Install F5network¶
This page describes how to install F5network.
Installation notes¶
The AS3 is a plug-in on the F5 device that provides a configurable interface to the remote network of the F5 device. There is a version matching requirement between the AS3 version and the software version of the F5 device.
k8s bigip ctlr is an F5 control plane component on a K8S cluster that has version matching requirements with K8S, and k8s bigip ctlr F5Networks/k8s-bigip-ctlr) also has version matching requirements with AS3.
Therefore, it is important to know the versions of both the F5 device and the K8S cluster in order to know what versions of AS3 and k8s-bigip-ctlr to be installed correctly.
To get the latest version matching relationships, please refer to the F5 official documentation on Controller/Platform compatibility
F5 installs AS3 service¶
-
Login to the management Web UI of F5, click
Statics -> Dashboardin the navigation bar, and get the version number of the F5 device.
-
Download the AS3 RPM package of the matching version to your local computer https://github.com/F5Networks/f5-appsvcs-extension/releases according to the version matching relationship in the
Installation Requirements. -
Login to the management web UI of F5, go to
iApps -> Package Management Lx, and clickimportin the upper right corner.
-
In the
import package, clickbrowse, select the AS3 on your local computer, and finishupload. -
After completing the installation, you can view the installation result.
F5 creates partition¶
A separate partition can be created on the F5 device for k8s bigip ctlr to manage the store and forward rules. The steps are as follows:
-
Login to the management web UI of F5, go to
System->Users->Partition List, and clickcreatein the upper right corner.
-
In the creation screen, fill in
Partion Nameand you don't need to change the other default values, then clickFinishedto finish the creation.
Install a storage component in your cluster (optional)¶
If you want a storage component to be installed in Layer 4 load balancing mode, you need to install f5 ipam controller. And f5 ipam controller requires the cluster to have the storage component to provide PVC services. You can refer to the relevant storage component installation manual for details.
If you want a storage component to be installed in Layer 7 load balancing mode, you can skip the steps of installing the componanet as it doesn't require the f5 ipam controller to be installed.
Install F5network in a cluster¶
-
Prepare a DCE cluster, and login to the Web UI of the global cluster. Go to
Container Management->Clusters, login to the cluster where you want to install F5network. -
In
Helm Apps->Helm Charts, find and click installf5network.
-
In
Version selection, select the version you want to install, and clickInstall. -
In the Installation Parameters screen, fill in the following information:
In the screen as above, fill in
Name,Namespace, andVersion.
Parameters description in the screen as above:
-
f5-bigip-ctlr Settings -> Registry: the repository address of the f5-bigip-ctlr mirror. the default has been filled with available online repositories. If it is a private environment, you can change it to a private repository address. -
f5-bigip-ctlr Settings -> repository: the f5-bigip-ctlr mirror name. -
f5-bigip-ctlr version: the mirror version of f5-bigip-ctlr. The default value is already set to the latest version number. If you modify it, pay attention to the version compatibility mentioned inInstallation requirements. -
Install ingressClass: install ingressClass. Enable it if you want to use 7-layer forwarding mode, and disable it if you want to use 4-layer forwarding mode. -
IngressClass Name: the name of the ingressClass. Enable it if you want to use Layer 7 forwarding mode, and disable it if you want to use Layer 4 forwarding mode. -
Default ingressClass: set the installed ingressClass as the default ingressClass for the cluster. Enable it if you want to use Layer 7 forwarding mode, and disable it if you want to use Layer 4 forwarding mode. -
BigIP Management Addr: the WEB UI login address of F5. -
BigIP Partition: the name of the Partition on the F5 device, i.e. the Partition created in theF5 Device Create Partitionstep.If multiple clusters share the same F5 device, it is better to use separate Partitions for different clusters.
-
Default Ingress IP: when this component is installed in Layer 7 load balancing mode, this value sets the ingress ingress VIP on F5, note that the IP should be the IP address of F5 external interface subnet. When this component is installed in Layer 4 load balancing mode, this value is ignored.If multiple clusters share the same F5 device, separate IPs should be used for different clusters.
-
Only Watch F5 CRD: when this option is turned on, the component will only monitor its own CRD, for working in Layer 4 load balancing mode; otherwise, it will monitor all K8S resources, for working in Layer 7 load balancing mode. -
Node Label Selector: set node label selector. The selected node will be used as the entry node in nodePort forwarding mode. If this value is not set, F5 will forward the traffic to the nodePort of all nodes in the cluster. -
Forward Method:set the mode for F5 to forward traffic,nodePortandclustermode. For explanation of the mode, refer to introduction.
Parameters description in the screen as above:
-
BigIP Username: the login account of the F5 device. -
BigIP Password: the login password of the F5 device. -
install f5-ipam-controller: install the f5-ipam-controller component. Disable it when you want to work in Layer 7 load balancing mode, and enable it when you want to work in Layer 4 load balancing mode. -
F5-ipam-controller Settings -> Registry: set the repository address of the f5-ipam-controller image. The default has been filled with available online repositories. If it is a private environment, you can change it to a private repository address. This option can be ignored wheninstall f5-ipam-controlleris turned off. -
f5-ipam-controller Settings -> repository: the f5-ipam-controller image name. This option can be ignored wheninstall f5-ipam-controlleris turned off. -
F5-ipam-controller version: the version of the mirror of the F5-ipam-controller. The default value is already set to the latest version number. This option can be ignored wheninstall f5-ipam-controlleris turned off. -
BIGIP L4 IP Pool: the VIP address pool for F5's Layer 4 load balancing. These IPs should be the IP addresses of the F5 external interface subnet. The format of this value is similar to{ LabelName: 172.16.1.1-172.16.1.5}, where LabelName will be used in the annotation when creating the application service.Note
When creating the application service, as long as the annotation
cis.f5.com/ipamLabel: LabelNameis given to the service, the VIP will be assigned by this component and will eventually take effect on the F5 device. This option can be ignored wheninstall f5-ipam-controlleris turned off.If multiple clusters share the same F5 device, different clusters should use separate IP pools.
-
storageClassName: the storageClass Name, which will be used by the f5-ipam-controller component for common PVC objects. Wheninstall f5-ipam-controlleris turned off, this option can be ignored. -
storageSize: the StorageClass size, which will be used by the f5-ipam-controller component for common PVC objects. This option can be ignored wheninstall f5-ipam-controlleris turned off.
-
Configuration in cluster forwarding mode (optional)¶
When the component is installed in cluster forwarding mode, it is necessary to configure VXLAN tunnels between the F5 and K8S clusters, or to configure BGP neighbors.
The CNI component of the K8S can often be configured with BGP and BPG neighbors of the F5 component to enable network connectivity. For Calico scenario, please refer to the F5 official documentation.
For more information about this component, please refer to the F5 Official Document.