Discover Service Endpoints Using K8s

Published April 5, 2023 | Last modified January 16, 2025

Objective

This document provides instructions on how to discover service endpoints using Kubernetes (K8s) service information in F5® Distributed Cloud Services. Service discovery enables you to find the endpoints where a given service is available. To know more information about service discovery, see Service Discovery.

Using the instructions provided in this guide, you can create a discovery object for a Kubernetes cluster and an endpoint for a service using the service name.

Prerequisites

The following prerequisites apply:

  • A valid Account is required. If you do not have an account, see Create an Account.

  • An existing Kubernetes cluster with a service or application reachable from a Site.

  • In case of Amazon Elastic Kubernetes Service (EKS), token-based authentication is required. Therefore, you must add AWS credentials in the kubeconfig file for successful service discovery.

Configuration

F5® Distributed Cloud Services enables users to discover existing service endpoints either natively or using external methods. This guide covers service discovery on sites, virtual sites, or virtual networks using Kubernetes service information.

The following figure shows the workflow for creating service discovery with Kubernetes service information:

Figure: Service Discovery with K8s Diagram

Figure: Service Discovery with K8s Diagram

Configuration Sequence

Discovering services using the Kubernetes service information requires performing the following sequence of actions:

PhaseDescription
Apply Service Discovery PermissionsApply ClusterRole and ClusterRoleBinding permissions.
Create Discovery for External Kubernetes ClusterCreate a service discovery object of type Kubernetes.
Verify Discovered ServicesVerify that the service discovery object is created and successfully discovered services.
Use Discovered ServicesConfigure endpoint with K8s as the discovery type and associate sites with it.

Note: The site of discovery object and the endpoint must be the same.

Create Discovery for External Kubernetes Cluster

Features can be viewed and managed in multiple services.

This example shows Service Discovery setup in Multi-Cloud App Connect.

Step 1: Start discover object creation in F5 Distributed Cloud Console.

Create a discovery configuration object in the Default namespace.

  • Open F5 Distributed Cloud Console > select Multi-Cloud App Connect box.
Figure: Homepage

Figure: Homepage

  • Confirm Namespace feature is in correct namespace.

  • Select Manage in left-menu > Service Discoveries.

  • Select the K8s & Consul tab.

  • Select Add Discovery.

Figure: Service Discovery

Figure: Service Discovery

Step 2: Name Discovery.

  • Enter Name.

  • Enter Labels and Description as needed.

Step 3: Configure where the discovery configuration is applicable.

  • Enable the Show Advanced Fields option.

  • In Where box, select Virtual Site, Site, or Virtual Network from drop-down menu option.

  • Select Reference drop-down menu option to select the virtual site, site, or virtual network.

  • Select an option from the Network Type drop-down menu. This option only available for Virtual Site and Site, not Virtual Network.

Figure: Service Discovery Config Options

Figure: Service Discovery Config Options

Step 4: Configure discovery method for k8s access credentials.

For the Select Discovery Method drop-down menu option, select from K8S Discovery Configuration or Consul Discovery Configuration.

K8S Discovery Configuration
  • Select Configure link in K8S Discovery Configuration box.
Figure: Discovery Method

Figure: Discovery Method

  • In Access Credentials box, from the Select Kubernetes Credentials drop-down menu, select from Kubeconfig or TLS parameters for HTTP REST.

  • For the Kubeconfig option, select Configure. Configure secret information, and then click Apply.

  • For the TLS parameters for HTTP REST option, enter value for API Server and Port. Select Configure. Enter SNI name. Configure Server Parameters and Client Parameters. Select Configure link in Client Private Key to configure secret. Select Apply.

Note: Token not required for kubeconfig. IAM credentials needed:

  • Select Configure link in K8S Discovery Configuration box in Discovery Method section.

  • Select Kubernetes Credentials drop-down menu, select TLS parameters for HTTP REST in Access Credentials section.

  • Select Configure link in TLS Parameters box.

  • Enter Server CA Certificates Server Parameters or Client Certificate in Client Parameters.

  • Select Apply.

  • Select Apply.

Note: Select Apply again if presented to complete form.

  • Toggle Show Advanced Fields to open Kubernetes POD network reachability drop-down menu option.

  • Select Kubernetes POD is isolated or Kubernetes POD reachable in Kubernetes POD network reachability drop-down menu.

  • Select VIP Publishing or DNS Delegation drop-down menu option in VIP Publishing Configuration box.

    • Disable VIP Publishing and DNS Delegation

    • Publish domain to VIP mapping > enter Default Namespace.

    • Publish Fully Qualified Domain to VIP mapping

    • DNS Delegation > enter Subdomain > select DNS Mode drop-down menu option: Core DNS or K8s DNS.

  • Select Apply.

Figure: Access Credentials

Figure: Access Credentials

  • Select Save and Exit.
Consul Discovery Configuration
  • Select the Configure link.
Figure: Discovery Method

Figure: Discovery Method

  • In Access Credentials box, enter API Server and Port.

  • Select Configure link in TLS Parameters.

  • Configure Server Parameters and Client Parameters.

  • Select Configure in Client Private Key box to configure:

    • Configure secret options, and then select Apply.

  • Select Apply.

  • Enter User Name in HTTP Authentication Parameters field.

  • Select Configure link in Password box:

    • Configure password options, and then select Apply.

  • From the Enable/Disable VIP Publishing drop-down menu, select an option:

    • Disable VIP Publishing

    • Publish domain to VIP mapping

  • Select Apply.

Step 5: Select cluster identifier.

From the Select Discovery Cluster Identifier menu, select an option:

  • No cluster identifier: Default option.
  • Discover cluster identifier: Enter the identifier information.
Step 6: Complete creating discovery object.

Select Save and Exit to create the discovery object.

Verify Discovered Services

Verify that the service discovery object is created and discovered services.

Step 1: Verify that the services are discovered.

  • In the Multi-Cloud App Connect service, navigate to Manage and select Service Discoveries.

  • Confirm Service Discovery name (object) you created is in the list.

  • Check the Services column for the number of services discovered. The Services column should show the number of services discovered. For example, 2 Services.

Figure: Service Discovery Created

Figure: Service Discovery Created

Step 2: Check the list of services discovered.
  • In the Services column, select a service. A pop-up window appears to the right of page listing the discovered services.
Figure: Service Discovery Created

Figure: Service Discovery Created

Use Discovered Services

After the service discovery object is created and the services are discovered, you can use it in configurations, such as the following:

  • Origin Pools: The origin pools are a way to declare the origin servers for your service in the load balancer configuration. You can create origin pools as part of HTTP load balancer creation or individually create and apply it to an HTTP load balancer later.

  • Endpoints: The endpoint objects are for advanced configuration for using in the virtual host configuration.

Configure Origin Pool with K8s Service Information

This chapter shows the origin pool creation with K8s service name for the origin server specification. For information, see the Origin Pools guide.

Step 1: Start origin pool creation.

  • Select the Multi-Cloud App Connect service.

  • Change to your application Namespace.

  • Select Manage > Load Balancers.

  • Select Origin Pools

  • Select Add Origin Pool.

Figure: Origin Pool with K8s Service Information

Figure: Origin Pool with K8s Service Information

Step 2: Configure origin server type.

  • Enter Name, enter Labels and Description as needed.

  • In the Origin Servers section, select Add Item.

  • From the Select Type of Origin Server drop-down menu, select the K8s Service Name of Origin Server on given Sites option.

Figure: Origin Pool Name

Figure: Origin Pool Name

Step 3: Set the service name.
Step 4: Set site or virtual site for the discovery configuration.

  • From the Select Site or Virtual Site drop-down menu, select an option:

    • Site: Select Site drop-down menu option.

    • Virtual Site: Select Virtual Site drop-down menu option.

  • From the Select Network on the site drop-down menu, select an option:

    • Inside Network

    • Outside Network

    • vK8s Networks on Site

  • Enable the Show Advanced Fields option.

  • Optionally, select the Add Labels option for Origin Server Labels.

  • Select Apply.

Step 5: Complete origin pool creation.
  • Select the Port value. The default value is set to 443.

Note: NodePort service has two ports: NodePort and TargetPort. You need to put the target port value into the Port field when creating an origin pool. This enables the service to be reachable on the selected network on the selected site or virtual site.

  • From the LoadBalancer Algorithm menu, select an option.

  • From the Endpoint Selection menu, select an option.

  • Optionally, under the Health Checks section, add a health check to your endpoints.

Step 6: Configure TLS.

From the TLS menu, choose to enable TLS. Click View Configuration to customize the configuration. For more help with customization, see the Origin Pools guide.

Step 7: Optionally, configure other options.

Under the Other Settings section, click Configure. Follow the prompts to customize more settings.

Step 8: Complete the configuration.

Click Save and Exit.

Create Endpoint with K8s Service Information

Step 1: Start creating endpoint.

  • Select the Multi-Cloud App Connect service.

  • Change to your application Namespace.

  • Select Manage > Virtual Hosts > Endpoints.

  • Select Add Endpoint.

Figure: Endpoint Creation

Figure: Endpoint Creation

Step 2: Obtain the K8s service information.

Refer to the Verify Discovered Services chapter for the K8s service information.

Step 3: Configure endpoint address information.

  • Enter Name.

  • Enter Labels and Description as needed.

  • In Origin Server(Endpoint) section, from the Endpoint Specifier drop-down menu, select Service Selector info.

  • From the Discovery drop-down menu, select Kubernetes.

  • From the Service drop-down menu, select Service name.

  • Enter Service Name in box. Use the <servicename.namespace> format.

Figure: Endpoint Address Reference Selector

Figure: Endpoint Address Reference Selector

Step 4: Enter port and protocol values.

  • From the Protocol drop-down menu, select TCP.

  • Enter a Port value. The port must be the service port of the Kubernetes service and not the node port.

Note: NodePort service has two ports: NodePort and TargetPort. You need to put the target port value into the Port field when creating an origin pool.

Figure: Endpoint Creation

Figure: Endpoint Creation

With the steps above, you can discover a service endpoint from external Kubernetes providers using Service Info on a location specified using the selector. Once the service is discovered, the object can be used with other configuration objects of the F5® Distributed Cloud Console. For example, you can advertise it across sites in cloud or edge.

Step 5: Configure where the endpoint should be discovered.

  • Toggle Show Advanced Fields to expand options in Origin Server(Endpoint) section.

  • Select option from the Virtual-Site or Site or Network drop-down menu option for where the endpoint will be discovered.

  • Select option from the Reference drop-down menu option to match the same option used in Service Discoveries.

  • Optionally, configure the Port used for health check option if needed.

  • Select Save and Exit.

Figure: Endpoint Address Reference Selector

Figure: Endpoint Address Reference Selector

Note: Any reference object (site, virtual site, and virtual network) needs to be created and listed before configuring the Selected field. All the available object list gets displayed on a cascading menu where you can select one or more objects.

Concepts

API References

On this page: