API Developer Portal
API Docs
Community
Knowledgebase
Training
menu icon
  1. Home
  2.  / How To
  3.  / App Management
  4.  / vK8s Resources

vK8s Resources

On This Page:

Objective

This document provides instructions on how to deploy resources on VolF5® Distributed Cloud Services network cloud or edge cloud using Distributed Cloud vK8s. Distributed Cloud provides a mechanism to easily deploy applications across the Distributed Cloud global network and make them available closer to users in major metro markets. To know more about how the Distributed Cloud Platform distributes application deployment, see Distributed Application Management.

The vK8s resources covered in this guide are:

  • Service
  • Job
  • Config map
  • Secret
  • Daemon sets
  • Cron Jobs
  • Service Accounts

To deploy vK8s resources, first create a vK8s object as per the instructions in the Create Virtual K8s Object document.

Using the instructions provided in this guide, you can deploy resources with the kubeconfig of the vK8s object.

Prerequisites

Note: If you do not have an account, see Create an Account.

  • An application and associated Kubernetes deployment file.

  • Kubeconfig file of the vK8s object. See the Create Virtual K8s Object document for more details.

Configuration

You can deploy vK8s resource in one of the following two ways:

  • Using the resource manifest directly in the F5 Distributed Cloud Console.
  • Using the resource manifest and kubeconfig file of vK8s cluster from CLI with Kubectl.

Perform the following steps:

Step 1: Navigate to your vK8s object and download its kubeconfig.
  • Select the Distributed Apps service.
  • Select the desired namespace from the Namespace drop-down menu.
  • Navigate to Applications -> Virtual K8s.
  • Click ...-> Kubeconfig for the created vK8s object to download its kubeconfig file.
  • Set environment variable for the downloaded kubeconfig in your local machine.
          export KUBECONFIG=<vK8s-kubeconfig>

Note: In case of deployment using kubectl, setting KUBECONFIG variable deploys the resources to the vK8s.

Step 2: Prepare the manifest file for the resource.

Create a file in your local machine and enter the manifest content in JSON or YAML format. The following is the list of sample manifests:

  • vK8s service manifest sample:
          
apiVersion: v1
kind: Service
metadata:
  name: emailservice
  labels:
    app: emailservice
  annotations:
    ves.io/proxy-type: HTTP_PROXY
    ves.io/http2-enable: "true"
spec:
  type: ClusterIP
  selector:
    app: emailservice
  ports:
  - name: grpc
    port: 5000
    targetPort: 8080
  • vK8s job manifest sample:
          
apiVersion: batch/v1
kind: Job
metadata:
  name: pi
spec:
  template:
    spec:
      containers:
      - name: pi
        image: perl
        command: ["perl",  "-Mbignum=bpi", "-wle", "print bpi(2000)"]
      restartPolicy: Never
  backoffLimit: 4
  • vK8s config map manifest sample:
          
apiVersion: v1
data:
  mysqld.conf: "[mysqld]\npid-file\t            = /var/run/mysqld/mysqld.pid\nsocket\t\t
    \           = /var/run/mysqld/mysqld.sock\n# Where the database files are stored
    inside the container\ndatadir\t\t            = /var/lib/mysql\n\n# My application
    special configuration\nmax_allowed_packet          = 32M\nsql-mode                    =
    'STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION'\n\n# Accept connections from any
    IP address\nbind-address\t            = 0.0.0.0\n"
kind: ConfigMap
metadata:
  creationTimestamp: null
  name: mysql-conf
  • vK8s secret - Generate the secret using the following command:
          
kubectl create secret docker-registry dock-secret --docker-server=docker.io --docker-username="<registry username>" --docker-password="<registry password>" --docker-email=<registry email>

Note: In case of generating the secret using above command, the secret is directly created on vK8s and there is no need of performing any action on Console.

  • Daemon set manifest sample:
          apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fluentd-elasticsearch
  namespace: kube-system
  labels:
    k8s-app: fluentd-logging
spec:
  selector:
    matchLabels:
      name: fluentd-elasticsearch
  template:
    metadata:
      labels:
        name: fluentd-elasticsearch
    spec:
      tolerations:
      # this toleration is to have the daemonset runnable on master nodes
      # remove it if your masters can't run pods
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
      containers:
      - name: fluentd-elasticsearch
        image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
        resources:
          limits:
            memory: 200Mi
          requests:
            cpu: 100m
            memory: 200Mi
        volumeMounts:
        - name: varlog
          mountPath: /var/log
        - name: varlibdockercontainers
          mountPath: /var/lib/docker/containers
          readOnly: true
      terminationGracePeriodSeconds: 30
      volumes:
      - name: varlog
        hostPath:
          path: /var/log
      - name: varlibdockercontainers
        hostPath:
          path: /var/lib/docker/containers
  • Cron job manifest sample:
          apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: hello
spec:
  schedule: "*/1 * * * *"
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: hello
            image: busybox
            imagePullPolicy: IfNotPresent
            args:
            - /bin/sh
            - -c
            - date; echo Hello from the Kubernetes cluster
          restartPolicy: OnFailure

Note: The ConcurrencyPolicy is always set to Forbid irrespective of what is specified in the manifest for any CronJob launched on the Regional Edge Sites.

  • Service account manifest sample - Here the YAML for role, service account, and role-binding are shown.
          apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: pod-read-role
rules:
- apiGroups: [""] # "" indicates the core API group
  resources: ["pods"]
  verbs: ["get", "watch", "list"]

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: pod-read-sa

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: pod-read-rolebinding
  namespace: default
subjects:
- kind: ServiceAccount
  name: pod-read-sa
  apiGroup: ""
roleRef:
  kind: Role
  name: pod-read-role
  apiGroup: ""
Step 3: Deploy the resource.
Step 3.1: Deploy from Console.
  • With your desired namespace selected, select Applications -> Virtual K8s.
  • Click on your vK8s object to open its dashboard.
  • Click Services tab. Click Add Service and enter the service manifest prepared in Step 2. Click Save.
vk8s service
Figure: vK8s Services
  • Click Jobs tab. Click Add Job and enter the job manifest prepared in Step 2. Click Save.
vk8s job
Figure: vK8s Jobs
  • Click Configmaps tab. Click Add ConfigMap and enter the config map manifest prepared in Step 2. Click Save.
vk8s configmap
Figure: vK8s ConfigMaps
  • Click Secrets tab. Click Add Secret and enter the secret manifest prepared in Step 2. Click Save.

Note: You can directly create secret on vK8s using kubectl as shown in Step 2.

vk8s secret
Figure: vK8s Secrets
Step 3.2: Deploy using Kubectl.

To deploy the web application in a K8s cluster, the following are required:

  • Kubeconfig of the K8s cluster. For this, use the vK8s kubeconfig downloaded in previous step.
  • Manifest file of your web application. See Step 1.2 for sample manifests.

Enter the following command to deploy the resource. This sample deploys a vK8s service.

          kubectl apply -f k8s-service-manifest.yaml --kubeconfig vk8s-kubecfg.yaml

Note: Pods created on a site via Deployment, StatefulSet, Job, and, CronJob in vK8s are configured with the site labels as environment variables. If the labels are changed on a site, the pods are restarted with the changed labels set as environment variables.

Concepts

API References

© 2023 F5, Inc. All rights reserved | Trademarks | Policies | Privacy | California Privacy | Do Not Sell My Personal Information |