F5SPKIngressUDP¶
Overview¶
The F5SPKIngressUDP Custom Resource (CR) configures the Service Proxy Traffic Management Microkernel (TMM) to proxy and load balance low-latency UDP application traffic between networks using a virtual server and load balancing pool. The F5SPKIngressUDP CR also provides options to tune how connections are processed, and to monitor the health of Service object Endpoints.
This document guides you through understanding, configuring and installing a simple F5SPKIngressUDP CR.
CR integration stages¶
The graphic below displays the four integration stages used to begin processing application traffic. SPK CRs can also be integrated into your Helm release, managing all components with single interface. Refer to the Helm CR Integration guide for more information.
CR Parameters¶
The table below describes the CR parameters used in this document, refer to the F5SPKIngressUDP Reference for the full list of parameters.
service¶
The table below describes the CR service parameters.
| Parameter | Description |
|---|---|
name |
Selects the Service object name for the internal applications (Pods), and creates a round-robin load balancing pool using the Service Endpoints. |
port |
Selects the Service object port value. |
spec¶
The table below describes the CR spec parameters.
| Parameter | Description |
|---|---|
destinationAddress |
Creates an IPv4 virtual server address for ingress connections. |
destinationPort |
Defines the service port for inbound connections. |
ipv6destinationAddress |
Creates an IPv6 virtual server address for ingress connections. |
idleTimeout |
The UDP connection idle timeout period in seconds (1-4294967295). The default value is 60 seconds. |
loadBalancingMethod |
Specifies the load balancing method used to distribute traffic across pool members: ROUND_ROBIN distributes connections evenly across all pool members (default), and RATIO_LEAST_CONN_MEMBER distributes connections first to members with the least number of active connections. |
snat |
Enables translating the source IP address of ingress packets to TMM's self IP addresses: SRC_TRANS_AUTOMAP to enable, or SRC_TRANS_NONE to disable (default). |
vlans.vlanList |
Specifies a list of F5SPKVlan CRs to listen for ingress traffic, using the CR's metadata.name. The list can also be disabled using disableListedVlans. |
vlans.category |
Specifies an F5SPKVlan CR category to listen for ingress traffic. The category can also be disabled using disableListedVlans. |
vlans.disableListedVlans |
Disables, or denies traffic specified with the vlanList or category parameters: true or false (default). |
monitors¶
The table below describes the CR monitors parameters.
| Parameter | Description |
|---|---|
icmp.interval |
Specifies in seconds the monitor check frequency: 1 to 86400. The default is 5. |
icmp.timeout |
Specifies in seconds the time in which the target must respond: 1 to 86400. The default is 16. |
Application Project¶
The SPK Controller and Service Proxy TMM Pods install to a different Project than the UDP application (Pods). When installing the SPK Controller, set the controller.watchNamespace parameter to the UDP Pod in the Helm values file. For example:
Important: Ensure the Project currently exists in the cluster, the SPK Controller does not discover Projects created after installation.
controller:
watchNamespace: "udp-apps"
Dual-Stack environments¶
Service Proxy TMM’s load balancing pool is created by discovering the Kubernetes Service Endpoints in the Project. In IPv4/IPv6 dual-stack environments, to populate the load balancing pool with IPv6 members, set the Service PreferDualStack parameter to IPv6. For example:
kind: Service
metadata:
name: bind-dns
namespace: udp-apps
labels:
app: bind-dns
spec:
ipFamilyPolicy: PreferDualStack
ipFamilies:
- IPv6
- IPv4
Ingress traffic¶
To enable ingress network traffic, the Service Proxy Pod must be configured to advertise virtual server IP addresses to remote networks, using the BGP dynamic routing protocol. Alternatively, you can configure appropriate routes on upstream devices. For BGP configuration assistance, refer to the BGP Overview.
Requirements¶
Ensure you have:
- Installed a K8S Service object and application.
- Installed the SPK Controller.
- Have a Linux based workstation.
Installation¶
Use the following steps to obtain the application’s Service object configuration, and configure and install the F5SPKIngressUDP CR.
Switch to the application Project:
oc project <project>
In this example, the application is installed to the udp-apps Project:
oc project udp-apps
Obtain the Service object NAME and PORT to configure the CR
service.specandservice.portparameters:oc get service
In this example, the Service object NAME** is bind-dns and the PORT is 53:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) bind-dns NodePort 10.99.99.99 <none> 53:30714/UDP
Copy the example CR into a YAML file, and adapt it for your environment if necessary:
apiVersion: "ingressudp.k8s.f5net.com/v1" kind: F5SPKIngressUDP metadata: namespace: udp-apps name: bind-dns-cr service: name: bind-dns port: 53 spec: destinationAddress: "192.168.1.123" destinationPort: 53 ipv6destinationAddress: "2001::100:100" idleTimeout: 30 loadBalancingMethod: "RATIO_LEAST_CONN_MEMBER" snat: “SRC_TRANS_AUTOMAP” vlans: vlanList: - vlan-external monitors: icmp: - interval: 3 - timeout: 10
Install the F5SPKIngressUDP CR:
oc apply -f spk-ingress-udp.yaml
DNS clients should now be able to connect to the application through the Service Proxy TMM.
Connectivity statistics¶
If you installed the SPK Controller with the Debug Sidecar enabled, connect to the sidecar to view virtual server and pool member connecitivy statistics.
Log in to the Service Proxy Debug container:
oc exec -it deploy/f5-tmm -c debug -n spk-ingress -- bashView the virtual server connection statistics:
tmctl -f /var/tmstat/blade/tmm0 virtual_server_stat -s name,serverside.tot_conns
For example:
name serverside.tot_conns ----------------------------------- -------------------- udp-apps-bind-dns-crd-virtual-server 31View the load balancing pool connection statistics:
tmctl -f /var/tmstat/blade/tmm0 pool_member_stat -s pool_name,serverside.tot_conns
For example:
udp-apps-bind-dns-crd-pool 15 udp-apps-bind-dns-crd-pool 16
Feedback¶
Provide feedback to improve this document by emailing spkdocs@f5.com.