fixed-vnid-host: "0"
  • pod.network.openshift.io/assign-subnet: "true"

When you include these Annotations in a HostSubnet manifest, the SDN recognizes the new Node and allocates a subnet to it.

Create a HostSubnet

Define a HostSubnet manifest using valid YAML or JSON.

For the hostIP, provide an IP address from the BIG-IP network that will support the VXLAN overlay.

apiVersion: v1
kind: HostSubnet
metadata:
  name: f5-bigip-node
  annotations:
    pod.network.openshift.io/fixed-vnid-host: "0"
    pod.network.openshift.io/assign-subnet: "true"
# provide a name for the BIG-IP device's host Node
host: f5-bigip-node
# Provide an IP address to serve as the BIG-IP VTEP in the OpenShift SDN
hostIP: 172.16.1.28

HostSubnet - BIG-IP Standalone

Upload the Host Subnet to the OpenShift API server

Use the oc create command to upload the HostSubnet file(s) to the OpenShift API server.

oc create -f f5-kctlr-openshift-hostsubnet.yaml
hostsubnet "f5-bigip-node" created

Verify creation of the HostSubnet(s)

Use the oc get hostsubnet command to display the SUBNET allocated to the BIG-IP system by OpenShift.

Important

You can modify the HOST IP of any cluster member using annotations. See Modifying a HOST IP address using annotations.

oc get hostsubnet
NAME                  HOST                  HOST IP         SUBNET
f5-bigip-node         f5-bigip-node         172.16.1.30     10.130.0.0/23
worker.example.net    worker.example.net    172.16.1.20     10.129.0.0/23
master.example.net    master.example.net    172.16.1.10     10.128.0.0/23

Set up the BIG-IP system

Important

The steps in this section require Administrator or Resource Administrator access to the BIG-IP system’s TMOS shell (tmsh).

Create a VXLAN tunnel

  1. Log in to the TMOS shell (tmsh).

    tmsh
    
  2. Create a BIG-IP VXLAN profile with flooding-type multi-point.

    create net tunnels vxlan ose-vxlan flooding-type multipoint
    
  3. Create a BIG-IP VXLAN tunnel.

    • Set the local-address to the BIG-IP HostSubnet’s hostIP address.
    • Set the key to 0 to grant the BIG-IP device access to all OpenShift projects and subnets.
    create net tunnels tunnel openshift_vxlan key 0 profile ose-vxlan local-address 172.16.1.28
    

Create a self IP in the VXLAN

Create a self IP address in the VXLAN tunnel.

  • The self IP range must fall within the cluster subnet mask. Use the command oc get clusternetwork to find the correct subnet mask for your cluster.
  • If you use the BIG-IP configuration utility to create a self IP, you may need to provide the full netmask instead of the CIDR notation.
create net self 10.129.2.3/14 allow-service none vlan openshift_vxlan

Create a floating self IP in the VXLAN

Create a floating IP address on the BIG-IP device. Use an IP address from the subnet that the OpenShift SDN allocated to the BIG-IP’s HostSubnet.

create net self 10.129.2.4/14 allow-service none traffic-group traffic-group-1 vlan openshift_vxlan

Note

By default, the BIG-IP Controller uses BIG-IP Automap SNAT for all of the virtual servers it creates. From k8s-bigip-ctlr v1.5.0 forward, you can designate a specific SNAT pool in the Controller Deployment instead of using SNAT automap.

In environments where the BIG-IP connects to the Cluster network, the self IP used as the BIG-IP VTEP serves as the SNAT pool for all origin addresses within the Cluster. The subnet mask you provide when you create the self IP defines the addresses available to the SNAT pool.

Verify creation of the BIG-IP objects

You can use the TMOS shell (tmsh) to verify object creation.

tmsh show net tunnels tunnel openshift_vxlan
tmsh show net self 10.129.2.3/14
tmsh show net self 10.129.2.4/14

See also

If you’re having trouble with your network setup, see Network troubleshooting.