Install Container Ingress Service (CIS)

From Genesys Documentation
Jump to: navigation, search

Learn how to install the F5 Container Ingress Services (CIS) on an OpenShift/Kubernetes cluster, as part of SBC integration with the private edition deployment on OpenShift.

Installing CIS using helm charts

  1. Add BIG-IP credentials as Kubernetes secrets:
     oc create secret generic bigip-login -n kube-system --from-literal=username=admin --from-literal=password=<password>
  2. Add the CIS chart repository in the helm using the following command:
    helm repo add f5-stable
  3. Create a values.yaml file as follows:
    bigip_login_secret: bigip-login
      create: true
      # Specifies whether a service account should be created
      create: true
      # The name of the service account to use.
      # If not set and create is true, a name is generated using the fullname template
      name: k8s-bigip-ctlr
    # This namespace is where the Controller lives;
    namespace: netops
      # See
      # NOTE: helm has difficulty with values using `-`; `_` are used for naming
      # and are replaced with `-` during rendering.
      # REQUIRED Params
      bigip_partition: cisPartition
      openshift-sdn-name: /Common/openshift_vxlan
      # namespaces: In the Genesys testing environment, the sip components were
      # deployed in the voice namespace and the media-servers in the gvp\
      # namespaces. This needs to be specified as needed
      namespaces: ["webrtc", "gvp", "voice"]
      pool_member_type: cluster
      insecure: true
      agent: as3
      as3-validation: false
      log-as3-response: true
      # Use the tag to target a specific version of the Controller
      user: f5networks
      repo: k8s-bigip-ctlr
      pullPolicy: Always
    resources: {}
    version: latest
  4. Install the helm chart using the following command:
    helm install -f values.yaml <new-chart> f5-stable/f5-bigip-ctlr

The CIS controller monitors all the pods in the namespaces. It configures the F5 using a REST API call to the management interface of the F5. You can view the FDB entries on the F5:

admin@(big-ip-01)(/Common)(tmos)# show net fdb tunnel openshift_vxlan



Tunnel           Mac Address        Member                  Dynamic


openshift_vxlan  0a:0a:0a:b6:00:07  endpoint:   no

openshift_vxlan  0a:0a:0a:b6:00:08  endpoint:   no

openshift_vxlan  0a:0a:0a:b6:00:09  endpoint:   no

openshift_vxlan  0a:0a:0a:b6:01:0b  endpoint:  no

openshift_vxlan  0a:0a:0a:b6:01:0d  endpoint:  no

openshift_vxlan  0a:0a:0a:b6:01:05  endpoint:   no

openshift_vxlan  0a:0a:0a:b6:01:06  endpoint:   no

openshift_vxlan  0a:0a:0a:b6:01:07  endpoint:   no

openshift_vxlan  0a:0a:0a:b6:01:08  endpoint:   no

openshift_vxlan  0a:0a:0a:b6:01:09  endpoint:   no
Comments or questions about this documentation? Contact us for support!