Cloud Native应用交付

  • 首页
  • 关于本站
  • 个人介绍
  • Downloads
  • Repo
    • Github
    • Container
  • F5
    • F5 Python SDK
    • F5-container
    • F5-LBaaS
  • 社交
    • 联系我
    • 微信/微博
    • 公众号
    • 打赏赞助
行至水穷处 坐看云起时
Cloud Native Application Services: cnadn.net
  1. 首页
  2. F5技术
  3. 正文

F5 CC 租户配置隔离配置方法

2019年01月3日 22361点热度 1人点赞 0条评论

环境 : flannel vxlan,K8S 1.10, BIGIP V13

前提:将bigip作为node节点加入k8s中。 BIGIP上提前配置好vxlan tunnel和tunnel self ip (这两个资源都在/Common下)

步骤1: 在NS1下创建第一个cc,只监听这个ns内资源:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
[root@k8s-master f5-k8s]# cat bigip-ctlr-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: k8s-bigip-ctlr-deployment
  namespace: kube-system
spec:
  # DO NOT INCREASE REPLICA COUNT
  replicas: 1
  template:
    metadata:
      name: k8s-bigip-ctlr
      labels:
        app: k8s-bigip-ctlr
    spec:
      # Name of the Service Account bound to a Cluster Role with the required
      # permissions
      serviceAccountName: bigip-ctlr
      containers:
        - name: k8s-bigip-ctlr
          image: "myf5/k8s-bigip-ctlr:1.7.1"
          env:
            - name: BIGIP_USERNAME
              valueFrom:
                secretKeyRef:
                  # Replace with the name of the Secret containing your login
                  # credentials
                  name: bigip-login
                  key: username
            - name: BIGIP_PASSWORD
              valueFrom:
                secretKeyRef:
                  # Replace with the name of the Secret containing your login
                  # credentials
                  name: bigip-login
                  key: password
            - name: TZ
              value: Asia/Shanghai
          command: ["/app/bin/k8s-bigip-ctlr"]
          args: [
            # See the k8s-bigip-ctlr documentation for information about
            # all config options
            # https://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest
            "--bigip-username=$(BIGIP_USERNAME)",
            "--bigip-password=$(BIGIP_PASSWORD)",
            "--bigip-url=172.16.20.202",
            "--bigip-partition=k8s",
            "--namespace=default",
            "--pool-member-type=cluster",
            "--flannel-name=/Common/flannel_vxlan", <<注意这的partition信息要与tunnel所在partition一致
            ]
      imagePullSecrets:
        # Secret containing the BIG-IP system login credentials
        - name: bigip-login
 

创建完毕后,F5将在/Common下创建相关FDB条目

步骤2: 在相关ns下发布对应的configmap F5资源

步骤3:在另一个ns里部署一个新的cc

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
[root@k8s-master f5-k8s]# cat  bigip-ctlr-deployment-cka-ns.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: k8s-bigip-ctlr-deploy-ns-cka
  namespace: kube-system
spec:
  # DO NOT INCREASE REPLICA COUNT
  replicas: 1
  template:
    metadata:
      name: k8s-bigip-ctlr-ns-cka
      labels:
        app: k8s-bigip-ctlr-ns-cka
    spec:
      # Name of the Service Account bound to a Cluster Role with the required
      # permissions
      serviceAccountName: bigip-ctlr
      containers:
        - name: k8s-bigip-ctlr-ns-cka
          image: "myf5/k8s-bigip-ctlr:1.7.1"
          env:
            - name: BIGIP_USERNAME
              valueFrom:
                secretKeyRef:
                  # Replace with the name of the Secret containing your login
                  # credentials
                  name: bigip-login
                  key: username
            - name: BIGIP_PASSWORD
              valueFrom:
                secretKeyRef:
                  # Replace with the name of the Secret containing your login
                  # credentials
                  name: bigip-login
                  key: password
            - name: TZ
              value: Asia/Shanghai
          command: ["/app/bin/k8s-bigip-ctlr"]
          args: [
            # See the k8s-bigip-ctlr documentation for information about
            # all config options
            # https://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest
            "--bigip-username=$(BIGIP_USERNAME)",
            "--bigip-password=$(BIGIP_PASSWORD)",
            "--bigip-url=172.16.20.202",
            "--bigip-partition=cka",
            "--namespace=cka",
            "--pool-member-type=cluster",
            "--flannel-name=/cka/flannel_vxlan", <<<注意这里的partition,写NS所希望对应的F5 partition。CC写入静态arp条目时候要用到此信息
            ]
      imagePullSecrets:
        # Secret containing the BIG-IP system login credentials
        - name: bigip-login
 

在新的ns里发布相关configmap F5资源即可

最后F5上结果如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
myf5@(v13-common)(cfg-sync Not All Devices Synced)(Active)(/cka)(tmos)# cd /Common
myf5@(v13-common)(cfg-sync Not All Devices Synced)(Active)(/Common)(tmos)# show net fdb
 
-------------------------------------------------------------------
Net::FDB    
Tunnel         Mac Address        Member                    Dynamic
-------------------------------------------------------------------
flannel_vxlan  ba:f6:f6:1c:26:1e  endpoint:172.16.40.198%0  no
flannel_vxlan  de:dc:e2:5c:ea:50  endpoint:172.16.40.199%0  no
flannel_vxlan  00:50:56:b3:2e:29  endpoint:172.16.40.202%0  no
flannel_vxlan  00:50:56:b3:bc:0f  endpoint:172.16.40.203%0  no
 
myf5@(v13-common)(cfg-sync Not All Devices Synced)(Active)(/Common)(tmos)# show net arp
 
----------------------------------------------------------------------------------------------------
Net::Arp              
Name                     Address        HWaddress          Vlan              Expire-in-sec  Status
----------------------------------------------------------------------------------------------------
/Common/k8s-10.244.0.78  10.244.0.78    de:dc:e2:5c:ea:50  -                 -              static
/Common/k8s-10.244.1.35  10.244.1.35    ba:f6:f6:1c:26:1e  -                 -              static
172.16.30.203            172.16.30.203  00:50:56:b3:03:ff  /Common/ext_vlan  222            resolved
172.16.40.198            172.16.40.198  00:50:56:b3:1b:9b  /Common/int_vlan  286            resolved
172.16.40.199            172.16.40.199  00:50:56:b3:09:f2  /Common/int_vlan  278            resolved
 
myf5@(v13-common)(cfg-sync Not All Devices Synced)(Active)(/Common)(tmos)# cd /cka
myf5@(v13-common)(cfg-sync Not All Devices Synced)(Active)(/cka)(tmos)# show net fdb
myf5@(v13-common)(cfg-sync Not All Devices Synced)(Active)(/cka)(tmos)# show net arp
 
-------------------------------------------------------------------------------------------------
Net::Arp            
Name                  Address        HWaddress          Vlan              Expire-in-sec  Status
-------------------------------------------------------------------------------------------------
/cka/k8s-10.244.0.76  10.244.0.76    de:dc:e2:5c:ea:50  -                 -              static
/cka/k8s-10.244.1.32  10.244.1.32    ba:f6:f6:1c:26:1e  -                 -              static
172.16.30.203         172.16.30.203  00:50:56:b3:03:ff  /Common/ext_vlan  214            resolved
172.16.40.198         172.16.40.198  00:50:56:b3:1b:9b  /Common/int_vlan  278            resolved
172.16.40.199         172.16.40.199  00:50:56:b3:09:f2  /Common/int_vlan  271            resolved

相关文章

  • k8s利用F5实现租户流量隔离?
  • F5 k8s解决方案(1)- 基于 flannel vxlan模型的K8S解决方案
  • [issue-Fixed]多网络平面下bigip cc使用node internal ip导致FDB表插入错误
  • K8s 1.6.7安装F5 k8s-bigip-ctlr(F5 Container Connector,F5 CC)
  • DOCKER容器跨宿主机通信方法(4):Flannel-Vxlan
本作品采用 知识共享署名-非商业性使用 4.0 国际许可协议 进行许可
标签: cc f5-k8s-ctlr flannel k8s ns vxlan 隔离
最后更新:2019年08月24日

纳米

linjing.io

打赏 点赞
< 上一篇
下一篇 >
页面AI聊天助手

纳米

linjing.io

☁️迈向Cloud Native ADC ☁️

认证获得:
TOGAF: ID 152743
Kubernetes: CKA #664
Microsoft: MCSE MCDBA
Cisco: CCNP
Juniper: JNCIS
F5:
F5 Certified Solution Expert, Security
F5 Certified Technology Specialist, LTM/GTM/APM/ASM
F5 Certified BIG-IP Administrator
  • 点击查看本博技术要素列表
  • 归档
    分类
    • AI
    • Automation
    • Avi Networks
    • Cisco ACI
    • CISCO资源
    • F5 with ELK
    • F5-Tech tips
    • F5技术
    • Juniper
    • Linux
    • NGINX
    • SDN
    • ServiceMesh
    • WEB编程
    • WINDOWS相关
    • 业界文章
    • 交换机技术
    • 化云为雨/Openstack
    • 协议原理
    • 容器/k8s
    • 我的工作
    • 我的生活
    • 网站技术
    • 路由器技术
    • 项目案例
    标签聚合
    docker flannel api openstack gtm bigip envoy DNS k8s istio irule nginx neutron network F5
    最近评论
    汤姆 发布于 8 个月前(09月10日) 嗨,楼主,里面的json怎么下载啊,怎么收费啊?
    汤姆 发布于 8 个月前(09月09日) 大佬,kib的页面可以分享下吗?谢谢
    zhangsha 发布于 1 年前(05月12日) 资料发给我下,谢谢纳米同志!!!!lyx895@qq.com
    李成才 发布于 1 年前(01月02日) 麻烦了,谢谢大佬
    纳米 发布于 1 年前(01月02日) 你好。是的,因为以前下载系统插件在一次升级后将所有的下载生成信息全弄丢了。所以不少文件无法下载。DN...
    浏览次数
    • Downloads - 183,754 views
    • 联系我 - 118,966 views
    • 迄今为止最全最深入的BIGIP-DNS/GTM原理及培训资料 - 116,433 views
    • Github - 103,633 views
    • F5常见log日志解释 - 79,766 views
    • 从传统ADC迈向CLOUD NATIVE ADC - 下载 - 74,617 views
    • Sniffer Pro 4 70 530抓包软件 中文版+视频教程 - 74,320 views
    • 迄今为止最全最深入的BIGIP-DNS/GTM原理及培训资料 - 67,770 views
    • 关于本站 - 60,882 views
    • 这篇文档您是否感兴趣 - 55,491 views
    链接表
    • F5SE创新
    • Jimmy Song‘s Blog
    • SDNlab
    • Service Mesh社区
    • 三斗室
    • 个人profile
    • 云原生社区

    COPYRIGHT © 2023 Cloud Native 应用交付. ALL RIGHTS RESERVED.

    Theme Kratos Made By Seaton Jiang

    京ICP备14048088号-1

    京公网安备 11010502041506号