环境 : flannel vxlan,K8S 1.10, BIGIP V13
前提:将bigip作为node节点加入k8s中。 BIGIP上提前配置好vxlan tunnel和tunnel self ip (这两个资源都在/Common下)
步骤1: 在NS1下创建第一个cc,只监听这个ns内资源:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
[root@k8s-master f5-k8s]# cat bigip-ctlr-deployment.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: name: k8s-bigip-ctlr-deployment namespace: kube-system spec: # DO NOT INCREASE REPLICA COUNT replicas: 1 template: metadata: name: k8s-bigip-ctlr labels: app: k8s-bigip-ctlr spec: # Name of the Service Account bound to a Cluster Role with the required # permissions serviceAccountName: bigip-ctlr containers: - name: k8s-bigip-ctlr image: "myf5/k8s-bigip-ctlr:1.7.1" env: - name: BIGIP_USERNAME valueFrom: secretKeyRef: # Replace with the name of the Secret containing your login # credentials name: bigip-login key: username - name: BIGIP_PASSWORD valueFrom: secretKeyRef: # Replace with the name of the Secret containing your login # credentials name: bigip-login key: password - name: TZ value: Asia/Shanghai command: ["/app/bin/k8s-bigip-ctlr"] args: [ # See the k8s-bigip-ctlr documentation for information about # all config options # https://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest "--bigip-username=$(BIGIP_USERNAME)", "--bigip-password=$(BIGIP_PASSWORD)", "--bigip-url=172.16.20.202", "--bigip-partition=k8s", "--namespace=default", "--pool-member-type=cluster", "--flannel-name=/Common/flannel_vxlan", <<注意这的partition信息要与tunnel所在partition一致 ] imagePullSecrets: # Secret containing the BIG-IP system login credentials - name: bigip-login |
创建完毕后,F5将在/Common下创建相关FDB条目
步骤2: 在相关ns下发布对应的configmap F5资源
步骤3:在另一个ns里部署一个新的cc
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
[root@k8s-master f5-k8s]# cat bigip-ctlr-deployment-cka-ns.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: name: k8s-bigip-ctlr-deploy-ns-cka namespace: kube-system spec: # DO NOT INCREASE REPLICA COUNT replicas: 1 template: metadata: name: k8s-bigip-ctlr-ns-cka labels: app: k8s-bigip-ctlr-ns-cka spec: # Name of the Service Account bound to a Cluster Role with the required # permissions serviceAccountName: bigip-ctlr containers: - name: k8s-bigip-ctlr-ns-cka image: "myf5/k8s-bigip-ctlr:1.7.1" env: - name: BIGIP_USERNAME valueFrom: secretKeyRef: # Replace with the name of the Secret containing your login # credentials name: bigip-login key: username - name: BIGIP_PASSWORD valueFrom: secretKeyRef: # Replace with the name of the Secret containing your login # credentials name: bigip-login key: password - name: TZ value: Asia/Shanghai command: ["/app/bin/k8s-bigip-ctlr"] args: [ # See the k8s-bigip-ctlr documentation for information about # all config options # https://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest "--bigip-username=$(BIGIP_USERNAME)", "--bigip-password=$(BIGIP_PASSWORD)", "--bigip-url=172.16.20.202", "--bigip-partition=cka", "--namespace=cka", "--pool-member-type=cluster", "--flannel-name=/cka/flannel_vxlan", <<<注意这里的partition,写NS所希望对应的F5 partition。CC写入静态arp条目时候要用到此信息 ] imagePullSecrets: # Secret containing the BIG-IP system login credentials - name: bigip-login |
在新的ns里发布相关configmap F5资源即可
最后F5上结果如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
myf5@(v13-common)(cfg-sync Not All Devices Synced)(Active)(/cka)(tmos)# cd /Common myf5@(v13-common)(cfg-sync Not All Devices Synced)(Active)(/Common)(tmos)# show net fdb ------------------------------------------------------------------- Net::FDB Tunnel Mac Address Member Dynamic ------------------------------------------------------------------- flannel_vxlan ba:f6:f6:1c:26:1e endpoint:172.16.40.198%0 no flannel_vxlan de:dc:e2:5c:ea:50 endpoint:172.16.40.199%0 no flannel_vxlan 00:50:56:b3:2e:29 endpoint:172.16.40.202%0 no flannel_vxlan 00:50:56:b3:bc:0f endpoint:172.16.40.203%0 no myf5@(v13-common)(cfg-sync Not All Devices Synced)(Active)(/Common)(tmos)# show net arp ---------------------------------------------------------------------------------------------------- Net::Arp Name Address HWaddress Vlan Expire-in-sec Status ---------------------------------------------------------------------------------------------------- /Common/k8s-10.244.0.78 10.244.0.78 de:dc:e2:5c:ea:50 - - static /Common/k8s-10.244.1.35 10.244.1.35 ba:f6:f6:1c:26:1e - - static 172.16.30.203 172.16.30.203 00:50:56:b3:03:ff /Common/ext_vlan 222 resolved 172.16.40.198 172.16.40.198 00:50:56:b3:1b:9b /Common/int_vlan 286 resolved 172.16.40.199 172.16.40.199 00:50:56:b3:09:f2 /Common/int_vlan 278 resolved myf5@(v13-common)(cfg-sync Not All Devices Synced)(Active)(/Common)(tmos)# cd /cka myf5@(v13-common)(cfg-sync Not All Devices Synced)(Active)(/cka)(tmos)# show net fdb myf5@(v13-common)(cfg-sync Not All Devices Synced)(Active)(/cka)(tmos)# show net arp ------------------------------------------------------------------------------------------------- Net::Arp Name Address HWaddress Vlan Expire-in-sec Status ------------------------------------------------------------------------------------------------- /cka/k8s-10.244.0.76 10.244.0.76 de:dc:e2:5c:ea:50 - - static /cka/k8s-10.244.1.32 10.244.1.32 ba:f6:f6:1c:26:1e - - static 172.16.30.203 172.16.30.203 00:50:56:b3:03:ff /Common/ext_vlan 214 resolved 172.16.40.198 172.16.40.198 00:50:56:b3:1b:9b /Common/int_vlan 278 resolved 172.16.40.199 172.16.40.199 00:50:56:b3:09:f2 /Common/int_vlan 271 resolved |