Skip to content

EN_2_CES_Installation

Jump to bottom
myf5 edited this page Dec 27, 2021 · 9 revisions

Installation

  1. Download the installation script

    wget https://raw.githubusercontent.com/f5devcentral/container-egress-service/master/dist/install.sh

  2. Edit the install.shscript, edit the following variable values according to the actual environment

    BIGIP_URL=${BIGIP_URL:-192.168.50.254}        # IP address of Big-IP server. CES pod will connect this IP.
BIGIP_USERNAME=${BIGIP_USERNAME:-admin}       # BigIP username
BIGIP_PASSWORD=${BIGIP_PASSWORD:-yourpassword} # BigIP password
BIGIP_INSECURE=${BIGIP_INSECURE:-true} 				# ignore Big-IP TLS error

K8S_NAMESPACE=${K8S_NAMESPACE:-kube-system}   # namespace in which the controller will be deployed. This ns
																							# also will be for global policy

  3. Also, change the F5 gateway IP in the install.sh ,find below, change the ip to yours, allow multi IP

            gwPool:
          serverAddresses:
            - "10.5.0.254"
            - "10.6.0.254"

  4. In the actual environment deployment, you also need to edit [Step 4]the relevant settings in the script . The parameter setting of this part will be introduced in a special chapter, see here.

    However, if you only do a function evaluation, you can keep the installation script as it is.

  5. Execute the script to install:

    bash install.sh

Verify

  1. Confirm that there are no errors during the execution of the script.

  2. Check the following:

    [root@ovnmaster kube-ovn-new]# kubectl get crd | grep egress
clusteregressrules.kubeovn.io     2021-10-12T07:13:29Z
namespaceegressrules.kubeovn.io   2021-10-12T07:13:29Z
serviceegressrules.kubeovn.io     2021-10-12T07:13:29Z

    [root@ovnmaster kube-ovn-new]# kubectl get sa -A | grep ces
kube-system       ces-controller                       1         42d

    [root@ovnmaster kube-ovn-new]# kubectl get clusterrolebindings -A | grep ces
ces-controller                                         42d

    [root@ovnmaster kube-ovn-new]# kubectl get cm -A | grep ces
kube-system   ces-controller-configmap             2      42d

    [root@ovnmaster kube-ovn-new]# kubectl get pod -A | grep ces
kube-system   ces-controller-745bf7498d-ztb6b                  1/1     Running   0          18d

  3. If the above installation and verification are correct, the controller is installed successfully.

Debug

Set debug parameter v in the controller deployment to turn on logging debug level, for example:

      command:
        - /ces-controller
        - --bigip-url=$BIGIP_URL
        - --bigip-insecure=$BIGIP_INSECURE
        - --bigip-creds-dir=/ces/bigip-creds
        - --bigip-conf-dir=/ces
        - --v=3

Uninstall

Run below script:

https://raw.githubusercontent.com/f5devcentral/container-egress-service/master/dist/uninstall.sh

F5 Prerequisites

  1. BIG-IP need have AFM license, and being provisioned

  2. Need install AS3, for how to install AS3 into bigip, check here

    Note: We had tested AS3 V3.29.0 Build 3 Version on BIG-IP V15. Suggest use the same version.

Networking

Different CNI has different connect method to F5. In general, Egress traffic neet go through F5 and keep the real source IP. For detail pls consult F5 engineers.

AS3 MGMT plane optimization

You need give extra memory for AS3, pls check below documents:

https://support.f5.com/csp/article/K26427018 (how)

https://support.f5.com/csp/article/K30042148 (limitation)

Next step:

Understand ces-controller-configmapthe parameter configuration (that is, step 4 in the installation script). Click here

Clone this wiki locally