6. F5 BNK Ingress Configuration

BIG-IP Next for Kubernetes is also a controller for Kubernetes Gateway API. In the following example we will deploy a simple Nginx service in the red tenant namespace and advertise it's service to the infrastructure.

The following diagram represents the service ingress path.

bnk_inss_vxlan

Apply the nginx-deployment.yaml file to deploy Nginx service in the red namespace.

Show content of nginx-deployment.yaml
YAML
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: red
  labels:
    app: nginx-tcp
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-tcp
  template:
    metadata:
      labels:
        app: nginx-tcp
    spec:
      containers:
      - name: nginx-tcp
        image: nginx:latest
        ports:
        - containerPort: 80
        imagePullPolicy: IfNotPresent
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-app-svc
  namespace: red
spec:
  ports:
  - port: 80
    targetPort: 80
  selector:
    app: nginx-tcp

Then expose the service to network by using Kubernetes Gateway API resources.

Apply the nginx-gw-api.yaml file to expose the Nginx service on virtual server IP 192.168.10.100 port 80 as the diagram suggested.

Show content of nginx-gw-api.yaml
YAML
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
  name: f5-gateway-class
  namespace: red
spec:
  controllerName: "f5.com/f5-gateway-controller"
  description: "F5 BIG-IP Kubernetes Gateway"
---
apiVersion: gateway.k8s.f5net.com/v1
kind: Gateway
metadata:
  name: my-l4route-tcp-gateway
  namespace: red
spec:
  addresses:
  - type: "IPAddress"
    value: 192.168.10.100
  gatewayClassName: f5-gateway-class
  listeners:
  - name: nginx
    protocol: TCP
    port: 80
    allowedRoutes:
      kinds:
      - kind: L4Route
---
apiVersion: gateway.k8s.f5net.com/v1
kind: L4Route
metadata:
  name: l4-tcp-app
  namespace: red
spec:
  protocol: TCP
  parentRefs:
  - name: my-l4route-tcp-gateway
    sectionName: nginx
  rules:
  - backendRefs:
    - name: nginx-app-svc
      namespace: red
      port: 80

Note

For simplicity an IP address from the same subnet as the test server/client was used but this can be any IP address as long as the server/client is properly routed through one of the TMM's VLAN addresses.

Note

In this configuration, the TMM will use SNAT-AUTOMAP feature which means it will SNAT external client IP addresses when communicating with backend endpoints with TMM's own IP address not an address from snatpool.