zoukankan      html  css  js  c++  java
  • k8s big-ip control 安装使用

    k8s big-ip control 安装使用

    0. 准备工作

    网络打通,这里没有使用fannel,没有使用vxlan 。

    在f5界面 创建f5分区。这里是cce-test。

    1. 安装bigip control

    kubectl create serviceaccount bigip-ctlr -n kube-system

    kubectl get sa -n kube-system

    创建ClusterRole ,ClusterRole

    f5-k8s-sample-rbac.yaml

    # for use in k8s clusters only
    # for OpenShift, use the OpenShift-specific examples
    kind: ClusterRole
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
      name: bigip-ctlr-clusterrole
    rules:
    - apiGroups: ["", "extensions"]
      resources: ["nodes", "services", "endpoints", "namespaces", "ingresses", "pods"]
      verbs: ["get", "list", "watch"]
    - apiGroups: ["", "extensions"]
      resources: ["configmaps", "events", "ingresses/status"]
      verbs: ["get", "list", "watch", "update", "create", "patch"]
    - apiGroups: ["", "extensions"]
      resources: ["secrets"]
      resourceNames: ["<secret-containing-bigip-login>"]
      verbs: ["get", "list", "watch"]
    
    ---
    
    kind: ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
      name: bigip-ctlr-clusterrole-binding
      namespace: kube-system
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: bigip-ctlr-clusterrole
    subjects:
    - apiGroup: ""
      kind: ServiceAccount
      name: bigip-ctlr
      namespace: kube-system
    

    kubectl get clusterroles.rbac.authorization.k8s.io -n kube-system

    NAME                                                                   AGE
    admin                                                                  2d12h
    aggregate-network-attachment-definitions-admin                         2d12h
    aggregate-network-attachment-definitions-edit                          2d12h
    aggregate-network-attachment-definitions-view                          2d12h
    bigip-ctlr-clusterrole                                                 46h
    cluster-admin                                                          2d12h
    copaddon-nginx-ingress                                                 2d12h
    coredns                                                                2d12h
    edit                                                                   2d12h
    

    kubectl get clusterrolebindings.rbac.authorization.k8s.io -n kube-system

    NAME                                                   AGE
    auto-approve-csrs-for-group                            2d12h
    auto-approve-renewals-for-nodes                        2d12h
    auto-approve-renewals-for-nodes-server                 2d12h
    bigip-ctlr-clusterrole-binding                         46h
    f5-k8s-bigip-ctlr_basic.yaml
    

    kubectl create secret generic bigip-login --namespace kube-system --from-literal=username=admin --from-literal=password=admin

    kubectl describe secret bigip-login -n kube-system

    kubectl apply -f f5-k8s-bigip-ctlr_basic.yaml

    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: k8s-bigip-ctlr-deployment
      namespace: kube-system
    spec:
      # DO NOT INCREASE REPLICA COUNT
      replicas: 1
      template:
        metadata:
          name: k8s-bigip-ctlr
          labels:
            app: k8s-bigip-ctlr
        spec:
          # Name of the Service Account bound to a Cluster Role with the required
          # permissions
          serviceAccountName: bigip-ctlr
          containers:
            - name: k8s-bigip-ctlr
              image: "f5networks/k8s-bigip-ctlr"
              imagePullPolicy: IfNotPresent
              env:
                - name: BIGIP_USERNAME
                  valueFrom:
                    secretKeyRef:
                      # Replace with the name of the Secret containing your login
                      # credentials
                      name: bigip-login
                      key: username
                - name: BIGIP_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      # Replace with the name of the Secret containing your login
                      # credentials
                      name: bigip-login
                      key: password
              command: ["/app/bin/k8s-bigip-ctlr"]
              args: [
                # See the k8s-bigip-ctlr documentation for information about
                # all config options
                # https://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest
                "--bigip-username=$(BIGIP_USERNAME)",
                "--bigip-password=$(BIGIP_PASSWORD)",
                "--bigip-url=xxxxxxxxx",
                "--bigip-partition=cce-test",
                "--pool-member-type=cluster"
                ]
         # imagePullSecrets:
         #   # Secret that gives access to a private docker registry
         #   - name: f5-docker-images
         #   # Secret containing the BIG-IP system login credentials
         #   - name: bigip-login
    

    指定bigip-url
    bigip-partition
    pool-member-type

    看下deployment日志有没有报错:
    kubectl logs k8s-bigip-ctlr-deployment-bcf87fdb8-ztj9f -n kube-system

    2. 创建应用和对应f5 vs的configmap

    创建应用,这里以nginx为例:

    kubectl create deployment --image=nginx nginx1
    kubectl expose deployment nginx1 --port=80

    创建f5vs的configmap

    f5-resource-vs-example.configmap.yaml

    kind: ConfigMap
    apiVersion: v1
    metadata:
      name: nginx1.vs
      labels:
        f5type: virtual-server
    data:
      # See the f5-schema table for schema-controller compatibility
      # https://clouddocs.f5.com/containers/latest/releases_and_versioning.html#f5-schema
      schema: "f5schemadb://bigip-virtual-server_v0.1.7.json"
      data: |
        {
          "virtualServer": {
            "backend": {
              "servicePort": 80,
              "serviceName": "nginx1",
              "healthMonitors": [{
                "interval": 30,
                "protocol": "http",
                "send": "GET / HTTP/1.1
    Host:abc.com
    
    ",
                "recv": "200|OK",
                "timeout": 120
              }]
            },
            "frontend": {
              "virtualAddress": {
                "port": 80,
                "bindAddr": "xxxxxxxxxx"
              },
              "partition": "cce-test",
              "balance": "least-connections-member",
              "mode": "http"
            }
          }
        }
    

    填写backend, frontend。

    官网有比较详细的解释,参数可以添加很多。
    https://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/v1.10/

  • 相关阅读:
    获取当前日期的年、月、日
    去掉后端返回过来的 % 且保留 2 位小数
    uni-app 长按复制
    rabbit——部署备份
    Mysql——查询语句备份
    Redis——常用命令
    luajit——编译运行lua
    Mac——无法退出移动硬盘解决办法
    Java——Function接口的使用
    Java——在运行mvn install或mvn package时跳过Test
  • 原文地址:https://www.cnblogs.com/gqdw/p/11607362.html
Copyright © 2011-2022 走看看