Create Virtual K8s (vK8s) Object

Objective

This document provides instructions on how to create Virtual K8s (vK8s) with F5® Distributed Cloud Services. Distributed Cloud Services provide a mechanism to easily deploy applications using vK8s across a global network and make them available closer to users in major metro markets. To learn more about how Distributed Cloud Services distribute application deployment, see Distributed Application Management.

Using the instructions provided in this guide, you can create a vK8s object in F5® Distributed Cloud Console (Console) and associate it with a virtual site that groups network cloud (RE) sites or customer edge (CE) cloud sites. To know more about virtual sites, see Virtual Site.

Note: You can deploy applications at your sites using the vK8s object. See K8s Deployment for instructions on how to perform application deployment using the vK8s object.

Refer to the Restrictions if you are deploying apps using vK8s for network regional edge (RE) cloud sites.

---

Prerequisites

• A Distributed Cloud Services Account. If you do not have an account, see Create an Account.

• One or more cloud or edge locations with a site (in case of deployment on the edge site). Install the Distributed Cloud Services Node or Cluster Image in your Cloud or Edge Site.

• A virtual site. See Create a Virtual Site for instructions.

---

Restrictions

The following restrictions apply for deploying applications on Distributed Cloud Services RE cloud sites:

• Running of containers/pods with host networking hostNetwork, host PID hostPID, or host IPC hostIPC is not supported.

• Running containers/pods as privileged is not supported.

• Running containers/pods as root user is not supported. The container images are required to support running under arbitrary user id and group id. Filesystem write permissions should not be specified to a particular user ID. Else, the container will crash with the permission denied message.

• Container/pod can use only ports higher than 1024.

• The containers are not supported for use with host mount volumes. The following Kubernetes volumes are supported:

  • configMap

  • DownwardAPI

  • emptyDir

  • PersistentVolumeClaim (PVC)

  • projected

  • secret

• The ConcurrencyPolicy is always set to Forbid irrespective of what is specified in the manifest for any CronJob launched on the Regional Edge Sites.

Note: The restrictions shown above are not applicable for vK8s that refer to a virtual site containing only Customer Edge (CE) sites. It is only applicable if the virtual site contains one or more Regional Edge (RE) sites.

---

Configuration

This section presents steps for creating a virtual K8s (vK8s) object in Console.

Perform the following to create a vK8s object:

Step 1: Start vK8s object creation.

• Log into Console.

• Select Distributed Apps.

Figure: Console Homepage

• Select Applications > Virtual K8s.

• Select Add Virtual K8s to create a vK8s object.

Figure: Add Virtual K8s

Step 2: Configure metadata and associate with virtual sites.

• In the Name field, enter a name.

• Optionally, add a label and description.

• In the Virtual Sites section, select Add item and then select a virtual site using the Select Item pull down menu. Repeat this step for all virtual sites, as needed.

Figure: Select Vsite Ref

Step 3: Optionally, enable service isolation.

From the Choose Service Isolation menu, select the Isolated Services option. This prevents communication between the pods for the different services.

Note:

• When service isolation is enabled, an HTTP load balancer with advertising on site local outside network is required for accessing these services from outside.

• If you wish to exempt any specific vK8s service from isolation, you can add the ves.io/serviceisolation=false annotation to that service.

Step 4: Optionally, set a default workload flavor.

• Scroll down to the Default Workload Flavor section.
• Using the Default Workload Flavor drop-down menu, select a default workload flavor object from the list of displayed options. You can also create a new default workload using the Add Item option.

Note: If you do not configure this field or did not use the ves.io/workload-flavor annotation, the tiny flavor is applied by default. See Configure Default Workload Flavor for more information.

Step 5: Complete creating the vK8s object.

Select Save and Exit to create the vK8s object. Wait for the vK8s object to get created and displayed.

Step 6: Download the vK8s kubeconfig file.

This is required for any command-line interface (CLI) operations.

• Select ... > Kubeconfig for your vK8s object to download the file.

Figure: Select File to Download

• In the popup window that appears, select the expiration date and then select Download Credential.

Figure: Expiration Date

Note: You can edit the virtual site associated with the vK8s object using the Select Virtual Sites option.

---

Concepts

• System Overview
• Core Concepts
• Site
• Virtual Site
• Virtual K8s

---

API References

• Virtual Site
• Site
• Known Label
• Known Label Key
• Virtual Kubernetes