Flannel vxlan tunnel with F5 BIG-IP

Rancher 2.x
1

Hi,

I installed rancher 2.0 with 3 ubuntu linux nodes in use (one node with all services and two worker nodes).
I used flannel as cni and a disabled nginx as ingress controller during the cluster deployment.

So far everything works fine. Now, I want to integrate my F5 BIG-IP into k8s with rancher. I configured on the F5 BIG-IP a vxlan tunnel with a new flannel subnet and I created a new node via kubectl to connect the F5 BIG-IP via flannel vxlan tunnel.

But now when I do a ping on the master k8s node to one IP of that BIG-IP vxlan network I’m not able to get a ping replay. On the master k8s node I hit “ip route” and I see that route was configured correctly while creating the BIG-IP node via kubectl.

But is this troubleshooting step correct? I don’t have kubectl available on the master k8s node bash. I have seen other deployments with k8s edition that worked with flannel but when I use rancher I’m not able to establish the vxlan tunnel with the F5 BIG-IP (as ingress controller).

Any hint kindly appreciated!!!

Thx aracloud

2

Hi Folks,

Just as my feedback on my findings for others struggling with it.

I figured it out. Running F5 BIG-Ip successfully as Ingress for K8s in Rancher is simply following the steps on https://clouddocs.f5.com/containers/v2/kubernetes/.

Once the BIG-IP Controller (Container Connector) is deployed in K8s I was able to ping the connected vxlan (via flannel) on the endpoint. Afterwards, it was easy to deploy for instance a Web Application Firewall (WAF) profile for App’s on K8s to secure North/South traffic.

Perfect match!

Cheers
//AC

3

Thank you for the resolution comment. I have been trying to add the bigip dummy node into one of my k8s clusters managed by the rancher cluster, but it keeps getting removed.

However, I just tried creating the bigip dummy node in the local rancher cluster and it didn’t get removed.

My question is, how are you planning to route traffic to your k8s cluster (not rancher) using this bigip gateway (“dummy” node) deployed to the rancher local-cluster?