cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
Trinath_Somanch
F5 Employee
F5 Employee

Today A&O PM and PD team announced the availability of Certified F5 BIG-IP Controller Operator (using Helm Charts) on OpenShift 4.x platforms. In this document we discuss about Install, Configure and Deploy CIS using RedHat Certified F5 BIG-IP Controller Operator on OpenShift 4.x Platforms.

Introduction

What is an Operator? - A method of packaging, deploying and managing a Kubernetes application. A Kubernetes application is an application that is both deployed on Kubernetes and managed using the Kubernetes APIs and kubectl/oc tooling. You can think of Operators as the runtime that manages this type of application on Kubernetes.

Conceptually, an Operator takes human operational knowledge and encodes it into software that is more easily packaged and shared with consumers.

F5 BIG-IP Controller Operator is a Service Operator which installs F5 BIG-IP Controller (Container Ingress Services) on OpenShift platforms 4.x.

Prerequisites

OpenShift 4.x

BIG-IP (F5 CIS supported versions)

In this document we will use Code Ready Containers to install, Configure and deploy CIS using F5 BIG-IP Controller Operator. CRC 1.7.0 installs OCP 4.3.1 on you laptop. Get your suitable image from CRC Repo and follow the instructions to install CRC and bringup your single node OCP 4.3.1 cluster.

Install, Configure and Deploy CIS using Operator

Accessing OCP 4.3.1 web console

From CLI, login as admin using CRC given credentials.

$ eval $(crc  oc-env)
$ oc login -u kubeadmin -p db9Dr-J2csc-8oP78-9sbmf https://api.crc.testing:6443

Here, the username is 'kubeadmin'. and password is 'db9Dr-J2csc-8oP78-9sbmf' to login OCP web console.

Installing Operator

From the left Menu bar, access Operator Hub and search for "f5" to see the Certified F5 BIG-IP controller Operator in the listing as below.

0151T000003ljTlQAI.png

Click on Install to install this Operator.

Installing Operator is a guided process. The below screen shows different options to subscribe for this Operator. Select the highlighted options. Click subscribe.

0151T000003ljTqQAI.pngApproval Strategy:

Manual: Requires administrator approval to install new updates.

Automatic: When a new release is available, updated automatic. (default)

When Operator is Subscribed, Operator is installed based on approval strategy. An Installed Operator screen is as below.

0151T000003ljTrQAI.png

Configuring and Deploying F5 BIG-IP Controller Instance

Click on "F5 BIG-IP Controller" or "F5BigIPCtlr" under Provided APIs column to create an Instance of F5 BIG-IP Controller. Creating a F5BigIpCtlr instance screen is as shown below.

The Screen provides an editor to configure CIS/F5 BIG-IP Controller with required deployment options.


0151T000003ljU0QAI.png


A sample Controller deployment configuration is as shown below

apiVersion: cis.f5.com/v1
kind: F5BigIpCtlr
metadata:
  name: f5-server
  namespace: openshift-operators
spec:
  args:
    manage_routes: true
    agent: as3
    log_level: DEBUG
    route_vserver_addr: 172.16.1.4
    bigip_partition: ocp
    openshift_sdn_name: /Common/openshift_vxlan
    bigip_url: 172.16.2.23
    log_as3_response: true
    insecure: true
    pool-member-type: cluster
  bigip_login_secret: f5-bigip-ctlr-login
  image:
    pullPolicy: Always
    repo: k8s-bigip-ctlr
    user: f5networks
  namespace: kube-system
  rbac:
    create: true
  resources: {}
  serviceAccount:
    create: true
  version: latest

Create BIG-IP controller login secret and update the same in above configuration.

Update the YAML and click on Create. Based on Namespace and configuration options, CIS is installed.


When Operator deploys the controller, we can see the updated YAML of the CustomResource Instance. An example below.

Name:         f5-server
Namespace:    openshift-operators
Labels:       <none>
Annotations:  <none>
API Version:  cis.f5.com/v1
Kind:         F5BigIpCtlr
Metadata:
  Creation Timestamp:  2020-02-08T00:31:21Z
  Finalizers:
    uninstall-helm-release
  Generation:        1
  Resource Version:  245330
  Self Link:         /apis/cis.f5.com/v1/namespaces/openshift-operators/f5bigipctlrs/f5-server
  UID:               546d3890-4a0a-11ea-a1cf-0ef0e3c74fbe
spec:
  args:
    agent:                 as3
    bigip_partition:       ocp
    bigip_url:             172.16.2.23
    insecure:              true
    log_as3_response:      true
    log_level:             DEBUG
    manage_routes:         true
    openshift_sdn_name:    /Common/openshift_vxlan
    pool_member_type:  cluster
    route_vserver_addr:    172.16.1.4
  bigip_login_secret:      f5-bigip-ctlr-login
  Image:
    PullPolicy:  Always
    Repo:         k8s-bigip-ctlr
    Tag:          latest
    User:         f5networks
  Namespace:      kube-system
  Rbac:
    Create:  true
  Resources:
  Service Account:
    Create:  true
    Name:    <nil>
Status:
  Conditions:
    Last Transition Time:  2020-02-08T00:31:21Z
    Status:                True
    Type:                  Initialized
    Last Transition Time:  2020-02-08T00:31:23Z
    Message:               F5 BIG-IP controller: f5-server

General Controller Documentation:
- Kubernetes: http://clouddocs.f5.com/containers/latest/kubernetes/index.html
- OpenShift: http://clouddocs.f5.com/containers/latest/openshift/index.html

Using Ingress? There's a helm chart for that:
- https://github.com/F5Networks/charts/tree/master/src/stable/f5-bigip-ingress

Using Routes in OpenShift? No helm chart yet, but we do have great documentation:
- http://clouddocs.f5.com/containers/latest/openshift/kctlr-openshift-routes.html
 
    Reason:  InstallSuccessful
    Status:  True
    Type:    Deployed
  Deployed Release:
    Manifest:

   . . . . . 
   . . . . . 


We can verify from CLI or GUI.

$ oc get pods -n kube-system                                                 

NAME                                       READY   STATUS    RESTARTS   AGE
f5-server-f5-bigip-ctlr-7c77d6846f-z7bhp   1/1     Running   0          112s


Congratulations! Your F5 BIG-IP Controller is deployed using F5 BIG-IP Controller Operator.


Additional Resources

Operator Code: https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/operator

Operator Image: https://access.redhat.com/containers/#/registry.connect.redhat.com/f5networks/k8s-bigip-ctlr-operato...


Known Issues

When Custom Resource Instance is created, instance listing doesn’t show Status [1] in the GUI.

[1] https://github.com/operator-framework/operator-sdk/issues/2491

Comments
Trinath_Somanch
F5 Employee
F5 Employee

F5 BIG-IP Controller Operator for OCP 4.x

Yudh
Nimbostratus
Nimbostratus

Hi there,

 

I'm using the CIS installation thru operator hub, created the deployment / F5BigIpCtlr as depicted above and it shows on each routes that I created, 2 routes specifically : default and F5 router.

 

Requested Host:     [omitted]

              exposed on router default (omitted) 36 hours ago

              exposed on router F5 BIG-IP 14 hours ago

 

My questions is, how can we enable a router sharding whereby this CIS router will taking care of any object that resides on specific namespaces while default router take cares of the rest ? is this applicable ?

 

 

Thanks and appreciate your response on this matter

Version history
Last update:
‎07-Apr-2020 11:00
Updated by:
Contributors