Service Discovery - K8s
Objective
This document provides instructions on how to discover service endpoints using Kubernetes (K8s) service information in F5® Distributed Cloud Services. Service discovery enables you to find the endpoints where a given service is available. To know more information about service discovery, see Service Discovery.
Using the instructions provided in this guide, you can create a discovery object for a Kubernetes cluster and an endpoint for a service using the service name.
Prerequisites
The following prerequisites apply:
- A valid Account is required.
- Note: If you do not have an account, see Create an Account.
-
An existing Kubernetes cluster with a service or application reachable from a Site.
-
In case of Amazon Elastic Kubernetes Service (EKS), token-based authentication is required. Therefore, you must add AWS credentials in the kubeconfig file for successful service discovery.
Configuration
F5® Distributed Cloud Services enables users to discover existing service endpoints either natively or using external methods. This guide covers service discovery on sites, virtual sites, or virtual networks using Kubernetes service information.
The following figure shows the workflow for creating service discovery with Kubernetes service information:
Figure: Setting up Service Discovery with k8s Service Info
Configuration Sequence
Discovering services using the Kubernetes service information requires performing the following sequence of actions:
Phase | Description |
---|---|
Create Discovery for External Kubernetes Cluster | Create a service discovery object of type Kubernetes. |
Verify Discovered Services | Verify that the service discovery object is created and successfully discovered services. |
Use Discovered Services | Configure endpoint with K8s as the discovery type and associate sites with it. |
Note: The site of discovery object and the endpoint must be the same.
Create Discovery for External Kubernetes Cluster
Features can be viewed, and managed in multiple services.
This example shows Service Discovery
setup in Multi-Cloud App Connect
.
Step 1: Start discover object creation in F5 Distributed Cloud Console.
Create a discovery configuration object in the System namespace.
- Open
F5 Distributed Cloud Console
> selectMulti-Cloud App Connect
box.
Note: Homepage is role based, and your homepage may look different due to your role customization. Select
All Services
drop-down menu to discover all options. Customize Settings:Administration
>Personal Management
>My Account
>Edit work domain & skills
button >Advanced
box > checkWork Domain
boxes >Save changes
button.
Figure: Homepage
Note: Confirm
Namespace
feature is in correct namespace, drop-down selector located in upper-left corner. Not available in all services.
- Select
Manage
in left-menu > selectService Discoveries
.
Note: If options are not showing available, select
Show
link inAdvanced nav options visible
in bottom left corner. If needed, selectHide
to minimize options from Advanced nav options mode.
- Select
Add Discovery
button.
Figure: Service Discovery
Step 2: Name Discovery.
-
Enter
Name
. -
Enter
Labels
andDescription
as needed.
Step 3: Configure where the discovery configuration is applicable.
- In
Where
box, selectVirtual-Site
,Site
, orVirtual Network
in drop-down menu option.
Note: Toggle
Show Advanced Fields
to expand options, and show theVirtual Network
option.
-
Select
Reference
drop-down menu option to Select Virtual Site, Site, or Virtual Network. -
Enter
Network Type
drop-down menu option.
Note:
Network Type
only available forVirtual Site
andSite
options notVirtual Network
.
-
Site Local Network
-
Site Local Inside Network
-
Per Site Network
-
Global Network
-
Site Local Service Network
-
Site Local Inside and Outside Network
Figure: Service Discovery Config Options
Step 4: Configure discovery method for k8s access credentials.
Select Discovery Method
drop-down menu optionK8S Discovery Configuration
orConsul Discovery Configuration
.
K8S Discovery Configuration Option.
- Select
Configure
link inK8S Discovery Configuration
box.
Figure: Discovery Method
-
In
Access Credentials
boxSelect Kubernetes Credentials
drop-down menu options:-
Kubeconfig
Option:-
Select
Configure
link forKubeconfig
. -
Configure
Secret
. -
Select
Apply
button.
-
-
-
TLS parameters for HTTP REST
Option:-
Enter
API Server and Port
. -
Select
Configure
link inTLS Parameters
box. -
Enter
SNI name
. -
Configure
Server Parameters
andClient Parameters
.- Select
PEM
orBase64
inServer CA Certificates
.
- Select
-
Select
Configure
link inClient Private Key
box. -
Configure Secret.
-
Select
Apply
button. -
Select
Apply
button. -
Select
Apply
button.
Note: Token not required for kubeconfig. IAM credentials needed:
-
Select
Configure
link inK8S Discovery Configuration
box inDiscovery Method
section. -
Select Kubernetes Credentials
drop-down menu, selectTLS parameters for HTTP REST
inAccess Credentials
section. -
Select
Configure
link inTLS Parameters
box. -
Enter
Server CA Certificates
Server Parameters
orClient Certificate
inClient Parameters
. -
Select
Apply
button -
Select
Apply
button.
Note: Select
Apply
button again if presented to complete form. -
-
Toggle
Show Advanced Fields
to openKubernetes POD network reachability
drop-down menu option. -
Select
Kubernetes POD is isolated
orKubernetes POD reachable
inKubernetes POD network reachability
drop-down menu. -
Select VIP Publishing or DNS Delegation
drop-down menu option inVIP Publishing Configuration
box.-
Disable VIP Publishing and DNS Delegation
-
Publish domain to VIP mapping
> enterDefault Namespace
. -
Publish Fully Qualified Domain to VIP mapping
-
DNS Delegation
> enterSubdomain
> selectDNS Mode
drop-down menu option:Core DNS
orK8s DNS
.
-
-
Select
Apply
button. -
Select
Save and Exit
button.
Figure: Access Credentials Options
Consul Discovery Configuration Option.
- Select
Configure
link inConsule Discovery Configuration
box.
Figure: Discovery Method
-
In
Access Credentials
box, enterAPI Server and Port
. -
Select
Configure
link inTLS Parameters
.-
Configure
Server Parameters
andClient Paramenters
. -
Select
Configure
inClient Private Key
box to configure.-
Configure
Secret
. -
Select
Apply
button.
-
-
-
Enter
User Name
inHTTP Authentication Parameters
. -
Select
Configure
link inPassword
box.-
Configure
Secret
.Note: Token not required for kubeconfig. IAM credentials needed:
-
Select
Configure
link inK8S Discovery Configuration
box inDiscovery Method
section. -
Select Kubernetes Credentials
drop-down menu, selectTLS parameters for HTTP REST
inAccess Credentials
section. -
Select
Configure
link inTLS Parameters
box. -
Enter
Server CA Certificates
Server Parameters
orClient Certificate
inClient Parameters
. -
Select
Apply
button
-
-
Select
Apply
button.
-
-
Select VIP Publishing or DNS Delegation
drop-down menu option inVIP Publishing Configuration
box.-
Disable VIP Publishing and DNS Delegation
. -
Publish domain to VIP mapping
> enterDefault Namespace
. -
Publish Fully Qualified Domain to VIP mapping
. -
DNS Delegation
> enterSubdomain
> selectDNS Mode
drop-down menu option:Core DNS
orK8s DNS
.
-
-
Select
Apply
button. -
Select
Save and Exit
button.
Step 5: Configure VIP publishing.
-
Select VIP Publishing or DNS Delegation
drop-down menu inVIP Publishing Configuration
section.Choose option:
-
Disable VIP publishing and DNS Delegation
. -
If All domains include the configured namespace in the domain name.
- Select
Publish domain to VIP Mapping
> enter namespace inDefault Namespace
box.
- Select
-
-
If All domains have namespaces in their domain name (FQDN).
- Select
Publish Fully Qualified Domain to VIP mapping
.
- Select
-
If subdomain for external k8s cluster with DNS provider.
-
Select
DNS Delegation
> enterSubdomain
in box > selectDNS mode
option:Core DNS
orK8s DNS
. -
Select
Apply
button.
Step 6: Complete creating discovery object.
Select Save and Exit
button to create the discovery object.
Verify Discovered Services
Verify that the service discovery object is created and discovered services.
Step 1: Verify that the services are discovered.
-
In
Multi-Cloud App Connect
. -
In the
Manage
tab > selectService Discoveries
. -
Confirm
Service Discovery
name (object) you created is in the list. -
Check
Services
column displays number of services discovered.
Note: Service Discovery name (object) should show number of services discovered Example:
2 Services
.
Figure: Service Discovery Created
Step 2: Check the list of services discovered.
- Select
Service
column link.
Note: Shown as
2 Services
in screenshot.
Figure: Service Discovery Created
-
Pop-up window appears to right of page listing discovered services.
-
Note
Service Name
to use in origin pool or endpoint set up.
Note: Shown as
productpage.default
in screenshot.
Use Discovered Services
After the service discovery object is created and the services are discovered, you can use it in the configurations such as the following:
-
Origin Pools: The origin pools are a way to declare the origin servers for your service in the load balancer configuration. You can create origin pools as part of HTTP load balancer creation or individually create and apply it to a HTTP load balancer later.
-
Endpoints: The endpoint objects are for advanced configuration for using in the virtual host configuration.
Configure Origin Pool with K8s Service Information
This chapter shows the origin pool creation with K8s service name for the origin server specification.
Step 1: Start origin pool creation.
-
Log into
F5 Distributed Cloud Console
, selectMulti-Cloud App Connect
. -
Change to your application
Namespace
. -
Select
Manage
>Load Balancers
. -
Select
Origin Pools
-
Select
+ Add Origin Pool
.
Figure: Origin Pool with K8s Service Information
Step 2: Configure origin server type.
- Enter
Name
, enterLabels
andDescription
as needed.
Note: Origin pool name example:
tp-op1-docs
.
- In
Origin Servers
section selectOrigin Servers
or select+ Add Item
button.
Select Type of Origin Server
drop-down menu, selectK8s Service Name of Origin Server on given Sites
option.
Figure: Origin Pool Name
- More options appear on page.
Step 3: Set the service name.
-
Enter
Service Name
in box. -
Obtain the service name using the instructions in the Verify Discovered Services chapter.
Step 4: Set site or virtual site for the discovery configuration.
-
Select Site or Virtual Site
drop-down menu option.-
Site
> selectSite
drop-down menu option. -
Virtual Site
> selectVirtual Site
drop-down menu option.
-
-
Select Network on the site
drop-down menu options:-
Inside Network
-
Outside Network
-
vK8s Networks on Site
-
-
Select
Origin Server Labels
drop-down menu option as needed. -
Select
Add Item
button.
Step 5: Complete origin pool creation.
- Select
Port
value, default is set to 443.
Note: NodePort service has two ports - NodePort and TargetPort. You need to put the target port value into the Port field when creating an origin pool.
This enables the service to be reachable on the selected network on the selected site or virtual site.
-
Enter
LoadBalancer Algorithm
. -
Select
Endpoint Selection
>List of Health Check(s)
. -
Select
+ Add Item
>TLS Configuration
link. -
In
Advanced Options
> selectConfigure
. -
Select
Show Advanced Fields
>Exception Handling
. -
Select
Connection Timeout
>HTTP Idle Timeout
. -
Select
Origin Server Subsets
>Miscellaneous Options
. -
Select
Apply
button as needed. -
Select
Save and Exit
button.
Create Endpoint with K8s Service Information
Step 1: Navigate to application namespace or create one.
-
Select
Namespace
from the namespace selector, or create a namespace.To create a namespace:
-
Select
Administration
>Personal Management
. -
Select
My Namespaces
>+ Add namespace
. -
Enter
Name
,Description
, andRoles
. -
Select
Save Changes
button.
-
Step 2: Start creating endpoint.
-
Log into
F5 Distributed Cloud Console
, selectMulti-Cloud App Connect
. -
Change to your application
Namespace
. -
Select
Manage
>Virtual Hosts
. -
Select
Endpoints
. -
Select
+ Add Endpoint
.
Figure: Endpoint Creation
Step 3: Obtain the K8s service information.
Refer to the Verify Discovered Services chapter for the K8s service information.
Step 4: Configure endpoint address information.
-
Enter
Name
. -
Enter
Labels
andDescription
as needed.
-
In
Origin Server(Endpoint)
section. -
Select
Endpoint Specifier
drop-down menu optionService Selector info
. -
Select
Discovery
drop-down menu optionKubernetes
. -
Select
Service
drop-down menu optionService name
. -
Enter
Service Name
in box.
Note: Use the
<servicename.namespace>
format.
Figure: Endpoint Address Reference Selector
Step 5: Enter port and protocol values.
-
Select
Protocol
drop-down menu option valueTCP
. -
Enter
Port
value,80
shown in screenshot.
Note: NodePort service has two ports - NodePort and TargetPort. You need to put the target port value into the Port field when creating an origin pool.
- Select
Save and Exit
button.
Figure: Endpoint Creation
Note: The port must be the service port of the Kubernetes service and not the node port.
With the steps above, you can discover a service endpoint from external Kubernetes providers using Service Info
on a location specified using the selector. Once the service is discovered, the object can be used with other configuration objects of the F5® Distributed Cloud Console. For example, you can advertise it across sites in cloud or edge.
Step 6: Configure where the endpoint should be discovered.
-
Toggle
Show Advanced Fields
to expand options inOrigin Server(Endpoint)
section. -
Select
Virtual-Site or Site or Network
drop-down menu option for where endpoint will be discovered. -
Select
Reference
drop-down menu option, match same option used inService Discoveries
. -
Toggle
Show Advanced Fields
to expand options inPort used for health check
section if needed. -
Select
Save and Exit
button.
Figure: Endpoint Address Reference Selector
Note: Any reference object (site, virtual site, and virtual network) needs to be created and listed before configuring the
Selected
field. All the available object list gets displayed on a cascading menu where you can select one or more objects.