CIS and ScaleN (N+1) - w/ Auto Config-Sync
Description: The ScaleN architecture allows you to create a redundant system configuration for multiple BIG-IP devices on a network.This guide will focus on the tips and best practices for building this in a lab for testing. For a full guide to the installation, please refer to the official documentation on AskF5 or F5 Cloud Docs.
Prerequisites:
- BIG-IP licenses and basic understanding of the BIG-IP system.
- Existing Kubernetes cluster and basic understanding of the Kubernetes platform.
Sample Diagram:
Configuration tips and caveats
- Ensure proper disaggregation in front of BIG-IP
- Ensure that AS3 Tenant/Partition names do not overlap
- Ensure that AS3 declaration specifies below:
- trafficGroup property
- number assignment method example: TG1=prod, TG2=staging
- details below
- shareNodes property
- To allow Nodeport IPs to be configured in /Common so other partitions can use it
- details below
- Only Nodeport or potentially Calico BGP could work
- auto-sync and Flannel cannot be configured together
- Multi K8s Cluster with 1 CIS deployment per cluster
- BIG-IP in scalen A/A/S with auto config-sync (optional)
- Ensure no more than 3 CIS point to a single VE (max tested)
- Configure HA order to favor a standby before converging TGs on a single VE
- Consider multiple regions of cluster and use GSLB (DNS) for load balancing between regions
- For IPv6 addresses, use
hostAliases
as CIS does not connect right now to an IPv6 address (known issue)
trafficGroup property: You can specify the traffic group associated with any virtual address so that all associated objects float with that traffic group in a ScaleN (N+1) configuration. See F5 Cloud Docs for more details.
You can then reference the Service_Address
name for the virtualAddresses
property for your virtual server.
shareNodes property:
You can configure shareNodes
so that multiple tenants can use the same node IP, which gets created in the /Common partition. See F5 Cloud Docs for more details.
serviceMain: If you use a template with a value of http, https, tcp, udp, or l4, you MUST specify an object with the matching Service class Service_HTTP, Service_HTTPS, Service_TCP, Service_UDP, or Service_L4 and name it serviceMain as described in the following Service Class section. See F5 Cloud Docs for more details.
Sample Configuration:
kind: ConfigMap
apiVersion: v1
metadata:
name: stg-as3-declaration-demo
namespace: kube-system
labels:
f5type: virtual-server
as3: "true"
data:
template: |
{
"class": "AS3",
"action": "deploy",
"persist": true,
"declaration": {
"class": "ADC",
"schemaVersion": "3.18.0",
"id": "demoapp",
"label": "f5-istio",
"remark": "An HTTP application",
"stg_tenant": {
"class": "Tenant",
"stg_app": {
"class": "Application",
"template": "http",
"stg_svc_addr": {
"class": "Service_Address",
"virtualAddress": "240b:ab11:cd22:a101::10",
"arpEnabled": false,
"icmpEcho": "disable",
"routeAdvertisement": "any",
"trafficGroup": "/Common/traffic-group-2"
},
"serviceMain": {
"class": "Service_HTTP",
"virtualAddresses": [{"use": "stg_svc_addr"}],
"pool": "stg_nginx_pool"
},
"stg_nginx_pool": {
"class": "Pool",
"monitors": [
"tcp"
],
"members": [{
"servicePort": 80,
"serverAddresses": [],
"shareNodes": true
}]
}
}
}
}
}