Skip to content

Get Started

You’ll need a Kubernetes cluster to run against. You can use KIND to get a local cluster for testing, or run against a remote cluster.

Note: bigip-kubernetes-gateway controller will automatically use the current context in your kubeconfig file (i.e. whatever cluster kubectl cluster-info shows). If the controller runs in In-Cluster mode, it will depends on the serviceaccount and role/role-binding described in installation.

Kubernetes Setup For Gateway API Integration

After you have a K8s cluster, we need to configure it for different CNI types to make sure connection between BIG-IP and kubernetes cluster is OK.

Note:

To enable Gateway API integration via BIG-IP, actually, we need to configure both sides of BIG-IPs and the Kubernetes cluster, however, the BIG-IP side is configured by controller itself automatically when the controller is started.

Here, we only need to configure Kubernetes side manually. For different CNIs, we have different configuration steps as following.

In Flannel mode

In flannel network mode, we need to create a BIG-IP virtual node to connect the BIG-IP node to the Kubernetes.

In the following configuration sample, we use:

  • BIG-IP traffic IP(Flannel VXLAN SelfIP): 10.250.18.105
  • BIG-IP traffic Mac(Flannel VXLAN Tunnel MAC): fa:16:3e:d5:28:07 (see below for the way to get it)
  • podCIDR(BIGIP Flannel Subnet): 10.42.20.0/24 (see below for how to determine it)

-> Create and edit the following yaml configuration file bigip1.yaml:

bigip1.yaml:

apiVersion: v1
kind: Node
metadata:
  name: bigip1
annotations:
  # Replace IP with Self-IP for your deployment
  flannel.alpha.coreos.com/public-ip: "10.250.18.105"
  # uncomment the following line if using v6 tunnel and modify bigip v6 address
  # flannel.alpha.coreos.com/public-ipv6: "2021:15::125"
  # Replace MAC with your BIGIP Flannel VXLAN Tunnel MAC
  flannel.alpha.coreos.com/backend-data: '{"VtepMAC":"fa:16:3e:d5:28:07"}'
  # uncomment the following line if using v6 tunnel and modify mac accordingly
  # flannel.alpha.coreos.com/backend-v6-data: '{"VtepMAC":"fa:16:3e:d5:28:07"}'
  flannel.alpha.coreos.com/backend-type: "vxlan"
  flannel.alpha.coreos.com/kube-subnet-manager: "true"
spec:
  # Replace Subnet with your BIGIP Flannel Subnet
  podCIDR: "10.42.20.0/24"
  # uncomment the following 3 lines if using v6 tunnel and modify CIDRs using real data
  #podCIDRs:
  #- "10.42.20.0/24"
  #- "2021:118:2:2::/64"

The mac address VtepMAC can be obtained using the TMSH command on BIG-IP:

$ show net tunnels tunnel fl-tunnel all-properties

$ show net tunnels tunnel fl-tunnel6 all-properties

The pod CIDR podCIDR varies and should not be duplicated with the kubernetes cluster's pod CIDRs, see it by:

kubectl get node -o yaml | grep podCIDR

-> Execute kubectl apply -f bigip1.yaml command to create the above virtual node.

In Calico mode

In calico mode, we need to peer BIG-IP(s) as the BGP neighbors of Kubernetes nodes.

In the following configuration sample, we use:

  • AS(Autonomous System): 64512
  • BIG-IP traffic IP: 10.250.17.111

On master node,

-> Run the command to get calicoctl command line:

$ curl -O -L https://github.com/projectcalico/calicoctl/releases/download/v3.10.0/calicoctl`
$ chmod +x calicoctl
$ sudo mv calicoctl /usr/local/bin

-> Edit /etc/calico/calico.ctl.cfg file

$ sudo mkdir /etc/calico
$ vim /etc/calico/calicoctl.cfg

calicoctl.cfg

apiVersion: projectcalico.org/v3
kind: CalicoAPIConfig
metadata:
spec:
  datastoreType: "kubernetes"
  kubeconfig: "/root/.kube/config"    # change to actual kubeconfig path

-> Run calicoctl get nodes to verify calicoctl runtime works OK.

-> Run the following command to create BGP Group:

cat << EOF | calicoctl create -f -
apiVersion: projectcalico.org/v3
kind: BGPConfiguration
metadata:
  name: default
spec:
  logSeverityScreen: Info
  nodeToNodeMeshEnabled: true
  asNumber: 64512
EOF

-> Run the following command to create BIG-IP peer for the kubernetes cluster.

Notes: Change the peerIP to actual BIG-IP traffic IP(the selfIP for data traffic).

cat << EOF | calicoctl create -f -
apiVersion: projectcalico.org/v3
kind: BGPPeer
metadata:
    name: bgppeer-bigip1
spec:
  peerIP: 10.250.17.111
  asNumber: 64512
EOF

-> After the configuration, we can use calicoctl node status command to check the BIG-IP peer status:

$ calicoctl node status
Calico process is running.

IPv4 BGP status
+---------------+-------------------+-------+----------+-------------+
| PEER ADDRESS  |     PEER TYPE     | STATE |  SINCE   |    INFO     |
+---------------+-------------------+-------+----------+-------------+
| 10.250.17.182 | node-to-node mesh | up    | 03:07:33 | Established |
| 10.250.17.111 | global            | up    | 06:18:28 | Established |
+---------------+-------------------+-------+----------+-------------+

More references, see https://f5-k8s-istio-lab.readthedocs.io/en/latest/BGP/introduction.html


Last update: July 26, 2023 15:24:58
Created: November 20, 2022 11:45:55