Service Discovery - K8s

Objective

This document provides instructions on how to discover service endpoints using Kubernetes (K8s) service information in F5® Distributed Cloud Services. Service discovery enables you to find the endpoints where a given service is available. To know more information about service discovery, see Service Discovery.

Using the instructions provided in this guide, you can create a discovery object for a Kubernetes cluster and an endpoint for a service using the service name.


Prerequisites

The following prerequisites apply:

  • An existing Kubernetes cluster with a service or application reachable from a Site.

  • In case of Amazon Elastic Kubernetes Service (EKS), token-based authentication is required. Therefore, you must add AWS credentials in the kubeconfig file for successful service discovery.


Configuration

F5® Distributed Cloud Services enables users to discover existing service endpoints either natively or using external methods. This guide covers service discovery on sites, virtual sites, or virtual networks using Kubernetes service information.

The following figure shows the workflow for creating service discovery with Kubernetes service information:

FlowChart
Figure: Setting up Service Discovery with k8s Service Info

Configuration Sequence

Discovering services using the Kubernetes service information requires performing the following sequence of actions:

Phase Description
Create Discovery for External Kubernetes Cluster Create a service discovery object of type Kubernetes.
Verify Discovered Services Verify that the service discovery object is created and successfully discovered services.
Use Discovered Services Configure endpoint with K8s as the discovery type and associate sites with it.

Note: The site of discovery object and the endpoint must be the same.


Create Discovery for External Kubernetes Cluster

Features can be viewed, and managed in multiple services.

This example shows Service Discovery setup in Cloud and Edge Sites.

Step 1: Start discover object creation in F5® Distributed Cloud Console.

Create a discovery configuration object in the System namespace.

  • Open F5® Distributed Cloud Console > select Cloud and Edge Sites box.

Note: Homepage is role based, and your homepage may look different due to your role customization. Select All Services drop-down menu to discover all options. Customize Settings: Administration > Personal Management > My Account > Edit work domain & skills button > Advanced box > check Work Domain boxes > Save changes button.

Note: Confirm Namespace feature is in correct namespace, drop-down selector located in upper-left corner. Not available in all services.

  • Select Manage in left-menu > select Service Discoveries.

Note: If options are not showing available, select Show link in Advanced nav options visible in bottom left corner. If needed, select Hide to minimize options from Advanced nav options mode.

  • Select Add Discovery button.

VK8S SERVICEDISCOVERY2
Figure: Service Discovery

Step 2: Name Discovery.

Enter Name, enter Labels and Description as needed.

Step 3: Configure where the discovery configuration is applicable.
  • In Where box, select Virtual-Site, Site, or Network in drop-down menu option.

    Note: Toggle Show Advanced Fields to expand options, and show the Virtual Network option.

  • Select Reference drop-down menu option to Select Virtual Site.

  • Enter Network Type drop-down menu option.

    • Site Local Network

    • Site Local Inside Network

    • Per Site Network

    • Global Network

    • Site Local Service Network

    • Site Local Inside and Outside Network

    Note: The Network Type field is not applicable for the Virtual Network setting. The Virtual Network option is visible when you enable the Show Advanced Fields option.

VK8S2 2 2
Figure: Service Discovery Config Options

Step 4: Configure discovery method for k8s access credentials.
  • Select Discovery Method drop-down menu option:
K8S Discovery Configuration Option.
  • Select Configure link.

VK8S SD2 3
Figure: Discovery Method

  • In Access Credentials box Select Kubernetes Credentials drop-down menu options:

    • Select Kubeconfig.

      • Select Configure link for Kubeconfig.

      • Configure Secret.

      • Select Apply button.

    • SelectTLS parameters for HTTP REST.

      • Enter API Server and Port.

      • Select Configure link in TLS Parameters box.

      • Configure Server Parameters and Client Parameters.

      • Select Configure link in Client Private Key box.

      • Configure Secret.

      Note: Token not required for kubeconfig. IAM credentials needed:

      • Select Configure link in K8S Discovery Configuration box in Discovery Method section.

      • Select Kubernetes Credentials drop-down menu, select TLS parameters for HTTP REST in Access Credentials section.

      • Select Configure link in TLS Parameters box.

      • Enter Server CA Certificates Server Parameters or Client Certificate in Client Parameters.

      • Select Apply button.

      Note: Select Apply button again if presented to complete form.

  • Toggle Show Advanced Fields to open Kubernetes POD network reachability drop-down menu option.

  • Select Kubernetes POD is isolated or Kubernetes POD is reachable in Kubernetes POD network reachability drop-down menu.

  • Select VIP Publishing or DNS Delegation drop-down menu option in VIP Publishing Configuration box.

    • Disable VIP Publishing and DNS Delegation

    • Publish domain to VIP mapping > enter Default Namespace.

    • Publish Fully Qualified Domain to VIP mapping

    • DNS Delegation > enter Subdomain > select DNS Mode drop-down menu option: Core DNS or K8s DNS.

  • Select Apply button.

  • Select Save and Exit button.

VK8S SD2 3 2
Figure: Access Credentials Options

Consul Discovery Configuration Option.
  • Select Configure link in Consule Discovery Configuration box.

VK8S SD2 3
Figure: Discovery Method

  • In Access Credentials box, enter API Server and Port.

  • Select Configure link in TLS Parameters.

    • Configure Server Parameters and Client Paramenters.

    • Select Configure in Client Private Key box to configure.

      • Configure Secret.

      • Select Apply button.

  • Enter User Name in HTTP Authentication Parameters.

  • Select Configure link in Password box.

    • Configure Secret.

      Note: Token not required for kubeconfig. IAM credentials needed:

      • Select Configure link in K8S Discovery Configuration box in Discovery Method section.

      • Select Kubernetes Credentials drop-down menu, select TLS parameters for HTTP REST in Access Credentials section.

      • Select Configure link in TLS Parameters box.

      • Enter Server CA Certificates Server Parameters or Client Certificate in Client Parameters.

      • Select Apply button

    • Select Apply button.

  • Select VIP Publishing or DNS Delegation drop-down menu option in VIP Publishing Configuration box.

    • Disable VIP Publishing and DNS Delegation

    • Publish domain to VIP mapping > enter Default Namespace.

    • Publish Fully Qualified Domain to VIP mapping

    • DNS Delegation > enter Subdomain > select DNS Mode drop-down menu option: Core DNS or K8s DNS.

  • Select Apply button.

  • Select Save and Exit button.

Step 5: Configure VIP publishing.
  • In the VIP Publishing configuration section, select an option for the Select VIP Publishing or DNS Delegation and configure as per the following guidelines:

  • For the Publish Domain to VIP mapping box, enter a namespace in the Default Namespace box.

With this, all domains include the configured namespace in the domain name.

  • Select the Publish Fully Qualified Domain to VIP mapping box in case all domains have namespaces in their domain name (FQDN).

  • For the DNS Delegation box, enter a subdomain in the Subdomain box. Select Core DNS or Kube DNS for the DNS mode box depending on your external k8s cluster DNS provider.

  • Select Apply button.

Step 6: Complete creating discovery object.

Select Save and Exit button to create the discovery object.


Verify Discovered Services

Verify that the service discovery object is created and discovered services.

Step 1: Verify that the services are discovered.
  • In Cloud and Edge Sites.

  • In the Manage tab > select Service Discoveries.

  • Confirm Service Discovery name (object) you created is in the list.

  • Check Services column displays number of services discovered.

Note: Screenshot shows eks-disco Service Discovery name (object) showing 2 Services discovered.

VK8S V5
Figure: Service Discovery Created

Step 2: Check the list of services discovered.
  • Select Service column link.

Note: Shown as 2 Services in screenshot.

VK8S V5
Figure: Service Discovery Created

  • Pop-up window appears to right of page listing discovered services.

  • Note Service Name to use in origin pool or endpoint set up.

Note: Shown as productpage.default in screenshot.

VK8S 5 2
Figure: Discovered Services


Use Discovered Services

After the service discovery object is created and the services are discovered, you can use it in the configurations such as the following:

  • Origin Pools: The origin pools are a way to declare the origin servers for your service in the load balancer configuration. You can create origin pools as part of HTTP load balancer creation or individually create and apply it to a HTTP load balancer later.

  • Endpoints: The endpoint objects are for advanced configuration for using in the virtual host configuration.


Configure Origin Pool with K8s Service Information

This chapter shows the origin pool creation with K8s service name for the origin server specification.

Step 1: Start origin pool creation.
  • Log into F5® Distributed Cloud Console, select Load Balancers.

  • Change to your application Namespace.

  • Select Manage > Load Balancers.

  • Select Origin Pools

  • Select + Add Origin Pool.

VK8S ORIGINPOOLS
Figure: Origin Pool with K8s Service Information

Step 2: Configure origin server type.
  • Enter Name, enter Labels and Description as needed.

Note: Origin pool name example: tp-op1-docs.

ORIGINPOOLNAME1 1
Figure: Origin Pool Name

  • Toggle Show Advanced Fields to expand options in Basic Configuration section.

  • In Origin Servers section select Origin Servers or select + Add Item button.

VK8S ORIGINPOOLS2 2
Figure: Origin Pool with K8s Service Information

  • Select Type of Origin Server drop-down menu, select K8s Service Name of Origin Server on given Sites option.

VK8S ORIGINPOOLSERVER 5 4
Figure: Origin Pool with K8s Service Information

  • More options appear on page.
Step 3: Set the service name.
  • Enter Service Name in box.

  • Obtain the service name using the instructions in the Verify Discovered Services chapter.

Step 4: Set site or virtual site for the discovery configuration.
  • Select Site or Virtual Site drop-down menu option.

    • Site > select Site drop-down menu option.

    • Virtual Site > select Virtual Site drop-down menu option.

  • Select Network on the site drop-down menu options:

    • Inside Network

    • Outside Network

    • vK8s Networks on Site

  • Select Origin Server Labels drop-down menu option as needed.

  • Select Add Item button.

SD ORIGINPOOL
Figure: Origin Pool with K8s Service Information

Step 5: Complete origin pool creation.
  • Select Port value, default is set to 443.

Note: NodePort service has two ports - NodePort and TargetPort. You need to put the target port value into the Port field when creating an origin pool.

This enables the service to be reachable on the selected network on the selected site or virtual site.

VK8S ORIGINPOOLS2 2
Figure: Origin Pool with K8s Service Information

  • Enter LoadBalancer Algorithm.

  • Select Endpoint Selection > List of Health Check(s).

  • Select + Add Item > TLS Configuration link.

  • In Advanced Options > select Configure.

  • Select Show Advanced Fields > Exception Handling.

  • Select Connection Timeout > HTTP Idle Timeout.

  • Select Origin Server Subsets > Miscellaneous Options.

  • Select Apply button as needed.

  • Select Save and Exit button.

VK8S ORIGINPOOLS2 3
Figure: Origin Pool with K8s Service Information


Create Endpoint with K8s Service Information

Step 1: Navigate to application namespace or create one.
  • Select Namespace from the namespace selector, or create a namespace.

    To create a namespace:

    • Select Administration > Personal Management.

    • Select My Namespaces > + Add namespace.

    • Enter Name, Description, and Roles.

    • Select Save Changes button.

Step 2: Start creating endpoint.
  • Log into F5 Distributed Cloud Console, select Load Balancers.

  • Change to your application Namespace.

  • Select Manage > Virtual Hosts.

  • Select Endpoints.

  • Select + Add Endpoint.

VK8S ENDPOINTS2
Figure: Endpoint Creation

Step 3: Obtain the K8s service information.

Refer to the Verify Discovered Services chapter for the K8s service information.

Step 4: Configure endpoint address information.
  • Enter Name, enter Labels and Description as needed.

VK8S ENDPOINTS2 2
Figure: Endpoint Address Reference Selector

  • In Origin Server(Endpoint) section.

  • Select Endpoint Specifier drop-down menu option Service Selector info.

  • Select Discovery drop-down menu option Kubernetes.

  • Select Service drop-down menu option Service name.

  • Enter Service Name in box.

Note: Use the <servicename.namespace> format.

VK8S 8
Figure: Endpoint Address Reference Selector

Step 5: Enter port and protocol values.
  • Select Protocol drop-down menu option value TCP.

  • Enter Port value, 80 shown in screenshot.

Note: NodePort service has two ports - NodePort and TargetPort. You need to put the target port value into the Port field when creating an origin pool.

  • Select Save and Exit button.

VK8S ENDPOINTS2 3
Figure: Endpoint Creation

Note: The port must be the service port of the Kubernetes service and not the node port.

With the steps above, you can discover a service endpoint from external Kubernetes providers using Service Info on a location specified using the selector. Once the service is discovered, the object can be used with other configuration objects of the F5® Distributed Cloud Console. For example, you can advertise it across sites in cloud or edge.

Step 6: Configure where the endpoint should be discovered.
  • Toggle Show Advanced Fields to expand options in Origin Server(Endpoint) section.

  • Select Virtual-Site or Site or Network drop-down menu option for where endpoint will be discovered.

  • Select Reference drop-down menu option, match same option used in Service Discoveries.

  • Toggle Show Advanced Fields to expand options in Port used for health check section if needed.

  • Select Save and Exit button.

VK8S ENDPOINTS2 3
Figure: Endpoint Address Reference Selector

Note: Any reference object (site, virtual site, and virtual network) needs to be created and listed before configuring the Selected field. All the available object list gets displayed on a cascading menu where you can select one or more objects.


Concepts


API References