Forum Discussion
AltocumulusNGINX(ingress controller)-F5 integration
Hey Kunal,
Regarding user/pass, you need to create a secret within k8s and reference that secret in the form of variables in the yaml file. - the references are already in place, so please create a secret per this article ( https://clouddocs.f5.com/containers/v2/kubernetes/kctlr-app-install.html#kctlr-initial-setup-bigip ), step 3.
For "--bigip-url=<ip_address-or-hostname>", if your BIG-IP has a single interface, the management by default is on port 8443. Use the address that you use to administer the appliance.
You do not need to add anything to the ConfigMap as related to your question. If you follow the referenced article, all the prerequisites should be setup and ready to go.
--insecure=true means CIS will not validate certificate presented by the BIG-IP. All traffic is still SSL encrypted.
Install a recent version of f5-appsvcs on the BIG-IP, otherwise it won't understand AS3 embedded within the ConfigMap.
Once the CIS is able to communicate with the BIG-IP, the AS3 within the ConfigMap will set up everything in the BIG-IP. You do not have to configure anything manually inside the BIG-IP.
The integration is meant for NGINX Plus Ingress Controller, the Open Source Nginx might work as well, but I have not tested it at all.
Thanks,
Chris
AltocumulusThanks for your response, It worked.
There are few things i tweaked, username and password i mentioned as absolute value then variables and the called secret.
I removed 8443 from the url of F5.
Also if you can share working example for nodeport, it will be great. I got this working once but after the nodes disappeared and never worked again. I followed couple of links
https://clouddocs.f5.com/training/community/containers/html/class2/module1/lab3.html
but no luck.
what is the best way to troubleshoot it.
Also can you please share data plane forwarding information.
In our setup we have create VIP on F5 which points to the pool which has IP address of worker nodes which is different from this integration, in this integration NGINX POD IP's are getting added.
Normally POD address are not advertised out of kubernetes cluster.
Do we need to setup a routing from F5 to reach to the POD space via worker nodes?
Thanks
Kunal
For NodePort, change 'type: ClusterIP' to 'type: NodePort' in Service definition. - It is a k8s construct
Try to delete the AS3 Tenant on the BIG-IP and recreate the CIS pod and apply ConfigMap again. - The new AS3 will usually apply.
If you are using NodePort, there is nothing else to do be done as there is no CNI. If you are using a CNI, either VXLAN (Flannel) or BGP (Calico), then follow this article ( https://clouddocs.f5.com/containers/v2/ ).
