IPv6 Support in CIS and F5 IPAM Controller
Description: This section will cover some best practices, tips, and caveats when configuring CIS and F5 IPAM Controller with manifest files using IPv6 addresses.
Summary
BIG-IP itself supports IPv6 addresses for all objects. As of CIS v2.6.0, you can specify an IPv6 address in the deployment manifest that determines the BIG-IP address to connect to in the bigip_url
parameter. The new configuration parameter for the deployment manifest is called enable-ipv6
, which also enables use of IPv6 in custom resources such as VirtualServer, TransportServer and ServiceTypeLB service.
Example for BIG-IP URL in the CIS deployment manifest:
"--bigip-url=[2400:c:1:c:0:0:0:114]",
Example for VirtualServer CR:
apiVersion: "cis.f5.com/v1" kind: VirtualServer metadata: name: cafe-virtual-server labels: f5cr: "true" spec: # This is an insecure virtual, Please use TLSProfile to secure the virtual # check out tls examples to understand more. host: cafe.example.com virtualServerAddress: "2002:0:0:0:10:0:0:2" virtualServerName: "cafe-virtual-server" pools: - path: /coffee service: svc-2 servicePort: 80
F5 IPAM Controller v0.1.6 and later also supports configuration of IPv6 address ranges.
Example for IPv6 ip-range:
--ip-range='{"Test-v4":"10.192.75.113-10.192.75.116","Prod-v4":"10.192.125.30-10.192.125.50","Prod-v6":"2001:db8:5::ffff-2001:db8:6::9"}'
For earlier version of CIS, the below workaround is available for the big-ip url:
Workaround
The current workaround is to use hostAliases
to define a hostname that resolves to the IPv6 address.
See below snippet for a sample configuration:
apiVersion: apps/v1
kind: Deployment
metadata:
name: k8s-bigip-ctlr-deployment
namespace: kube-system
spec:
# DO NOT INCREASE REPLICA COUNT
selector:
matchLabels:
app: k8s-bigip-ctlr
replicas: 1
template:
metadata:
name: k8s-bigip-ctlr
labels:
app: k8s-bigip-ctlr
spec:
# Name of the Service Account bound to a Cluster Role with the required
# permissions
hostAliases:
- ip: "240b:ab11:cd22:a101::10"
hostnames:
- "stagingbigip1"
serviceAccountName: bigip-ctlr