Lab 1.3 - F5 Container Connector Setup

Take the steps below to deploy a contoller for each BIG-IP device in the cluster.

Set up RBAC

The F5 BIG-IP Controller requires permission to monitor the status of the OpenSfhift cluster. The following will create a bigip login secret, Service Account, and Cluster Role. Run the following commands on both master1 and master2:

oc create secret generic bigip-login -n kube-system --from-literal=username=admin --from-literal=password=admin
oc create serviceaccount bigip-ctlr -n kube-system
oc create clusterrolebinding bigip-ctlr-clusteradmin --clusterrole=cluster-admin --serviceaccount=kube-system:bigip-ctlr

Create & Verify CC Deployment

  1. Create an OpenShift Deployment for POD1 (one per BIG-IP device). You need to deploy a controller for both bigip1 and bigip2.

    cc-bigip1-10.yaml

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: bigip1-ctlr
      namespace: kube-system
    spec:
      replicas: 1
      template:
        metadata:
          name: k8s-bigip-ctlr
          labels:
            app: k8s-bigip-ctlr
        spec:
          serviceAccountName: bigip-ctlr
          containers:
            - name: k8s-bigip-ctlr
              image: "f5networks/k8s-bigip-ctlr:latest"
              imagePullPolicy: IfNotPresent
              env:
                - name: BIGIP_USERNAME
                  valueFrom:
                    secretKeyRef:
                      name: bigip-login
                      key: username
                - name: BIGIP_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: bigip-login
                      key: password
              command: ["/app/bin/k8s-bigip-ctlr"]
              args: [
                "--bigip-username=$(BIGIP_USERNAME)",
                "--bigip-password=$(BIGIP_PASSWORD)",
                "--bigip-url=10.1.10.4",
                "--bigip-partition=okd10",
                "--namespace=default",
                "--pool-member-type=cluster",
                "--openshift-sdn-name=/Common/okd-tunnel-10"
              ]
    

    cc-bigip2-10.yaml

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: bigip2-ctlr
      namespace: kube-system
    spec:
      replicas: 1
      template:
        metadata:
          name: k8s-bigip-ctlr
          labels:
            app: k8s-bigip-ctlr
        spec:
          serviceAccountName: bigip-ctlr
          containers:
            - name: k8s-bigip-ctlr
              image: "f5networks/k8s-bigip-ctlr:latest"
              imagePullPolicy: IfNotPresent
              env:
                - name: BIGIP_USERNAME
                  valueFrom:
                    secretKeyRef:
                      name: bigip-login
                      key: username
                - name: BIGIP_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: bigip-login
                      key: password
              command: ["/app/bin/k8s-bigip-ctlr"]
              args: [
                "--bigip-username=$(BIGIP_USERNAME)",
                "--bigip-password=$(BIGIP_PASSWORD)",
                "--bigip-url=10.1.10.5",
                "--bigip-partition=okd10",
                "--namespace=default",
                "--pool-member-type=cluster",
                "--openshift-sdn-name=/Common/okd-tunnel-10"
              ]
    
    oc create -f cc-bigip1-10.yaml
    oc create -f cc-bigip2-10.yaml
    
  2. Verify the deployment and pods that are created

    oc get deployment -n kube-system
    oc get pods -n kube-system
    
  3. Create an OpenShift Deployment for POD2 (one per BIG-IP device). You need to deploy a controller for both bigip1 and bigip2.

    cc-bigip1-20.yaml

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: bigip1-ctlr
      namespace: kube-system
    spec:
      replicas: 1
      template:
        metadata:
          name: k8s-bigip-ctlr
          labels:
            app: k8s-bigip-ctlr
        spec:
          serviceAccountName: bigip-ctlr
          containers:
            - name: k8s-bigip-ctlr
              image: "f5networks/k8s-bigip-ctlr:latest"
              imagePullPolicy: IfNotPresent
              env:
                - name: BIGIP_USERNAME
                  valueFrom:
                    secretKeyRef:
                      name: bigip-login
                      key: username
                - name: BIGIP_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: bigip-login
                      key: password
              command: ["/app/bin/k8s-bigip-ctlr"]
              args: [
                "--bigip-username=$(BIGIP_USERNAME)",
                "--bigip-password=$(BIGIP_PASSWORD)",
                "--bigip-url=10.1.10.4",
                "--bigip-partition=okd20",
                "--namespace=default",
                "--pool-member-type=cluster",
                "--openshift-sdn-name=/Common/okd-tunnel-20"
              ]
    

    cc-bigip2-20.yaml

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: bigip2-ctlr
      namespace: kube-system
    spec:
      replicas: 1
      template:
        metadata:
          name: k8s-bigip-ctlr
          labels:
            app: k8s-bigip-ctlr
        spec:
          serviceAccountName: bigip-ctlr
          containers:
            - name: k8s-bigip-ctlr
              image: "f5networks/k8s-bigip-ctlr:latest"
              imagePullPolicy: IfNotPresent
              env:
                - name: BIGIP_USERNAME
                  valueFrom:
                    secretKeyRef:
                      name: bigip-login
                      key: username
                - name: BIGIP_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: bigip-login
                      key: password
              command: ["/app/bin/k8s-bigip-ctlr"]
              args: [
                "--bigip-username=$(BIGIP_USERNAME)",
                "--bigip-password=$(BIGIP_PASSWORD)",
                "--bigip-url=10.1.10.5",
                "--bigip-partition=okd20",
                "--namespace=default",
                "--pool-member-type=cluster",
                "--openshift-sdn-name=/Common/okd-tunnel-20"
              ]
    
    oc create -f cc-bigip1-20.yaml
    oc create -f cc-bigip2-20.yaml
    
  4. Verify the deployment and pods that are created

    oc get deployment -n kube-system
    oc get pods -n kube-system