F5SPKServiceTypeLBIpPool¶
Overview¶
This overview discusses the F5SPKServiceTypeLBIpPool Custom Resource (CR). For the full list of CRs, refer to the SPK CRs overview. The SPK Controller can dynamically create application traffic CRs using the F5SPKServiceTypeLBIpPool CR, and Kubernetes LoadBalancer
type Service objects. The dynamically generated CRs are applied to the Service Proxy Traffic Management Microkernel (TMM) Pods for low-latency application traffic processing. The SPK Controller generates application traffic CRs as follows:
- Monitor the Kubernetes API for Service objects that are configured with
type: LoadBalancer
andloadBalancerClass: f5net.com
. - When a Service object matches, select an IP address from the F5SPKServiceTypeLBIpPool CR, and the
port
,protocol
, andipFamilies
values from the Service. - Dynamically generate a new application traffic SPK CR using the IP address and Service object values.
- Configure the SPK TMM Pod with the new CR, and begin processing ingress application traffic.
This document guides you through understanding, configuring and installing a simple F5SPKServiceTypeLBIpPool CR.
CR parameters¶
The table below describes the CR parameter.
Parameter | Description |
---|---|
spec.ipAddresses |
Specifies a list of IPv4 and/or IPv6 addresses using any of the following formats: host, host/subnet, host-range. |
CR example¶
The SPK Controller will select one IP address from the pool for each Service object installed. For dual-stack implementations, the SPK Controller selects one IPv4 and one IPv6 address per Service object.
apiVersion: k8s.f5net.com/v1
kind: F5SPKServiceTypeLBIpPool
metadata:
name: spk-lb-ippool
namespace: spk-apps
spec:
ipAddresses:
- "10.244.100.1"
- "10.244.100.2-10.244.100.5"
- "10.244.200.200/24"
- "2002::10:244:100:1"
- "2002::10:244:100:1-2002::10:244:100:5"
- "2002::10:244:200/96"
Service example¶
The SPK Controller installs the following SPK CRs types based on the Service protocol
value:
- TCP - F5SPKIngressTCP
- UDP - F5SPKIngressUDP
- SCTP - F5SPKIngressNGAP
apiVersion: v1
kind: Service
metadata:
name: nginx-web-svc
namespace: spk-apps
spec:
type: LoadBalancer
loadBalancerClass: f5net.com
allocateLoadBalancerNodePorts: false
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx-web
Application Project¶
The SPK Controller and Service Proxy TMM Pods install to a different Project than the application (Pods). When installing the SPK Controller, set the controller.watchNamespace
parameter to the Pod Project(s) in the Helm values file.
For example:
Note: The watchNamespace parameter accepts multiple namespaces.
controller:
watchNamespace:
- "spk-apps"
- "spk-apps2"
Dual-Stack environments¶
Service Proxy TMM’s load balancing pool is created by discovering the Kubernetes Service Endpoints in the Project. In IPv4/IPv6 dual-stack environments, to populate the load balancing pool with IPv6 members, set the Service PreferDualStack
parameter to IPv6
.
For example:
kind: Service
metadata:
name: nginx-web-svc
namespace: spk-apps
spec:
ipFamilyPolicy: PreferDualStack
ipFamilies:
- IPv6
- IPv4
Important: When enabling PreferDualStack
, ensure TMM’s internal F5SPKVlan interface configuration includes both IPv4 and IPv6 addresses.
Ingress traffic¶
To enable ingress network traffic, Service Proxy TMM must be configured to advertise virtual server IP addresses to external networks using the BGP dynamic routing protocol. Alternatively, you can configure appropriate routes on upstream devices. For BGP configuration assistance, refer to the BGP Overview.
CR shortName¶
CR shortNames provide an easy way to view installed CRs, and their configuration parameters. The CR shortName can also be used to delete the CR instance. The F5SPKServiceTypeLBIpPool CR shortName is servicetypelbippool.
View CR instance:
oc get servicetypelbippool -n <project>
View CR configuration:
oc get servicetypelbippool -n <project> -o yaml
Requirements¶
Ensure you have:
- Installed a K8S Service object and application.
- Installed the SPK Controller.
- A Linux based workstation.
Installation¶
Use the following steps to install the example F5SPKServiceTypeLBIpPool CR and Kunbernetes Service object, and to verify the configuration.
Switch to the application Project:
oc project <project>
In this example, the application is in the spk-apps Project:
oc project spk-apps
Copy the example F5SPKServiceTypeLBIpPool CR into a YAML file:
apiVersion: k8s.f5net.com/v1 kind: F5SPKServiceTypeLBIpPool metadata: name: spk-lb-ippool namespace: spk-apps spec: ipAddresses: - "10.244.100.1" - "10.244.100.2-10.244.100.5" - "10.244.200.200/24" - "2002::10:244:100:1" - "2002::10:244:100:1-2002::10:244:100:5" - "2002::10:244:200/96"
Install the F5SPKServiceTypeLBIpPool CR:
oc apply -f spk-ip-pool.yaml
Verify the status of the installed CR:
oc get servicetypelbippool
In this example, the CR is installed successfully.
NAME AGE spk-lb-ippol 21s
Copy the example Service object into a YAML file:
apiVersion: v1 kind: Service metadata: name: nginx-web-svc namespace: spk-apps spec: type: LoadBalancer loadBalancerClass: f5net.com allocateLoadBalancerNodePorts: false ipFamilies: - IPv4 ipFamilyPolicy: SingleStack ports: - name: http port: 80 protocol: TCP targetPort: 80 selector: app: nginx-web
Install the Service object:
oc apply -f web-pool-svc.yaml
Verify the Service object installation:
kubectl get svc nginx-web-svc
In this example, the Service object is installed, and shows the EXTERNAL-IP address 10.33.0.86 has been assigned from the F5SPKServiceTypeLBIpPool.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) nginx-web-svc LoadBalancer 10.105.193.207 10.33.0.86 80/TCP
Verify the Controller has created the TCP application:
kubectl get f5-spk-ingresstcp
In this example, the Controller has created a new application named nginx-web-svc-tcp-f5-generated.
NAME STATUS MESSAGE nginx-web-svc-tcp-f5-generated SUCCESS CR config sent to all grpc endpoints
Web clients should now be able to connect to the application through the Service Proxy TMM.
Connection statistics¶
If you installed the SPK Controller with the Debug Sidecar enabled, connect to the sidecar to view virtual server and pool member connectivity statistics.
Log in to the Service Proxy Debug container:
oc exec -it deploy/f5-tmm -c debug -n spk-ingress -- bash
View the virtual server connection statistics:
tmctl -d blade virtual_server_stat -s name,clientside.tot_conns
For example:
name clientside.tot_conns ------------------------------------------------------ -------------------- spk-apps-nginx-web-svc-tcp-f5-generated-virtual-server 0
View the load balancing pool connection statistics:
tmctl -d blade pool_member_stat -s pool_name,serverside.tot_conns
For example:
spk-apps-nginx-web-svc-tcp-f5-generated-pool 0 spk-apps-nginx-web-svc-tcp-f5-generated-pool 0
Feedback¶
Provide feedback to improve this document by emailing spkdocs@f5.com.