k8s big-ip control 安装使用
2024-10-20 05:37:43
k8s big-ip control 安装使用
0. 准备工作
网络打通,这里没有使用fannel,没有使用vxlan 。
在f5界面 创建f5分区。这里是cce-test。
1. 安装bigip control
kubectl create serviceaccount bigip-ctlr -n kube-system
kubectl get sa -n kube-system
创建ClusterRole ,ClusterRole
f5-k8s-sample-rbac.yaml
# for use in k8s clusters only
# for OpenShift, use the OpenShift-specific examples
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: bigip-ctlr-clusterrole
rules:
- apiGroups: ["", "extensions"]
resources: ["nodes", "services", "endpoints", "namespaces", "ingresses", "pods"]
verbs: ["get", "list", "watch"]
- apiGroups: ["", "extensions"]
resources: ["configmaps", "events", "ingresses/status"]
verbs: ["get", "list", "watch", "update", "create", "patch"]
- apiGroups: ["", "extensions"]
resources: ["secrets"]
resourceNames: ["<secret-containing-bigip-login>"]
verbs: ["get", "list", "watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: bigip-ctlr-clusterrole-binding
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: bigip-ctlr-clusterrole
subjects:
- apiGroup: ""
kind: ServiceAccount
name: bigip-ctlr
namespace: kube-system
kubectl get clusterroles.rbac.authorization.k8s.io -n kube-system
NAME AGE
admin 2d12h
aggregate-network-attachment-definitions-admin 2d12h
aggregate-network-attachment-definitions-edit 2d12h
aggregate-network-attachment-definitions-view 2d12h
bigip-ctlr-clusterrole 46h
cluster-admin 2d12h
copaddon-nginx-ingress 2d12h
coredns 2d12h
edit 2d12h
kubectl get clusterrolebindings.rbac.authorization.k8s.io -n kube-system
NAME AGE
auto-approve-csrs-for-group 2d12h
auto-approve-renewals-for-nodes 2d12h
auto-approve-renewals-for-nodes-server 2d12h
bigip-ctlr-clusterrole-binding 46h
f5-k8s-bigip-ctlr_basic.yaml
kubectl create secret generic bigip-login --namespace kube-system --from-literal=username=admin --from-literal=password=admin
kubectl describe secret bigip-login -n kube-system
kubectl apply -f f5-k8s-bigip-ctlr_basic.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: k8s-bigip-ctlr-deployment
namespace: kube-system
spec:
# DO NOT INCREASE REPLICA COUNT
replicas: 1
template:
metadata:
name: k8s-bigip-ctlr
labels:
app: k8s-bigip-ctlr
spec:
# Name of the Service Account bound to a Cluster Role with the required
# permissions
serviceAccountName: bigip-ctlr
containers:
- name: k8s-bigip-ctlr
image: "f5networks/k8s-bigip-ctlr"
imagePullPolicy: IfNotPresent
env:
- name: BIGIP_USERNAME
valueFrom:
secretKeyRef:
# Replace with the name of the Secret containing your login
# credentials
name: bigip-login
key: username
- name: BIGIP_PASSWORD
valueFrom:
secretKeyRef:
# Replace with the name of the Secret containing your login
# credentials
name: bigip-login
key: password
command: ["/app/bin/k8s-bigip-ctlr"]
args: [
# See the k8s-bigip-ctlr documentation for information about
# all config options
# https://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest
"--bigip-username=$(BIGIP_USERNAME)",
"--bigip-password=$(BIGIP_PASSWORD)",
"--bigip-url=xxxxxxxxx",
"--bigip-partition=cce-test",
"--pool-member-type=cluster"
]
# imagePullSecrets:
# # Secret that gives access to a private docker registry
# - name: f5-docker-images
# # Secret containing the BIG-IP system login credentials
# - name: bigip-login
指定bigip-url
bigip-partition
pool-member-type
看下deployment日志有没有报错:
kubectl logs k8s-bigip-ctlr-deployment-bcf87fdb8-ztj9f -n kube-system
2. 创建应用和对应f5 vs的configmap
创建应用,这里以nginx为例:
kubectl create deployment --image=nginx nginx1
kubectl expose deployment nginx1 --port=80
创建f5vs的configmap
f5-resource-vs-example.configmap.yaml
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx1.vs
labels:
f5type: virtual-server
data:
# See the f5-schema table for schema-controller compatibility
# https://clouddocs.f5.com/containers/latest/releases_and_versioning.html#f5-schema
schema: "f5schemadb://bigip-virtual-server_v0.1.7.json"
data: |
{
"virtualServer": {
"backend": {
"servicePort": 80,
"serviceName": "nginx1",
"healthMonitors": [{
"interval": 30,
"protocol": "http",
"send": "GET / HTTP/1.1\r\nHost:abc.com\r\n\r\n",
"recv": "200|OK",
"timeout": 120
}]
},
"frontend": {
"virtualAddress": {
"port": 80,
"bindAddr": "xxxxxxxxxx"
},
"partition": "cce-test",
"balance": "least-connections-member",
"mode": "http"
}
}
}
填写backend, frontend。
官网有比较详细的解释,参数可以添加很多。https://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/v1.10/
最新文章
- 【maven 报错】maven项目执行maven install时报错Error assembling WAR: webxml attribute is required (or pre-existing WEB-INF/web.xml if executing in update mode)
- windows7添�windows2008R2域配置
- 关于onsaveinstancestate和 onRestoreInstanceState()
- jquery 之选择符
- Web开发在线工具
- Python中国的学习方式处理问题
- javascript this对象
- ndk-stack使用方法
- java中log的应用
- BeetleX之HttpClusterApi应用详解
- Maven学习笔记5:Maven属性、profile和资源过滤
- centos7+cobbler+kickstart
- 当你觉得大学没学到Linux时的感想
- 几个H5炫酷特效
- mysql可视化工具
- DDOS hulk,rudy
- MBR主引导扇区解析2
- SQLServer 大小写转换
- 20162325 金立清 S2 W5 C14
- 请教如何改善C#中socket通信机客户端程序的健壮性