Service Discovery - K8s
On This Page:
Objective
This document provides instructions on how to discover service endpoints using Kubernetes (K8s) service information in F5® Distributed Cloud Services. Service discovery enables you to find the endpoints where a given service is available. To know more information about service discovery, see Service Discovery.
Using the instructions provided in this guide, you can create a discovery object for a Kubernetes cluster and an endpoint for a service using the service name.
Prerequisites
The following prerequisites apply:
- A valid Account is required.
- Note: If you do not have an account, see Create an Account.
-
An existing Kubernetes cluster with a service or application reachable from a Site.
-
In case of Amazon Elastic Kubernetes Service (EKS), token-based authentication is required. Therefore, you must add AWS credentials in the kubeconfig file for successful service discovery.
Configuration
F5® Distributed Cloud Services enables users to discover existing service endpoints either natively or using external methods. This guide covers service discovery on sites, virtual sites, or virtual networks using Kubernetes service information.
The following figure shows the workflow for creating service discovery with Kubernetes service information:
Configuration Sequence
Discovering services using the Kubernetes service information requires performing the following sequence of actions:
Phase | Description |
---|---|
Create Discovery for External Kubernetes Cluster | Create a service discovery object of type Kubernetes. |
Verify Discovered Services | Verify that the service discovery object is created and successfully discovered services. |
Use Discovered Services | Configure endpoint with K8s as the discovery type and associate sites with it. |
Note: The site of discovery object and the endpoint must be the same.
Create Discovery for External Kubernetes Cluster
Features can be viewed, and managed in multiple services.
This example shows Service Discovery
setup in Multi-Cloud App Connect
.
Step 1: Start discover object creation in F5 Distributed Cloud Console.
Create a discovery configuration object in the System namespace.
- Open
F5 Distributed Cloud Console
> selectMulti-Cloud App Connect
box.
Note: Homepage is role based, and your homepage may look different due to your role customization. Select
All Services
drop-down menu to discover all options. Customize Settings:Administration
>Personal Management
>My Account
>Edit work domain & skills
button >Advanced
box > checkWork Domain
boxes >Save changes
button.
Note: Confirm
Namespace
feature is in correct namespace, drop-down selector located in upper-left corner. Not available in all services.
- Select
Manage
in left-menu > selectService Discoveries
.
Note: If options are not showing available, select
Show
link inAdvanced nav options visible
in bottom left corner. If needed, selectHide
to minimize options from Advanced nav options mode.
- Select
Add Discovery
button.
Step 2: Name Discovery.
-
Enter
Name
. -
Enter
Labels
andDescription
as needed.
Step 3: Configure where the discovery configuration is applicable.
-
In
Where
box, selectVirtual-Site
,Site
, orNetwork
in drop-down menu option.Note: Toggle
Show Advanced Fields
to expand options, and show theVirtual Network
option. -
Select
Reference
drop-down menu option toSelect Virtual Site
. -
Enter
Network Type
drop-down menu option.-
Site Local Network
-
Site Local Inside Network
-
Per Site Network
-
Global Network
-
Site Local Service Network
-
Site Local Inside and Outside Network
Note: The
Network Type
field is not applicable for theVirtual Network
setting. TheVirtual Network
option is visible when you enable theShow Advanced Fields
option. -
Step 4: Configure discovery method for k8s access credentials.
Select Discovery Method
drop-down menu option:
K8S Discovery Configuration Option.
- Select
Configure
link.
-
In
Access Credentials
boxSelect Kubernetes Credentials
drop-down menu options:-
Select
Kubeconfig
.-
Select
Configure
link forKubeconfig
. -
Configure
Secret
. -
Select
Apply
button.
-
-
In
Select Kubernetes Credentials
drop-down menu.-
Select
TLS parameters for HTTP REST
.-
Enter
API Server and Port
. -
Select
Configure
link inTLS Parameters
box. -
Enter
SNI name
. -
Configure
Server Parameters
andClient Parameters
.- Select
PEM
orBase64
inServer CA Certificates
.
- Select
-
Select
Configure
link inClient Private Key
box. -
Configure Secret.
-
Select
Apply
button. -
Select
Apply
button. -
Select
Apply
button.
Note: Token not required for kubeconfig. IAM credentials needed:
-
Select
Configure
link inK8S Discovery Configuration
box inDiscovery Method
section. -
Select Kubernetes Credentials
drop-down menu, selectTLS parameters for HTTP REST
inAccess Credentials
section. -
Select
Configure
link inTLS Parameters
box. -
Enter
Server CA Certificates
Server Parameters
orClient Certificate
inClient Parameters
. -
Select
Apply
button
-
-
Select
Apply
button.
Note: Select
Apply
button again if presented to complete form. -
-
-
Toggle
Show Advanced Fields
to openKubernetes POD network reachability
drop-down menu option. -
Select
Kubernetes POD is isolated
orKubernetes POD reachable
inKubernetes POD network reachability
drop-down menu. -
Select VIP Publishing or DNS Delegation
drop-down menu option inVIP Publishing Configuration
box.-
Disable VIP Publishing and DNS Delegation
-
Publish domain to VIP mapping
> enterDefault Namespace
. -
Publish Fully Qualified Domain to VIP mapping
-
DNS Delegation
> enterSubdomain
> selectDNS Mode
drop-down menu option:Core DNS
orK8s DNS
.
-
-
Select
Apply
button. -
Select
Save and Exit
button.
Consul Discovery Configuration Option.
- Select
Configure
link inConsule Discovery Configuration
box.
-
In
Access Credentials
box, enterAPI Server and Port
. -
Select
Configure
link inTLS Parameters
.-
Configure
Server Parameters
andClient Paramenters
. -
Select
Configure
inClient Private Key
box to configure.-
Configure
Secret
. -
Select
Apply
button.
-
-
-
Enter
User Name
inHTTP Authentication Parameters
. -
Select
Configure
link inPassword
box.-
Configure
Secret
.Note: Token not required for kubeconfig. IAM credentials needed:
-
Select
Configure
link inK8S Discovery Configuration
box inDiscovery Method
section. -
Select Kubernetes Credentials
drop-down menu, selectTLS parameters for HTTP REST
inAccess Credentials
section. -
Select
Configure
link inTLS Parameters
box. -
Enter
Server CA Certificates
Server Parameters
orClient Certificate
inClient Parameters
. -
Select
Apply
button
-
-
Select
Apply
button.
-
-
Select VIP Publishing or DNS Delegation
drop-down menu option inVIP Publishing Configuration
box.-
Disable VIP Publishing and DNS Delegation
-
Publish domain to VIP mapping
> enterDefault Namespace
. -
Publish Fully Qualified Domain to VIP mapping
-
DNS Delegation
> enterSubdomain
> selectDNS Mode
drop-down menu option:Core DNS
orK8s DNS
.
-
-
Select
Apply
button. -
Select
Save and Exit
button.
Step 5: Configure VIP publishing.
-
In the
VIP Publishing configuration
section, select an option for theSelect VIP Publishing or DNS Delegation
and configure as per the following guidelines: -
For the
Publish Domain to VIP mapping
box, enter a namespace in theDefault Namespace
box.
With this, all domains include the configured namespace in the domain name.
-
Select the
Publish Fully Qualified Domain to VIP mapping
box in case all domains have namespaces in their domain name (FQDN). -
For the
DNS Delegation
box, enter a subdomain in theSubdomain
box. SelectCore DNS
orKube DNS
for theDNS mode
box depending on your external k8s cluster DNS provider. -
Select
Apply
button.
Step 6: Complete creating discovery object.
Select Save and Exit
button to create the discovery object.
Verify Discovered Services
Verify that the service discovery object is created and discovered services.
Step 1: Verify that the services are discovered.
-
In
Multi-Cloud App Connect
. -
In the
Manage
tab > selectService Discoveries
. -
Confirm
Service Discovery
name (object) you created is in the list. -
Check
Services
column displays number of services discovered.
Note: Screenshot shows
eks-disco
Service Discovery name (object) showing2 Services
discovered.
Step 2: Check the list of services discovered.
- Select
Service
column link.
Note: Shown as
2 Services
in screenshot.
-
Pop-up window appears to right of page listing discovered services.
-
Note
Service Name
to use in origin pool or endpoint set up.
Note: Shown as
productpage.default
in screenshot.
Use Discovered Services
After the service discovery object is created and the services are discovered, you can use it in the configurations such as the following:
-
Origin Pools: The origin pools are a way to declare the origin servers for your service in the load balancer configuration. You can create origin pools as part of HTTP load balancer creation or individually create and apply it to a HTTP load balancer later.
-
Endpoints: The endpoint objects are for advanced configuration for using in the virtual host configuration.
Configure Origin Pool with K8s Service Information
This chapter shows the origin pool creation with K8s service name for the origin server specification.
Step 1: Start origin pool creation.
-
Log into
F5 Distributed Cloud Console
, selectMulti-Cloud App Connect
. -
Change to your application
Namespace
. -
Select
Manage
>Load Balancers
. -
Select
Origin Pools
-
Select
+ Add Origin Pool
.
Step 2: Configure origin server type.
- Enter
Name
, enterLabels
andDescription
as needed.
Note: Origin pool name example:
tp-op1-docs
.
- In
Origin Servers
section selectOrigin Servers
or select+ Add Item
button.
Select Type of Origin Server
drop-down menu, selectK8s Service Name of Origin Server on given Sites
option.
- More options appear on page.
Step 3: Set the service name.
-
Enter
Service Name
in box. -
Obtain the service name using the instructions in the Verify Discovered Services chapter.
Step 4: Set site or virtual site for the discovery configuration.
-
Select Site or Virtual Site
drop-down menu option.-
Site
> selectSite
drop-down menu option. -
Virtual Site
> selectVirtual Site
drop-down menu option.
-
-
Select Network on the site
drop-down menu options:-
Inside Network
-
Outside Network
-
vK8s Networks on Site
-
-
Select
Origin Server Labels
drop-down menu option as needed. -
Select
Add Item
button.
Step 5: Complete origin pool creation.
- Select
Port
value, default is set to 443.
Note: NodePort service has two ports - NodePort and TargetPort. You need to put the target port value into the Port field when creating an origin pool.
This enables the service to be reachable on the selected network on the selected site or virtual site.
-
Enter
LoadBalancer Algorithm
. -
Select
Endpoint Selection
>List of Health Check(s)
. -
Select
+ Add Item
>TLS Configuration
link. -
In
Advanced Options
> selectConfigure
. -
Select
Show Advanced Fields
>Exception Handling
. -
Select
Connection Timeout
>HTTP Idle Timeout
. -
Select
Origin Server Subsets
>Miscellaneous Options
. -
Select
Apply
button as needed. -
Select
Save and Exit
button.
Create Endpoint with K8s Service Information
Step 1: Navigate to application namespace or create one.
-
Select
Namespace
from the namespace selector, or create a namespace.To create a namespace:
-
Select
Administration
>Personal Management
. -
Select
My Namespaces
>+ Add namespace
. -
Enter
Name
,Description
, andRoles
. -
Select
Save Changes
button.
-
Step 2: Start creating endpoint.
-
Log into
F5 Distributed Cloud Console
, selectMulti-Cloud App Connect
. -
Change to your application
Namespace
. -
Select
Manage
>Virtual Hosts
. -
Select
Endpoints
. -
Select
+ Add Endpoint
.
Step 3: Obtain the K8s service information.
Refer to the Verify Discovered Services chapter for the K8s service information.
Step 4: Configure endpoint address information.
-
Enter
Name
. -
Enter
Labels
andDescription
as needed.
-
In
Origin Server(Endpoint)
section. -
Select
Endpoint Specifier
drop-down menu optionService Selector info
. -
Select
Discovery
drop-down menu optionKubernetes
. -
Select
Service
drop-down menu optionService name
. -
Enter
Service Name
in box.
Note: Use the
<servicename.namespace>
format.
Step 5: Enter port and protocol values.
-
Select
Protocol
drop-down menu option valueTCP
. -
Enter
Port
value,80
shown in screenshot.
Note: NodePort service has two ports - NodePort and TargetPort. You need to put the target port value into the Port field when creating an origin pool.
- Select
Save and Exit
button.
Note: The port must be the service port of the Kubernetes service and not the node port.
With the steps above, you can discover a service endpoint from external Kubernetes providers using Service Info
on a location specified using the selector. Once the service is discovered, the object can be used with other configuration objects of the F5® Distributed Cloud Console. For example, you can advertise it across sites in cloud or edge.
Step 6: Configure where the endpoint should be discovered.
-
Toggle
Show Advanced Fields
to expand options inOrigin Server(Endpoint)
section. -
Select
Virtual-Site or Site or Network
drop-down menu option for where endpoint will be discovered. -
Select
Reference
drop-down menu option, match same option used inService Discoveries
. -
Toggle
Show Advanced Fields
to expand options inPort used for health check
section if needed. -
Select
Save and Exit
button.
Note: Any reference object (site, virtual site, and virtual network) needs to be created and listed before configuring the
Selected
field. All the available object list gets displayed on a cascading menu where you can select one or more objects.