使用 F5 和 Google 提供的舊版控制器進行負載平衡
透過集合功能整理內容
你可以依據偏好儲存及分類內容。
在 1.29 以下版本中,使用 loadBalancer.f5BigIP 設定建立的使用者叢集,會部署 Google 提供的 F5 控制器。由於這些控制器有限制,在 1.30 以上版本中,Google Distributed Cloud 會禁止使用 loadBalancer.f5BigIP 設定建立叢集。您必須為新叢集設定手動平衡負載,並自行部署 F5 控制器。
本頁說明如何為使用 Google Distributed Cloud 建立的使用者叢集,部署 Google 提供的舊版 F5 控制器。雖然系統支援部署這些控制器,但我們建議您安裝 F5 的最新 CIS 控制器。
需求條件:
您有一個採用 manualLB 設定的使用者叢集。
您擁有使用者叢集的 F5 伺服器,且知道登入資訊。
您想自動化程序,在 F5 中為使用者叢集內 LoadBalancer 類型的 Kubernetes 服務設定虛擬伺服器。
步驟 1:準備控制器的範本
取得 F5 資訊並產生範本。
使用 F5 伺服器的登入資訊,設定下列預留位置變數:
F5 使用者名稱:USERNAME
F5 密碼:PASSWORD
F5 地址:ADDRESS
F5 分割區:PARTITION
設定 SnatPoolName。如果未使用 SNAT,請將預留位置變數留空:
SnatPoolName: SNAT_POOL_NAME
取得 onpremusercluster 自訂資源:
kubectl --kubeconfig USER_CLUSTER_KUBECONFIG get onpremusercluster -oyaml -n kube-system
從 onpremusercluster 自訂資源複製下列欄位:
Registry: REGISTRY (onpremusercluster.spec.registry.address)
ImageTag: IMAGE_TAG (onpremusercluster.spec.gkeOnPremVersion)
生成範本
cat > templates.yaml << EOF
apiVersion: v1
kind: Secret
metadata:
name: bigip-login
namespace: kube-system
stringData:
password: "PASSWORD"
username: "USERNAME"
url: "ADDRESS"
partition: "PARTITION"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bigip-ctlr
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: load-balancer-f5
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: k8s-bigip-ctlr-deployment
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: k8s-bigip-ctlr
template:
metadata:
name: k8s-bigip-ctlr
labels:
app: k8s-bigip-ctlr
spec:
serviceAccountName: bigip-ctlr
volumes:
- name: bigip-login
secret:
secretName: bigip-login
containers:
- name: k8s-bigip-ctlr
image: "REGISTRY/k8s-bigip-ctlr:v1.14.0-gke.28"
resources:
requests:
cpu: 60m
memory: 90Mi
volumeMounts:
- name: bigip-login
readOnly: true
mountPath: "/etc/bigip-login"
env:
- name: BIGIP_PARTITION
valueFrom:
secretKeyRef:
name: bigip-login
key: partition
command: ["/app/bin/k8s-bigip-ctlr"]
args: [
# See the k8s-bigip-ctlr documentation for information about
# all config options
# http://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest
"--http-listen-address=:9097",
"--credentials-directory=/etc/bigip-login",
"--bigip-partition=\$(BIGIP_PARTITION)",
"--log-level=ERROR",
"--pool-member-type=nodeport",
"--manage-ingress=false",
"--vs-snat-pool-name=SNAT_POOL_NAME"
]
dnsPolicy: Default
imagePullSecrets:
- name: private-registry-creds
nodeSelector:
kubernetes.io/os: linux
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: load-balancer-f5
namespace: kube-system
labels:
app: load-balancer-f5
spec:
replicas: 1
selector:
matchLabels:
app: load-balancer-f5
template:
metadata:
name: load-balancer-f5
labels:
app: load-balancer-f5
spec:
serviceAccountName: load-balancer-f5
containers:
- name: load-balancer-f5
image: "REGISTRY/load-balancer-f5:IMAGE_TAG"
env:
- name: BIGIP_PARTITION
valueFrom:
secretKeyRef:
name: bigip-login
key: partition
command:
- ./load-balancer-f5
args:
- "--bigip-partition=\$(BIGIP_PARTITION)"
resources:
requests:
cpu: 2m
memory: 13Mi
imagePullSecrets:
- name: private-registry-creds
nodeSelector:
kubernetes.io/os: linux
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: bigip-ctlr-clusterrole-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: bigip-ctlr-clusterrole
subjects:
- kind: ServiceAccount
name: bigip-ctlr
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: load-balancer-f5-clusterrole-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: load-balancer-f5-clusterrole
subjects:
- kind: ServiceAccount
name: load-balancer-f5
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name:
bigip-ctlr-clusterrole
rules:
- apiGroups: ["", "extensions"]
resources: ["nodes", "services", "endpoints", "namespaces", "ingresses", "pods"]
verbs: ["get", "list", "watch"]
- apiGroups: ["", "extensions"]
resources: ["configmaps", "events", "ingresses/status"]
verbs: ["get", "list", "watch"]
- apiGroups: ["", "extensions"]
resources: ["secrets"]
resourceNames: ["bigip-login"]
verbs: ["get", "list", "watch"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name:
load-balancer-f5-clusterrole
rules:
- apiGroups: [""]
resources: ["events", "nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["services", "services/status"]
verbs: ["get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "list", "watch", "create", "patch", "delete"]
EOF
步驟 2:將範本套用至使用者叢集
kubectl --kubeconfig USER_CLUSTER_KUBECONFIG apply -f templates.yaml
除非另有註明,否則本頁面中的內容是採用創用 CC 姓名標示 4.0 授權,程式碼範例則為阿帕契 2.0 授權。詳情請參閱《Google Developers 網站政策》。Java 是 Oracle 和/或其關聯企業的註冊商標。
上次更新時間:2025-09-04 (世界標準時間)。
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-09-04 (世界標準時間)。"],[],[],null,["In version 1.29 and lower, user clusters created with the\n[loadBalancer.f5BigIP](/kubernetes-engine/distributed-cloud/vmware/docs/how-to/user-cluster-configuration-file-latest#loadbalancer-f5bigip-section)\nconfiguration deployed F5 controllers provided by Google. Because these controllers\nhave\n[limitations](/kubernetes-engine/distributed-cloud/vmware/docs/concepts/migrate-recommended-features#migrate_configuration_settings_for_your_f5_big-ip_load_balancer),\nin version 1.30 and higher, Google Distributed Cloud blocks creating clusters with the\n`loadBalancer.f5BigIP` configuration. Instead, new clusters must be configured for\n[manual load balancing](/kubernetes-engine/distributed-cloud/vmware/docs/how-to/manual-load-balance), and you need to\ndeploy F5 controllers yourself.\n\nThis page shows how to deploy the legacy Google-provided F5 controllers for a user\ncluster created with Google Distributed Cloud. Although deploying these controllers is\nsupported, we recommend that you install the latest CIS controller from F5.\n\nPrerequisites:\n\n- You have a user cluster with the [manualLB](/kubernetes-engine/distributed-cloud/vmware/docs/how-to/user-cluster-configuration-file-latest#loadbalancer-manuallb-section) configuration.\n\n- You have a F5 server for the user cluster and you know its login information.\n\n- You want to automate the process to configure virtual servers in F5 for\n Kubernetes Services of type LoadBalancer in your user cluster.\n\nStep1. Prepare templates for the controllers\n\nGet the F5 information and generate the templates.\n\nGet F5 information\n\n1. Set the following placeholder variables with the login information from\n the F5 server:\n\n - F5 UserName: \u003cvar class=\"edit\" scope=\"USERNAME\" translate=\"no\"\u003eUSERNAME\u003c/var\u003e\n\n - F5 Password: \u003cvar class=\"edit\" scope=\"PASSWORD\" translate=\"no\"\u003ePASSWORD\u003c/var\u003e\n\n - F5 Address: \u003cvar class=\"edit\" scope=\"ADDRESS\" translate=\"no\"\u003eADDRESS\u003c/var\u003e\n\n - F5 Partition: \u003cvar class=\"edit\" scope=\"PARTITION\" translate=\"no\"\u003ePARTITION\u003c/var\u003e\n\n2. Set the `SnatPoolName`. If you aren't using SNAT, leave the placeholder\n variable empty:\n\n ```\n SnatPoolName: SNAT_POOL_NAME\n ```\n\nGet the registry and version information\n\n1. Get the `onpremusercluster` custom resource:\n\n ```\n kubectl --kubeconfig USER_CLUSTER_KUBECONFIG get onpremusercluster -oyaml -n kube-system\n ```\n2. Copy the following fields from the `onpremusercluster` custom resource:\n\n ```\n Registry: REGISTRY (onpremusercluster.spec.registry.address)\n ImageTag: IMAGE_TAG (onpremusercluster.spec.gkeOnPremVersion)\n ```\n\nGenerate the templates \n\n```\ncat \u003e templates.yaml \u003c\u003c EOF\napiVersion: v1\nkind: Secret\nmetadata:\n name: bigip-login\n namespace: kube-system\nstringData:\n password: \"PASSWORD\"\n username: \"USERNAME\"\n url: \"ADDRESS\"\n partition: \"PARTITION\"\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: bigip-ctlr\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: load-balancer-f5\n namespace: kube-system\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: k8s-bigip-ctlr-deployment\n namespace: kube-system\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: k8s-bigip-ctlr\n template:\n metadata:\n name: k8s-bigip-ctlr\n labels:\n app: k8s-bigip-ctlr\n spec:\n serviceAccountName: bigip-ctlr\n volumes:\n - name: bigip-login\n secret:\n secretName: bigip-login\n containers:\n - name: k8s-bigip-ctlr\n image: \"REGISTRY/k8s-bigip-ctlr:v1.14.0-gke.28\"\n resources:\n requests:\n cpu: 60m\n memory: 90Mi\n volumeMounts:\n - name: bigip-login\n readOnly: true\n mountPath: \"/etc/bigip-login\"\n env:\n - name: BIGIP_PARTITION\n valueFrom:\n secretKeyRef:\n name: bigip-login\n key: partition\n command: [\"/app/bin/k8s-bigip-ctlr\"]\n args: [\n # See the k8s-bigip-ctlr documentation for information about\n # all config options\n # http://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest\n \"--http-listen-address=:9097\",\n \"--credentials-directory=/etc/bigip-login\",\n \"--bigip-partition=\\$(BIGIP_PARTITION)\",\n \"--log-level=ERROR\",\n \"--pool-member-type=nodeport\",\n \"--manage-ingress=false\",\n \"--vs-snat-pool-name=SNAT_POOL_NAME\"\n ]\n dnsPolicy: Default\n imagePullSecrets:\n - name: private-registry-creds\n nodeSelector:\n kubernetes.io/os: linux\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: load-balancer-f5\n namespace: kube-system\n labels:\n app: load-balancer-f5\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: load-balancer-f5\n template:\n metadata:\n name: load-balancer-f5\n labels:\n app: load-balancer-f5\n spec:\n serviceAccountName: load-balancer-f5\n containers:\n - name: load-balancer-f5\n image: \"REGISTRY/load-balancer-f5:IMAGE_TAG\"\n env:\n - name: BIGIP_PARTITION\n valueFrom:\n secretKeyRef:\n name: bigip-login\n key: partition\n command:\n - ./load-balancer-f5\n args:\n - \"--bigip-partition=\\$(BIGIP_PARTITION)\"\n resources:\n requests:\n cpu: 2m\n memory: 13Mi\n imagePullSecrets:\n - name: private-registry-creds\n nodeSelector:\n kubernetes.io/os: linux\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: bigip-ctlr-clusterrole-binding\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: bigip-ctlr-clusterrole\nsubjects:\n - kind: ServiceAccount\n name: bigip-ctlr\n namespace: kube-system\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: load-balancer-f5-clusterrole-binding\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: load-balancer-f5-clusterrole\nsubjects:\n - kind: ServiceAccount\n name: load-balancer-f5\n namespace: kube-system\n---\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name:\n bigip-ctlr-clusterrole\nrules:\n - apiGroups: [\"\", \"extensions\"]\n resources: [\"nodes\", \"services\", \"endpoints\", \"namespaces\", \"ingresses\", \"pods\"]\n verbs: [\"get\", \"list\", \"watch\"]\n - apiGroups: [\"\", \"extensions\"]\n resources: [\"configmaps\", \"events\", \"ingresses/status\"]\n verbs: [\"get\", \"list\", \"watch\"]\n - apiGroups: [\"\", \"extensions\"]\n resources: [\"secrets\"]\n resourceNames: [\"bigip-login\"]\n verbs: [\"get\", \"list\", \"watch\"]\n---\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name:\n load-balancer-f5-clusterrole\nrules:\n - apiGroups: [\"\"]\n resources: [\"events\", \"nodes\"]\n verbs: [\"get\", \"list\", \"watch\"]\n - apiGroups: [\"\"]\n resources: [\"services\", \"services/status\"]\n verbs: [\"get\", \"list\", \"watch\", \"patch\", \"update\"]\n - apiGroups: [\"\"]\n resources: [\"configmaps\"]\n verbs: [\"get\", \"list\", \"watch\", \"create\", \"patch\", \"delete\"]\nEOF\n```\n\nStep2. Apply the templates to user cluster \n\n```\nkubectl --kubeconfig USER_CLUSTER_KUBECONFIG apply -f templates.yaml\n```\n| **Note:** After every upgrade of the cluster's control plane, you have to make these changes."]]
