一、灰度发布
准备工作(详细见上篇:Openshift-F5集成(南北流量走F5))
Openshift
F5
F5
F5
F5
F5
Openshift
Openshift
说明:以上操作具体步骤参考
上篇
手动创建VS(HTTP、HTTPS)
F5
Local Traffic -> Virtual Servers
选中指定的Partition
,新建VSName
:VS名字Destination Address/Mask
:VS的IP地址Service Port
:HTTPHTTP Profile
:httpSource Address Translation
:Auto MapName
:VS名字Destination Address/Mask
:VS的IP地址Service Port
:HTTPSHTTP Profile
:httpSSL Profile (Client)
:/Common/clientsslSource Address Translation
:Auto Map设置VS中的cccl-whitelist为1
F5
目的:修改cccl-whitelist的值为1,是为了防止当openshift创建控制器时,route模式下将VS原本的配置覆盖掉
tmsh
cd /f5-openShift (openshift所在的partition)
modify ltm virtual testroute metadata add { cccl-whitelist { value 1 } }
modify ltm virtual testroute_https metadata add { cccl-whitelist { value 1 } }
创建F5控制器
Openshift
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: f5-bigip-ctlr-01
spec:
replicas: 1
template:
metadata:
name: k8s-bigip-ctlr
labels:
app: k8s-bigip-ctlr
spec: # Name of the Service Account bound to a Cluster Role with the required
# permissions
serviceAccountName: bigip-ctlr
containers:
- name: k8s-bigip-ctlr # replace the version as needed
image: "f5networks/k8s-bigip-ctlr:1.5.1"
env:
- name: BIGIP_USERNAME
valueFrom:
secretKeyRef: # Replace with the name of the Secret containing your login
# credentials
name: bigip-login
key: username
- name: BIGIP_PASSWORD
valueFrom:
secretKeyRef: # Replace with the name of the Secret containing your login
# credentials
name: bigip-login
key: password command: ["/app/bin/k8s-bigip-ctlr"]
args: [ # See the k8s-bigip-ctlr documentation for information about
# all config options
# http://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest
"--bigip-username=$(BIGIP_USERNAME)", "--bigip-password=$(BIGIP_PASSWORD)", "--bigip-url=192.168.200.82", "--bigip-partition=OpenShift", "--pool-member-type=cluster", "--openshift-sdn-name=/Common/openshift_vxlan", '--manage-routes=true'
'--route-http-vserver=testroute'
'--route-https-vserver=testroute_https'
]
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: f5-bigip-ctlr-02
spec:
replicas: 1
template:
metadata:
name: k8s-bigip-ctlr
labels:
app: k8s-bigip-ctlr
spec: # Name of the Service Account bound to a Cluster Role with the required
# permissions
serviceAccountName: bigip-ctlr
containers:
- name: k8s-bigip-ctlr # replace the version as needed
image: "f5networks/k8s-bigip-ctlr:1.5.1"
env:
- name: BIGIP_USERNAME
valueFrom:
secretKeyRef: # Replace with the name of the Secret containing your login
# credentials
name: bigip-login
key: username
- name: BIGIP_PASSWORD
valueFrom:
secretKeyRef: # Replace with the name of the Secret containing your login
# credentials
name: bigip-login
key: password command: ["/app/bin/k8s-bigip-ctlr"]
args: [ # See the k8s-bigip-ctlr documentation for information about
# all config options
# http://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest
"--bigip-username=$(BIGIP_USERNAME)", "--bigip-password=$(BIGIP_PASSWORD)", "--bigip-url=192.168.200.83", "--bigip-partition=OpenShift", "--pool-member-type=cluster", "--openshift-sdn-name=/Common/openshift_vxlan", '--manage-routes=true'
'--route-http-vserver=testroute'
'--route-https-vserver=testroute_https'
]
给vs手动绑定Policies
F5
绑定Policies与iRule
创建应用(Project名为testapp,Service名为f5-nginx-v1与f5-nginx-v2)
oc new-project testapp
oc new-app harbor.example.com/public/nginx:1.14 --name=f5-nginx-v1 --allow-missing-images
oc expose dc/f5-test-v1 --port=8080oc expose svc/f5-test-v1 test1.apps.openshift.com
oc new-app harbor.example.com/public/nginx:1.14 --name=f5-nginx-v2 --allow-missing-images
oc expose dc/f5-test-v2 --port=8080
创建iRule,并绑定到VS
F5
说明:请求域名test1.apps.openshift.com
时,如果客户端IP为192.168.100.23,则访问testapp项目下的f5-nginx-v2服务,否则访问testapp项目下的f5-nginx-v1服务
注意:iRule规则需要在Common的Partition下创建
when HTTP_REQUEST { if { [HTTP::host] equals "test1.apps.openshift.com" }{ log local0.info [HTTP::host] if {[IP::addr [IP::client_addr] equals 192.168.100.23/32 ]} { log local0.info "enter 2 pool before"
log local0.info [HTTP::host]
pool /f5-openShift/openshift_testapp_f5-nginx-v2 log local0.info "enter 2 pool later"
} else { log local0.info "enter 3"
pool /f5-openShift/openshift_testapp_f5-nginx-v1
}
}
}
测试访问服务
本地(192.168.100.23)与另一台非192.168.100.23的机器上绑定hosts
VS的IP地址 test1.apps.openshift.com
再访问test1.apps.openshift.com,查看页面显示,访问不同的Service。