Service Discovery - K8s

Objective

This document provides instructions on how to discover service endpoints using Kubernetes (K8s) service information in F5® Distributed Cloud Services. Service discovery enables you to find the endpoints where a given service is available. To know more information about service discovery, see Service Discovery.

Using the instructions provided in this guide, you can create a discovery object for a Kubernetes cluster and an endpoint for a service using the service name.


Prerequisites

The following prerequisites apply:

  • An existing Kubernetes cluster with a service or application reachable from a Site.
  • Note: The Kubernetes service should be of type NodePort.
  • In case of Amazon Elastic Kubernetes Service (EKS), token-based authentication is required. Therefore, you must add AWS credentials in the kubeconfig file for successful service discovery.

Configuration

F5® Distributed Cloud Services enables users to discover existing service endpoints either natively or using external methods. This guide covers service discovery on sites, virtual sites, or virtual networks using Kubernetes service information.

The following figure shows the workflow for creating service discovery with Kubernetes service information:

FlowChart
Figure: Setting up Service Discovery with k8s Service Info

Configuration Sequence

Discovering services using the Kubernetes service information requires performing the following sequence of actions:

Phase Description
Create Discovery for External Kubernetes Cluster Create a service discovery object of type Kubernetes.
Verify Discovered Services Verify that the service discovery object is created and successfully discovered services.
Use Discovered Services Configure endpoint with K8s as the discovery type and associate sites with it.

Note: The site of discovery object and the endpoint must be the same.


Create Discovery for External Kubernetes Cluster

Features can be viewed, and managed in multiple services.

This example shows Service Discovery setup in Cloud and Edge Sites.

Step 1: Start discover object creation in F5® Distributed Cloud Console.

Create a discovery configuration object in the System namespace.

  • Open F5® Distributed Cloud Console > select Cloud and Edge Sites box.

Note: Homepage is role based, and your homepage may look different due to your role customization. Select All Services drop-down menu to discover all options. Customize Settings: Administration > Personal Management > My Account > Edit work domain & skills button > Advanced box > check Work Domain boxes > Save changes button.

NEW HOME PAGE C
Figure: Homepage

Note: Confirm Namespace feature is in correct namespace, drop-down selector located in upper-left corner. Not available in all services.

  • Select Manage in left-menu > select Service Discoveries.

Note: If options are not showing available, select Show link in Advanced nav options visible in bottom left corner. If needed, select Hide to minimize options from Advanced nav options mode.

  • Select Add Discovery button.

VK8S SERVICEDISCOVERY2
Figure: Service Discovery

Step 2: Name Discovery.

Enter Name, enter Labels and Description as needed.

Step 3: Configure where the discovery configuration is applicable.
  • In Where box, select Virtual-Site or Site or Network drop-down menu option.

    • Virtual Site > select + Create new virtual site button option if needed.

    • Site

    • Virtual Network

    Note: Toggle Show Advanced Fields to expand options, and show the Virtual Network option.

  • Select Reference drop-down menu option to Select Virtual Site.

  • Enter Network Type drop-down menu option.

    • Site Local Network

    • Site Local Inside Network

    • Per Site Network

    • Global Network

    • Site Local Service Network

    • Site Local Inside and Outside Network

VK8S2 2 2
Figure: Service Discovery Config Options

Note: The Network Type field is not applicable for the Virtual Network setting. The Virtual Network option is visible when you enable the Show Advanced Fields option.

Step 4: Configure discovery method for k8s access credentials.
  • Select Discovery Method drop-down menu option:

    • K8S Discovery Configuration

    • Consul Discovery Configuration

  • Select Configure link.

VK8S SD2 3
Figure: Discovery Method

  • In Access Credentials box Select Kubernetes Credentials drop-down menu option:

    • Kubeconfig > select Configure link for Kubeconfig > configure Secret > select Apply button.

    • TLS parameters for HTTP REST:

      • Enter API Server and Port.

      • Select Configure link > TLS Parameters.

      • Configure Server Parameters and Client Parameters.

      • Select Configure link > configure Secret.

      • Select Apply button.

      Note: Select Apply button again if presented to complete form.

  • Select Configure link.

  • Select Apply button.

  • Toggle Show Advanced Fields to open Kubernetes POD network reachability drop-down menu option.

  • Select isolated or reachable in Kubernetes POD network reachability in drop-down menu.

  • Select VIP Publishing or DNS Delegation drop-down menu option in VIP Publishing Configuration box.

    • Disable VIP Publishing and DNS Delegation

    • Publish domain to VIP mapping > enter Default Namespace.

    • Publish Fully Qualified Domain to VIP mapping

    • DNS Delegation > enter Subdomain > select DNS Mode drop-down menu option: Core DNS or K8s DNS.

  • Select Apply button.

  • Select Save and Exit button.

VK8S SD2 3 2
Figure: Access Credentials Options

Step 4.1: Kubeconfig option.

Select Kubeconfig > select Configure.

  • Select Blindfold Secret in Secret Info box, enter kubeconfig in secret box.

  • Select Blindfold to apply Blindfold to the kubeconfig. Wait for the display to show Blindfold configured.

  • Select Apply button.

VK8S SD2 5SECRET
Figure: Encrypt the Kubeconfig

Note: This example uses Blindfold Secret for the Secret Info. However, you can also use other supported type of secrets available in the drop down menu for the Secret Info field.

Step 4.2: TLS Parameters for HTTP REST option.

Select TLS Parameters for HTTP REST option and do the following:

  • Enter API server and port in the API Server and Port box using the FQDN of the server in the <host:port> format.

  • Select Configure for the TLS Parameters box.

server client ca
Figure: Server and Client TLS Parameters

  • In the Server Parameters section, enter SNI in the SNI name box and enter the server CA certificate (or certificate chain) in the Server CA Certificates box.

  • In the Client Parameters section, enter client certificate in the Client Certificate box, and select Configure for the Client Private Key field and do the following:

    • Select Blindfold Secret for the Secret Info box and enter the kubeconfig for the secret box.

    • Select Blindfold to apply F5 Blindfold to the kubeconfig. Wait for the display to show Blindfold configured.

client private key
Figure: Encrypt the Private Key

Note: This example uses Blindfold Secret for the Secret Info. However, you can also use other supported type of secrets available in the drop down menu for the Secret Info field.

  • Select Apply.

Note: You can set a pod network to be isolated or reachable. Enable Show Advanced Fields option in the Access Credentials section and select one of the following values for the Kubernetes POD network reachability field:

  • For the Kubernetes POD reachable option, pod IPs are selected to route regardless of the type of service.
  • For the Kubernetes POD isolated option, you can route to services of type nodeport.
Step 5: Configure VIP publishing.
  • In the VIP Publishing configuration section, select an option for the Select VIP Publishing or DNS Delegation and configure as per the following guidelines:

  • For the Publish Domain to VIP mapping box, enter a namespace in the Default Namespace box.

With this, all domains include the configured namespace in the domain name.

  • Select the Publish Fully Qualified Domain to VIP mapping box in case all domains have namespaces in their domain name (FQDN).

  • For the DNS Delegation box, enter a subdomain in the Subdomain box. Select Core DNS or Kube DNS for the DNS mode box depending on your external k8s cluster DNS provider.

  • Select Apply.

Step 6: Complete creating discovery object.

Select Save and Exit button, to create the discovery object.


Verify Discovered Services

Verify that the service discovery object is created and discovered services.

Step 1: Verify that the services are discovered.
  • In Cloud and Edge Sites.

  • In the Manage tab > select Service Discoveries.

  • Confirm Service Discovery name (object) you created is in the list.

  • Check Services column displays number of services discovered.

Note: Screenshot shows eks-disco Service Discovery name (object) showing 2 Services discovered.

VK8S V5
Figure: Service Discovery Created

Step 2: Check the list of services discovered.
  • Select Service column link.

Note: Shown as 2 Services in screenshot.

VK8S V5
Figure: Service Discovery Created

  • Pop-up window appears to right of page listing discovered services.

  • Note Service Name to use in origin pool or endpoint set up.

Note: Shown as productpage.default in screenshot.

VK8S 5 2
Figure: Discovered Services


Use Discovered Services

After the service discovery object is created and the services are discovered, you can use it in the configurations such as the following:

  • Origin Pools: The origin pools are a way to declare the origin servers for your service in the load balancer configuration. You can create origin pools as part of HTTP load balancer creation or individually create and apply it to a HTTP load balancer later.

  • Endpoints: The endpoint objects are for advanced configuration for using in the virtual host configuration.


Configure Origin Pool with K8s Service Information

This chapter shows the origin pool creation with K8s service name for the origin server specification.

Step 1: Start origin pool creation.
  • Log into F5® Distributed Cloud Console, select Load Balancers.

  • Change to your application Namespace.

  • Select Manage > Load Balancers.

  • Select Origin Pools

  • Select + Add Origin Pool.

VK8S ORIGINPOOLS
Figure: Origin Pool with K8s Service Information

Step 2: Configure origin server type.
  • Enter Name, enter Labels and Description as needed.

  • Toggle Show Advanced Fields to expand options in Basic Configuration section.

  • In Origin Servers section select Origin Servers or select + Add Item button.

VK8S ORIGINPOOLS2 2
Figure: Origin Pool with K8s Service Information

  • Select Type of Origin Server drop-down menu, select K8s Service Name of Origin Server on given Sites option.

VK8S ORIGINPOOLSERVER 5 4
Figure: Origin Pool with K8s Service Information

  • More options appear on page.
Step 3: Set the service name.
  • Enter Service Name in box.

  • Obtain the service name using the instructions in the Verify Discovered Services chapter.

Step 4: Set site or virtual site for the discovery configuration.
  • Select Site or Virtual Site drop-down menu option.

    • Site > select Site drop-down menu option.

    • Virtual Site > select Virtual Site drop-down menu option.

  • Select Network on the site drop-down menu options:

    • Inside Network

    • Outside Network

    • vK8s Networks on Site

  • Select Origin Server Labels drop-down menu option as needed.

  • Select Add Item button.

SD ORIGINPOOL
Figure: Origin Pool with K8s Service Information

Step 5: Complete origin pool creation.
  • Select Port value, default is set to 443.

This enables the service to be reachable on the selected network on the selected site or virtual site.

VK8S ORIGINPOOLS2 2
Figure: Origin Pool with K8s Service Information

  • Enter LoadBalancer Algorithm.

  • Select Endpoint Selection > List of Health Check(s).

  • Select + Add Item > TLS Configuration link.

  • In Advanced Options > select Configure.

  • Select Show Advanced Fields > Exception Handling.

  • Select Connection Timeout > HTTP Idle Timeout.

  • Select Origin Server Subsets > Miscellaneous Options.

  • Select Apply button as needed.

  • Select Save and Exit button.

VK8S ORIGINPOOLS2 3
Figure: Origin Pool with K8s Service Information


Create Endpoint with K8s Service Information

Step 1: Navigate to application namespace or create one.
  • Select Namespace from the namespace selector, or create a namespace.

    To create a namespace:

    • Select Administration > Personal Management.

    • Select My Namespaces > + Add namespace.

    • Enter Name, Description, and Roles.

    • Select Save Changes button.

Step 2: Start creating endpoint.
  • Log into F5 Distributed Cloud Console, select Load Balancers.

  • Change to your application Namespace.

  • Select Manage > Virtual Hosts.

  • Select Endpoints.

  • Select + Add endpoint.

VK8S ENDPOINTS2
Figure: Endpoint Creation

Step 3: Obtain the K8s service information.

Refer to the Verify Discovered Services chapter for the K8s service information.

Step 4: Configure where the endpoint should be discovered.
  • Enter Name, enter Labels and Description as needed.

VK8S ENDPOINTS2 2
Figure: Endpoint Address Reference Selector

  • Toggle Show Advanced Fields to expand options in Origin Server(Endpoint) section.

  • Select Virtual-Site or Site or Network drop-down menu option for where endpoint will be discovered.

  • Select Reference drop-down menu option, match same option used in Service Discoveries.

  • Toggle Show Advanced Fields to expand options in Port used for health check section if needed.

  • Select Save and Exit button.

VK8S ENDPOINTS2 3
Figure: Endpoint Address Reference Selector

Note: Any reference object (site, virtual site, and virtual network) needs to be created and listed before configuring the Selected field. All the available object list gets displayed on a cascading menu where you can select one or more objects.

Step 5: Configure endpoint address information.
  • In Origin Server(Endpoint) section.

  • Select Endpoint Specifier drop-down menu option Service Selector info.

  • Select Discovery drop-down menu option Kubernetes.

  • Select Service drop-down menu option Service name.

  • Enter Service Name in box.

Note: Use the <servicename.namespace> format.

VK8S 8
Figure: Endpoint Address Reference Selector

Step 6: Enter port and protocol values.
  • Select Protocol drop-down menu option value TCP.

  • Enter Port value, 80 shown in screenshot.

  • Select Save and Exit button.

VK8S ENDPOINTS2 3
Figure: Endpoint Creation

Note: The port must be the service port of the Kubernetes service and not the node port.

With the steps above, you can discover a service endpoint from external Kubernetes providers using Service Info on a location specified using the selector. Once the service is discovered, the object can be used with other configuration objects of the F5® Distributed Cloud Console. For example, you can advertise it across sites in cloud or edge.


Concepts


API References