F5SPKServiceTypeLBIpPool

Overview

This overview discusses the F5SPKServiceTypeLBIpPool Custom Resource (CR). For the full list of CRs, refer to the SPK CRs overview. The SPK Controller can dynamically create application traffic CRs using the F5SPKServiceTypeLBIpPool CR, and Kubernetes LoadBalancer type Service objects. The dynamically generated CRs are applied to the Service Proxy Traffic Management Microkernel (TMM) Pods for low-latency application traffic processing. The SPK Controller generates application traffic CRs as follows:

1. Monitor the Kubernetes API for Service objects that are configured with type: LoadBalancer and loadBalancerClass: f5net.com.
2. When a Service object matches, select an IP address from the F5SPKServiceTypeLBIpPool CR, and the port, protocol, and ipFamilies values from the Service.
3. Dynamically generate a new application traffic SPK CR using the IP address and Service object values.
4. Configure the SPK TMM Pod with the new CR, and begin processing ingress application traffic.

This document guides you through understanding, configuring and installing a simple F5SPKServiceTypeLBIpPool CR.

CR parameters

The table below describes the CR parameter.

Parameter	Description
spec.ipAddresses	Specifies a list of IPv4 and/or IPv6 addresses using any of the following formats: host, host/subnet, host-range.

CR example

The SPK Controller will select one IP address from the pool for each Service object installed. For dual-stack implementations, the SPK Controller selects one IPv4 and one IPv6 address per Service object.

apiVersion: k8s.f5net.com/v1
kind: F5SPKServiceTypeLBIpPool
metadata:
  name: spk-lb-ippool
  namespace: spk-apps
spec:
  ipAddresses:
    - "10.244.100.1"
    - "10.244.100.2-10.244.100.5"
    - "10.244.200.200/24"
    - "2002::10:244:100:1"
    - "2002::10:244:100:1-2002::10:244:100:5"
    - "2002::10:244:200/96"

Service example

The SPK Controller installs the following SPK CRs types based on the Service protocol value:

• TCP - F5SPKIngressTCP
• UDP - F5SPKIngressUDP
• SCTP - F5SPKIngressNGAP

apiVersion: v1
kind: Service
metadata:
  name: nginx-web-svc
  namespace: spk-apps
spec:
  type: LoadBalancer
  loadBalancerClass: f5net.com
  allocateLoadBalancerNodePorts: false
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx-web

Application Project

The SPK Controller and Service Proxy TMM Pods install to a different Project than the application (Pods). When installing the SPK Controller, set the controller.watchNamespace parameter to the Pod Project(s) in the Helm values file.

For example:

Note: The watchNamespace parameter accepts multiple namespaces.

controller:
  watchNamespace: 
    - "spk-apps"
    - "spk-apps2"

Dual-Stack environments

Service Proxy TMM’s load balancing pool is created by discovering the Kubernetes Service Endpoints in the Project. In IPv4/IPv6 dual-stack environments, to populate the load balancing pool with IPv6 members, set the Service PreferDualStack parameter to IPv6.

For example:

kind: Service
metadata:
  name: nginx-web-svc
  namespace: spk-apps
spec:
  ipFamilyPolicy: PreferDualStack
  ipFamilies:
  - IPv6
  - IPv4

Important: When enabling PreferDualStack, ensure TMM’s internal F5SPKVlan interface configuration includes both IPv4 and IPv6 addresses.

Ingress traffic

To enable ingress network traffic, Service Proxy TMM must be configured to advertise virtual server IP addresses to external networks using the BGP dynamic routing protocol. Alternatively, you can configure appropriate routes on upstream devices. For BGP configuration assistance, refer to the BGP Overview.

CR shortName

CR shortNames provide an easy way to view installed CRs, and their configuration parameters. The CR shortName can also be used to delete the CR instance. The F5SPKServiceTypeLBIpPool CR shortName is servicetypelbippool.

View CR instance:

oc get servicetypelbippool -n <project>

View CR configuration:

oc get servicetypelbippool -n <project> -o yaml

Requirements

Ensure you have:

• Installed a K8S Service object and application.
• Installed the SPK Controller.
• A Linux based workstation.

Installation

Use the following steps to install the example F5SPKServiceTypeLBIpPool CR and Kunbernetes Service object, and to verify the configuration.

1. Switch to the application Project:

   oc project <project>
   

   In this example, the application is in the spk-apps Project:

   oc project spk-apps
   

2. Copy the example F5SPKServiceTypeLBIpPool CR into a YAML file:

   apiVersion: k8s.f5net.com/v1
   kind: F5SPKServiceTypeLBIpPool
   metadata:
     name: spk-lb-ippool
     namespace: spk-apps
   spec:
     ipAddresses:
       - "10.244.100.1"
       - "10.244.100.2-10.244.100.5"
       - "10.244.200.200/24"
       - "2002::10:244:100:1"
       - "2002::10:244:100:1-2002::10:244:100:5"
       - "2002::10:244:200/96"
   

3. Install the F5SPKServiceTypeLBIpPool CR:

   oc apply -f spk-ip-pool.yaml
   

4. Verify the status of the installed CR:

   oc get servicetypelbippool
   

   In this example, the CR is installed successfully.

   NAME          AGE
   spk-lb-ippol  21s
   

5. Copy the example Service object into a YAML file:

   apiVersion: v1
   kind: Service
   metadata:
     name: nginx-web-svc
     namespace: spk-apps
   spec:
     type: LoadBalancer
     loadBalancerClass: f5net.com
     allocateLoadBalancerNodePorts: false
     ipFamilies:
     - IPv4
     ipFamilyPolicy: SingleStack
     ports:
     - name: http
       port: 80
       protocol: TCP
       targetPort: 80
     selector:
       app: nginx-web
   

6. Install the Service object:

   oc apply -f web-pool-svc.yaml
   

7. Verify the Service object installation:

   kubectl get svc nginx-web-svc 
   

   In this example, the Service object is installed, and shows the EXTERNAL-IP address 10.33.0.86 has been assigned from the F5SPKServiceTypeLBIpPool.

   NAME            TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S) 
   nginx-web-svc   LoadBalancer   10.105.193.207   10.33.0.86    80/TCP 
   

8. Verify the Controller has created the TCP application:

   kubectl get f5-spk-ingresstcp
   

   In this example, the Controller has created a new application named nginx-web-svc-tcp-f5-generated.

   NAME                             STATUS    MESSAGE                              
   nginx-web-svc-tcp-f5-generated   SUCCESS   CR config sent to all grpc endpoints 
   

9. Web clients should now be able to connect to the application through the Service Proxy TMM.

Connection statistics

If you installed the SPK Controller with the Debug Sidecar enabled, connect to the sidecar to view virtual server and pool member connecitivy statistics.

1. Log in to the Service Proxy Debug container:

   oc exec -it deploy/f5-tmm -c debug -n spk-ingress -- bash
   

2. View the virtual server connection statistics:

   tmctl -d blade virtual_server_stat -s name,clientside.tot_conns
   

   For example:

   name                                                   clientside.tot_conns
   ------------------------------------------------------ --------------------
   spk-apps-nginx-web-svc-tcp-f5-generated-virtual-server                    0
   

3. View the load balancing pool connection statistics:

   tmctl -d blade pool_member_stat -s pool_name,serverside.tot_conns
   

   For example:

   spk-apps-nginx-web-svc-tcp-f5-generated-pool                    0
   spk-apps-nginx-web-svc-tcp-f5-generated-pool                    0
   

Feedback

Provide feedback to improve this document by emailing spkdocs@f5.com.

Supplemental

• Kubernetes Service