Service Discovery - K8s

Objective

This document provides instructions on how to discover service endpoints using Kubernetes (K8s) service information in F5® Distributed Cloud Services. Service discovery enables you to find the endpoints where a given service is available. To know more information about service discovery, see Service Discovery.

Using the instructions provided in this guide, you can create a discovery object for a Kubernetes cluster and an endpoint for a service using the service name.

Prerequisites

The following prerequisites apply:

  • An existing Kubernetes cluster with a service or application reachable from a Site.

  • In case of Amazon Elastic Kubernetes Service (EKS), token-based authentication is required. Therefore, you must add AWS credentials in the kubeconfig file for successful service discovery.

Configuration

F5® Distributed Cloud Services enables users to discover existing service endpoints either natively or using external methods. This guide covers service discovery on sites, virtual sites, or virtual networks using Kubernetes service information.

The following figure shows the workflow for creating service discovery with Kubernetes service information:

Figure: Setting up Service Discovery with k8s Service Info

Figure: Setting up Service Discovery with k8s Service Info

Configuration Sequence

Discovering services using the Kubernetes service information requires performing the following sequence of actions:

PhaseDescription
Create Discovery for External Kubernetes ClusterCreate a service discovery object of type Kubernetes.
Verify Discovered ServicesVerify that the service discovery object is created and successfully discovered services.
Use Discovered ServicesConfigure endpoint with K8s as the discovery type and associate sites with it.

Note: The site of discovery object and the endpoint must be the same.

Create Discovery for External Kubernetes Cluster

Features can be viewed, and managed in multiple services.

This example shows Service Discovery setup in Multi-Cloud App Connect.

Step 1: Start discover object creation in F5 Distributed Cloud Console.

Create a discovery configuration object in the System namespace.

  • Open F5 Distributed Cloud Console > select Multi-Cloud App Connect box.

Note: Homepage is role based, and your homepage may look different due to your role customization. Select All Services drop-down menu to discover all options. Customize Settings: Administration > Personal Management > My Account > Edit work domain & skills button > Advanced box > check Work Domain boxes > Save changes button.

Figure: Homepage

Figure: Homepage

Note: Confirm Namespace feature is in correct namespace, drop-down selector located in upper-left corner. Not available in all services.

  • Select Manage in left-menu > select Service Discoveries.

Note: If options are not showing available, select Show link in Advanced nav options visible in bottom left corner. If needed, select Hide to minimize options from Advanced nav options mode.

  • Select Add Discovery button.
Figure: Service Discovery

Figure: Service Discovery

Step 2: Name Discovery.

  • Enter Name.

  • Enter Labels and Description as needed.

Step 3: Configure where the discovery configuration is applicable.
  • In Where box, select Virtual-Site, Site, or Virtual Network in drop-down menu option.

Note: Toggle Show Advanced Fields to expand options, and show the Virtual Network option.

  • Select Reference drop-down menu option to Select Virtual Site, Site, or Virtual Network.

  • Enter Network Type drop-down menu option.

Note: Network Type only available for Virtual Site and Site options not Virtual Network.

  • Site Local Network

  • Site Local Inside Network

  • Per Site Network

  • Global Network

  • Site Local Service Network

  • Site Local Inside and Outside Network

Figure: Service Discovery Config Options

Figure: Service Discovery Config Options

Step 4: Configure discovery method for k8s access credentials.
  • Select Discovery Method drop-down menu option K8S Discovery Configuration or Consul Discovery Configuration.
K8S Discovery Configuration Option.
  • Select Configure link in K8S Discovery Configuration box.
Figure: Discovery Method

Figure: Discovery Method

  • In Access Credentials box Select Kubernetes Credentials drop-down menu options:

    • Kubeconfig Option:

      • Select Configure link for Kubeconfig.

      • Configure Secret.

      • Select Apply button.

  • TLS parameters for HTTP REST Option:

    • Enter API Server and Port.

    • Select Configure link in TLS Parameters box.

    • Enter SNI name.

    • Configure Server Parameters and Client Parameters.

      • Select PEM or Base64 in Server CA Certificates.

    • Select Configure link in Client Private Key box.

    • Configure Secret.

    • Select Apply button.

    • Select Apply button.

    • Select Apply button.

    Note: Token not required for kubeconfig. IAM credentials needed:

    • Select Configure link in K8S Discovery Configuration box in Discovery Method section.

    • Select Kubernetes Credentials drop-down menu, select TLS parameters for HTTP REST in Access Credentials section.

    • Select Configure link in TLS Parameters box.

    • Enter Server CA Certificates Server Parameters or Client Certificate in Client Parameters.

    • Select Apply button

    • Select Apply button.

    Note: Select Apply button again if presented to complete form.

  • Toggle Show Advanced Fields to open Kubernetes POD network reachability drop-down menu option.

  • Select Kubernetes POD is isolated or Kubernetes POD reachable in Kubernetes POD network reachability drop-down menu.

  • Select VIP Publishing or DNS Delegation drop-down menu option in VIP Publishing Configuration box.

    • Disable VIP Publishing and DNS Delegation

    • Publish domain to VIP mapping > enter Default Namespace.

    • Publish Fully Qualified Domain to VIP mapping

    • DNS Delegation > enter Subdomain > select DNS Mode drop-down menu option: Core DNS or K8s DNS.

  • Select Apply button.

  • Select Save and Exit button.

Figure: Access Credentials Options

Figure: Access Credentials Options

Consul Discovery Configuration Option.
  • Select Configure link in Consule Discovery Configuration box.
Figure: Discovery Method

Figure: Discovery Method

  • In Access Credentials box, enter API Server and Port.

  • Select Configure link in TLS Parameters.

    • Configure Server Parameters and Client Paramenters.

    • Select Configure in Client Private Key box to configure.

      • Configure Secret.

      • Select Apply button.

  • Enter User Name in HTTP Authentication Parameters.

  • Select Configure link in Password box.

    • Configure Secret.

      Note: Token not required for kubeconfig. IAM credentials needed:

      • Select Configure link in K8S Discovery Configuration box in Discovery Method section.

      • Select Kubernetes Credentials drop-down menu, select TLS parameters for HTTP REST in Access Credentials section.

      • Select Configure link in TLS Parameters box.

      • Enter Server CA Certificates Server Parameters or Client Certificate in Client Parameters.

      • Select Apply button

    • Select Apply button.

  • Select VIP Publishing or DNS Delegation drop-down menu option in VIP Publishing Configuration box.

    • Disable VIP Publishing and DNS Delegation.

    • Publish domain to VIP mapping > enter Default Namespace.

    • Publish Fully Qualified Domain to VIP mapping.

    • DNS Delegation > enter Subdomain > select DNS Mode drop-down menu option: Core DNS or K8s DNS.

  • Select Apply button.

  • Select Save and Exit button.

Step 5: Configure VIP publishing.

  • Select VIP Publishing or DNS Delegation drop-down menu in VIP Publishing Configuration section.

    Choose option:

    • Disable VIP publishing and DNS Delegation.

    • If All domains include the configured namespace in the domain name.

      • Select Publish domain to VIP Mapping > enter namespace in Default Namespace box.

  • If All domains have namespaces in their domain name (FQDN).

    • Select Publish Fully Qualified Domain to VIP mapping.

  • If subdomain for external k8s cluster with DNS provider.

  • Select DNS Delegation > enter Subdomain in box > select DNS mode option: Core DNS or K8s DNS.

  • Select Apply button.

Step 6: Complete creating discovery object.

Select Save and Exit button to create the discovery object.

Verify Discovered Services

Verify that the service discovery object is created and discovered services.

Step 1: Verify that the services are discovered.

  • In Multi-Cloud App Connect.

  • In the Manage tab > select Service Discoveries.

  • Confirm Service Discovery name (object) you created is in the list.

  • Check Services column displays number of services discovered.

Note: Service Discovery name (object) should show number of services discovered Example: 2 Services.

Figure: Service Discovery Created

Figure: Service Discovery Created

Step 2: Check the list of services discovered.
  • Select Service column link.

Note: Shown as 2 Services in screenshot.

Figure: Service Discovery Created

Figure: Service Discovery Created

  • Pop-up window appears to right of page listing discovered services.

  • Note Service Name to use in origin pool or endpoint set up.

Note: Shown as productpage.default in screenshot.

Use Discovered Services

After the service discovery object is created and the services are discovered, you can use it in the configurations such as the following:

  • Origin Pools: The origin pools are a way to declare the origin servers for your service in the load balancer configuration. You can create origin pools as part of HTTP load balancer creation or individually create and apply it to a HTTP load balancer later.

  • Endpoints: The endpoint objects are for advanced configuration for using in the virtual host configuration.

Configure Origin Pool with K8s Service Information

This chapter shows the origin pool creation with K8s service name for the origin server specification.

Step 1: Start origin pool creation.

  • Log into F5 Distributed Cloud Console, select Multi-Cloud App Connect.

  • Change to your application Namespace.

  • Select Manage > Load Balancers.

  • Select Origin Pools

  • Select + Add Origin Pool.

Figure: Origin Pool with K8s Service Information

Figure: Origin Pool with K8s Service Information

Step 2: Configure origin server type.
  • Enter Name, enter Labels and Description as needed.

Note: Origin pool name example: tp-op1-docs.

  • In Origin Servers section select Origin Servers or select + Add Item button.
  • Select Type of Origin Server drop-down menu, select K8s Service Name of Origin Server on given Sites option.
Figure: Origin Pool Name

Figure: Origin Pool Name

  • More options appear on page.
Step 3: Set the service name.

  • Enter Service Name in box.

  • Obtain the service name using the instructions in the Verify Discovered Services chapter.

Step 4: Set site or virtual site for the discovery configuration.

  • Select Site or Virtual Site drop-down menu option.

    • Site > select Site drop-down menu option.

    • Virtual Site > select Virtual Site drop-down menu option.

  • Select Network on the site drop-down menu options:

    • Inside Network

    • Outside Network

    • vK8s Networks on Site

  • Select Origin Server Labels drop-down menu option as needed.

  • Select Add Item button.

Step 5: Complete origin pool creation.
  • Select Port value, default is set to 443.

Note: NodePort service has two ports - NodePort and TargetPort. You need to put the target port value into the Port field when creating an origin pool.

This enables the service to be reachable on the selected network on the selected site or virtual site.

  • Enter LoadBalancer Algorithm.

  • Select Endpoint Selection > List of Health Check(s).

  • Select + Add Item > TLS Configuration link.

  • In Advanced Options > select Configure.

  • Select Show Advanced Fields > Exception Handling.

  • Select Connection Timeout > HTTP Idle Timeout.

  • Select Origin Server Subsets > Miscellaneous Options.

  • Select Apply button as needed.

  • Select Save and Exit button.

Create Endpoint with K8s Service Information

Step 1: Navigate to application namespace or create one.

  • Select Namespace from the namespace selector, or create a namespace.

    To create a namespace:

    • Select Administration > Personal Management.

    • Select My Namespaces > + Add namespace.

    • Enter Name, Description, and Roles.

    • Select Save Changes button.

Step 2: Start creating endpoint.

  • Log into F5 Distributed Cloud Console, select Multi-Cloud App Connect.

  • Change to your application Namespace.

  • Select Manage > Virtual Hosts.

  • Select Endpoints.

  • Select + Add Endpoint.

Figure: Endpoint Creation

Figure: Endpoint Creation

Step 3: Obtain the K8s service information.

Refer to the Verify Discovered Services chapter for the K8s service information.

Step 4: Configure endpoint address information.

  • Enter Name.

  • Enter Labels and Description as needed.

  • In Origin Server(Endpoint) section.

  • Select Endpoint Specifier drop-down menu option Service Selector info.

  • Select Discovery drop-down menu option Kubernetes.

  • Select Service drop-down menu option Service name.

  • Enter Service Name in box.

Note: Use the <servicename.namespace> format.

Figure: Endpoint Address Reference Selector

Figure: Endpoint Address Reference Selector

Step 5: Enter port and protocol values.

  • Select Protocol drop-down menu option value TCP.

  • Enter Port value, 80 shown in screenshot.

Note: NodePort service has two ports - NodePort and TargetPort. You need to put the target port value into the Port field when creating an origin pool.

  • Select Save and Exit button.
Figure: Endpoint Creation

Figure: Endpoint Creation

Note: The port must be the service port of the Kubernetes service and not the node port.

With the steps above, you can discover a service endpoint from external Kubernetes providers using Service Info on a location specified using the selector. Once the service is discovered, the object can be used with other configuration objects of the F5® Distributed Cloud Console. For example, you can advertise it across sites in cloud or edge.

Step 6: Configure where the endpoint should be discovered.

  • Toggle Show Advanced Fields to expand options in Origin Server(Endpoint) section.

  • Select Virtual-Site or Site or Network drop-down menu option for where endpoint will be discovered.

  • Select Reference drop-down menu option, match same option used in Service Discoveries.

  • Toggle Show Advanced Fields to expand options in Port used for health check section if needed.

  • Select Save and Exit button.

Figure: Endpoint Address Reference Selector

Figure: Endpoint Address Reference Selector

Note: Any reference object (site, virtual site, and virtual network) needs to be created and listed before configuring the Selected field. All the available object list gets displayed on a cascading menu where you can select one or more objects.

Concepts

API References

On this page: