ZebOS ConfigMaps

The Service Proxy for Kubernetes (SPK) Traffic Managment Microkernel (TMM) Service Proxy Pod’s f5-tmm-routing container can reference native ZebOS.conf files as ConfigMaps using the BIG-IP Controller’s Helm values. One of the benefits of referencing the ZebOS.conf file as a ConfigMap is the ability to modify BGP configurations while the SPK F5ingress and TMM Pods are running. The SPK Controller detects modifications made to the ConfigMap file, and applies the updates to the running f5-tmm-routing container.

_images/spk_info.png Note: The periodic detection interval depends on the KubeletConfiguration settings.

Requirements

Ensure you have:

Procedures

Installation

Use these steps to install a ZebOS.conf Configmap, and reference the ConfigMap using the SPK Controller Helm values file.

_images/spk_warn.png Important: You must install a ZebOS.conf ConfigMap prior to the SPK Controller. ConfigMap modifications can then be made after installing the SPK Controller.

  1. Copy the example ZebOS.conf into a YAML file:

    router bgp 64443
      !
      bgp router-id 192.168.154.96
      bgp log-neighbor-changes
      bgp graceful-restart restart-time 120
      no bgp default ipv4-unicast
      redistribute kernel
      !
      neighbor 10.20.30.40 remote-as 3535
      neighbor 10.20.30.40 ebgp-multihop 100
      neighbor 2002::10:20:30:40 remote-as 3535
      neighbor 2002::10:20:30:40 ebgp-multihop 100
      !
      !
      address-family ipv6
        redistribute kernel
        neighbor 2002::10:20:30:40 activate
        neighbor 2002::10:20:30:40 soft-reconfiguration inbound
      exit-address-family
      !
      address-family ipv4
        neighbor 10.20.30.40 activate
        neighbor 10.20.30.40 soft-reconfiguration inbound
      exit-address-family
    !
    

    Note: The ZebOS.conf configuration is similar to the following Helm values.yaml configuration:

     bgp:
       asn: 64443
       hostname: spk-bgp
       neighbors:
       - ip: 10.20.30.40
         asn: 3535
         ebgpMultihop: 100
         acceptsIPv4: true
         softReconf: true
       - ip: 2002::10:20:30:40
         asn: 3535
         ebgpMultihop: 100
         acceptsIPv6: true
         softReconf: true
    
  2. Install the ZebOS.conf file as a ConfigMap:

    In this example, the ConfigMap installs to the spk-ingress Project.

    oc create configmap spk-bgp --from-file=ZebOS.conf -n spk-ingress
    
  3. To reference the ZebOS.conf ConfigMap, add the following parameters to the SPK Controller Helm values file:

    tmm:
      bfdToOVN:
        enabled: true
      dynamicRouting:
        enabled: true
        configMapName: "spk-bgp"
    
  4. Install the SPK Controller.

  5. Verify the ZebOS configuration once the BIG-IP Controller has installed:

    oc exec -it deploy/f5-tmm -c f5-tmm-routing -n spk-ingress \
    -- imish -e 'show running-config'
    
  6. Verify the BGP peering relationships one the BIG-IP Controller has installed:

    oc exec -it deploy/f5-tmm -c f5-tmm-routing -n spk-ingress \
    -- imish -e 'show bgp neighbors'
    
  7. If there are any issues, review the Troubleshooting section of the BGP Overview.

Modifications

Use these steps to modify the installed ZebOS.conf Configmap.

  1. Edit the ZebOS.conf file and modify the required parameters.

  2. To modify a neighbor IP address, you must first remove the previous address in the ZebOS.conf configuration:

    In this example, the neighbor IP 10.20.30.40 is changed to 10.20.30.50.

    no neighbor 10.20.30.40
    neighbor 10.20.30.50 remote-as 3535
    neighbor 10.20.30.50 ebgp-multihop 100
    
  3. List the ConfigMap in the cluster:

    oc get cm <name> -n <namespace>
    

    In this example, the ConfigMap named spk-bgp is in the spk-ingress namespace:

    oc get cm spk-bgp -n spk-ingress
    
  4. Apply the ConfigMap edits:

    oc create configmap spk-bgp --from-file=ZebOS.conf \
    -n spk-ingress -o yaml --dry-run=client | oc apply -f -
    
  5. Verify the ZebOS configuration once the BIG-IP Controller has installed:

    oc exec -it deploy/f5-tmm -c f5-tmm-routing -n spk-ingress \
    -- imish -e 'show running-config'
    

BGP Secrets

As described in the BGP Secrets section of the BGP Overview, neighbor passwords can be stored as Kubernetes secrets. When modifying BGP Secrets while the f5-tmm-routing container is running, the TMM Pod must be scaled down and back up. To scale the f5-tmm-routing container after modifying a BGP Secret, run the following commands:

  1. Scale the f5-tmm deployment to 0:

    oc scale deployment f5-tmm --replicas=0 -n spk-ingress
    
  2. Ensure the READY status is 0/0:

    oc get deployment -n spk-ingress 
    
    NAME     READY   UP-TO-DATE   AVAILABLE
    f5-tmm   0/0     0            0        
    
  3. Scale the f5-tmm deployment to the original number of replicas:

    oc scale deployment f5-tmm --replicas=1 -n spk-ingress
    

BGP ToR configuration

Use these steps to enable the SPK Top of Rack BGP (ToR) feature.

  1. Copy the example ToR ConfigMap defining the BGP neighbor to cluste node relationship in to a YAML file:

    In this example, the ConfigMap names spk-tor-bgp installs to the SPK Controller’s spk-ingress namespace.

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: "spk-tor-bgp"
      namespace: "spk-ingress"
    data:
      worker1.k8s.cluster.net: 192.168.154.110
      worker2.k8s.cluster.net: 192.168.154.111
      worker3.k8s.cluster.net: 192.168.154.112
      master.k8s.cluster.net: 192.168.154.112
    
  2. Install the ToR ConfigMap:

    oc apply -f tor.yaml
    
  3. Copy the example BGP configuration into the ZebOS.conf file. The peer-group and activate parameters are reqired for ToR:

    In this example, the ZebOS configuration references the spk-tor-bgp ConfigMap.

    router bgp 64443
      !
      bgp router-id %%POD_IP%%
      bgp log-neighbor-changes
      bgp graceful-restart restart-time 120
      redistribute kernel
      neighbor spk-tor-bgp remote-as 3535
      neighbor spk-tor-bgp peer-group
      neighbor spk-tor-bgp activate
      neighbor spk-tor-bgp ebgp-multihop 100
      neighbor spk-tor-bgp soft-reconfiguration inbound
    !
    
  4. Install the ZebOS.conf file as a ConfigMap:

    In this example, the ZebOS.conf ConfigMap installs to the SPK Controller’s spk-ingress namespace.

    oc create configmap spk-bgp --from-file=ZebOS.conf -n spk-ingress
    
  5. Add the following parameters to the SPK Controller Helm values file:

    In this example, the configMapName parameter references the ZebOS.conf ConfigMap, and the peerGroups parameter references the ToR ConfigMap.

    tmm:
      dynamicRouting:
        enabled: true
        configMapName: "spk-bgp"
        peerGroups:
          - spk-tor-bgp
    
  6. After installing the SPK Controller, view the ZebOS configuration:

    In this example, the SPK Controller installed to the spk-ingress namespace.

    oc exec -it deploy/f5-tmm -c f5-tmm-routing -n spk-ingress \
    -- imish -e 'show running-config'
    
  7. Verify the correct IP address is configured:

    In this example, the worker2.k8s.cluster.net mapped IP address 192.168.154.111 is used in the configuration.

    router bgp 64443
    bgp router-id 0.0.107.127
    no bgp default ipv4-unicast
    bgp log-neighbor-changes
    bgp graceful-restart restart-time 120
    max-paths ebgp 4
    redistribute kernel
    neighbor spk-bgp peer-group
    neighbor spk-bgp remote-as 3535
    neighbor spk-bgp ebgp-multihop 100
    neighbor spk-bgp activate
    neighbor spk-bgp soft-reconfiguration inbound
    neighbor 192.168.154.111 peer-group spk-bgp
    neighbor 192.168.154.111 activate
    
  8. If there are any issues, review the Troubleshooting section of the BGP Overview.

Feedback

Provide feedback to improve this document by emailing spkdocs@f5.com.

Supplemental