Pada versi 1.29 dan yang lebih lama, cluster pengguna yang dibuat dengan konfigurasi loadBalancer.f5BigIP men-deploy pengontrol F5 yang disediakan oleh Google. Karena pengontrol ini
memiliki
batasan,
di versi 1.30 dan yang lebih baru, Google Distributed Cloud memblokir pembuatan cluster dengan
konfigurasi loadBalancer.f5BigIP. Sebagai gantinya, cluster baru harus dikonfigurasi untuk
load balancing manual, dan Anda harus
men-deploy pengontrol F5 sendiri.
Halaman ini menunjukkan cara men-deploy pengontrol F5 lama yang disediakan Google untuk cluster pengguna yang dibuat dengan Google Distributed Cloud. Meskipun deployment pengontrol ini didukung, sebaiknya instal pengontrol CIS terbaru dari F5.
Prasyarat:
Anda memiliki cluster pengguna dengan konfigurasi manualLB.
Anda memiliki server F5 untuk cluster pengguna dan mengetahui informasi loginnya.
Anda ingin mengotomatiskan proses untuk mengonfigurasi server virtual di F5 untuk Layanan Kubernetes jenis LoadBalancer di cluster pengguna.
Langkah 1. Menyiapkan template untuk pengontrol
Dapatkan informasi F5 dan buat template.
Mendapatkan informasi F5
Tetapkan variabel placeholder berikut dengan informasi login dari server F5:
Nama Pengguna F5:
USERNAMESandi F5:
PASSWORDAlamat F5:
ADDRESSPartisi F5:
PARTITION
Tetapkan
SnatPoolName. Jika Anda tidak menggunakan SNAT, biarkan variabel placeholder kosong:SnatPoolName: SNAT_POOL_NAME
Mendapatkan informasi registry dan versi
Dapatkan resource kustom
onpremusercluster:kubectl --kubeconfig USER_CLUSTER_KUBECONFIG get onpremusercluster -oyaml -n kube-system
Salin kolom berikut dari resource kustom
onpremusercluster:Registry: REGISTRY (onpremusercluster.spec.registry.address) ImageTag: IMAGE_TAG (onpremusercluster.spec.gkeOnPremVersion)
Membuat template
cat > templates.yaml << EOF
apiVersion: v1
kind: Secret
metadata:
name: bigip-login
namespace: kube-system
stringData:
password: "PASSWORD"
username: "USERNAME"
url: "ADDRESS"
partition: "PARTITION"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bigip-ctlr
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: load-balancer-f5
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: k8s-bigip-ctlr-deployment
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: k8s-bigip-ctlr
template:
metadata:
name: k8s-bigip-ctlr
labels:
app: k8s-bigip-ctlr
spec:
serviceAccountName: bigip-ctlr
volumes:
- name: bigip-login
secret:
secretName: bigip-login
containers:
- name: k8s-bigip-ctlr
image: "REGISTRY/k8s-bigip-ctlr:v1.14.0-gke.28"
resources:
requests:
cpu: 60m
memory: 90Mi
volumeMounts:
- name: bigip-login
readOnly: true
mountPath: "/etc/bigip-login"
env:
- name: BIGIP_PARTITION
valueFrom:
secretKeyRef:
name: bigip-login
key: partition
command: ["/app/bin/k8s-bigip-ctlr"]
args: [
# See the k8s-bigip-ctlr documentation for information about
# all config options
# http://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest
"--http-listen-address=:9097",
"--credentials-directory=/etc/bigip-login",
"--bigip-partition=\$(BIGIP_PARTITION)",
"--log-level=ERROR",
"--pool-member-type=nodeport",
"--manage-ingress=false",
"--vs-snat-pool-name=SNAT_POOL_NAME"
]
dnsPolicy: Default
imagePullSecrets:
- name: private-registry-creds
nodeSelector:
kubernetes.io/os: linux
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: load-balancer-f5
namespace: kube-system
labels:
app: load-balancer-f5
spec:
replicas: 1
selector:
matchLabels:
app: load-balancer-f5
template:
metadata:
name: load-balancer-f5
labels:
app: load-balancer-f5
spec:
serviceAccountName: load-balancer-f5
containers:
- name: load-balancer-f5
image: "REGISTRY/load-balancer-f5:IMAGE_TAG"
env:
- name: BIGIP_PARTITION
valueFrom:
secretKeyRef:
name: bigip-login
key: partition
command:
- ./load-balancer-f5
args:
- "--bigip-partition=\$(BIGIP_PARTITION)"
resources:
requests:
cpu: 2m
memory: 13Mi
imagePullSecrets:
- name: private-registry-creds
nodeSelector:
kubernetes.io/os: linux
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: bigip-ctlr-clusterrole-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: bigip-ctlr-clusterrole
subjects:
- kind: ServiceAccount
name: bigip-ctlr
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: load-balancer-f5-clusterrole-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: load-balancer-f5-clusterrole
subjects:
- kind: ServiceAccount
name: load-balancer-f5
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name:
bigip-ctlr-clusterrole
rules:
- apiGroups: ["", "extensions"]
resources: ["nodes", "services", "endpoints", "namespaces", "ingresses", "pods"]
verbs: ["get", "list", "watch"]
- apiGroups: ["", "extensions"]
resources: ["configmaps", "events", "ingresses/status"]
verbs: ["get", "list", "watch"]
- apiGroups: ["", "extensions"]
resources: ["secrets"]
resourceNames: ["bigip-login"]
verbs: ["get", "list", "watch"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name:
load-balancer-f5-clusterrole
rules:
- apiGroups: [""]
resources: ["events", "nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["services", "services/status"]
verbs: ["get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "list", "watch", "create", "patch", "delete"]
EOF
Langkah 2. Menerapkan template ke cluster pengguna
kubectl --kubeconfig USER_CLUSTER_KUBECONFIG apply -f templates.yaml