Installing Tectonic on bare metal or VMWare requires a master DNS record that resolves to any master node(s) in the cluster, and a worker DNS record which resolves to any worker nodes for Ingress. Evaluation clusters may be set up using a DNS entry that points to each node, but production clusters require the use of a load balancer.
When installing on cloud providers such as AWS, Tectonic automatically creates a load balancer (such as an ELB on AWS). When installing Tectonic on bare metal or VMWare, you must provide your own load balancer.
This document describes setting up F5 BIG-IP LTM for use as a load balancer with Tectonic.
- F5 BIG-IP LTM 10.x or higher
- In the same datacenter as the Tectonic cluster
- Tectonic installer
- VMware or bare metal environment
- Pre-allocated IP addresses for cluster and pre-created DNS records
Tectonic installation requires static allocation of IP Addresses for bare metal or VMWare. Create these required DNS records before launching Tectonic Installer.
The following table lists an example Tectonic node, Kubernetes API node, and two master and two worker nodes.
Record | Type | Value |
---|---|---|
tectonic.example.net | A | 192.168.1.91 |
api.example.net | A | 192.168.1.92 |
master-01.example.net | A | 192.168.1.110 |
master-02.example.net | A | 192.168.1.111 |
worker-01.example.net | A | 192.168.1.112 |
worker-02.example.net | A | 192.168.1.113 |
In this example the virtual IP for console traffic will be 192.168.1.91, DNS resolvable at tectonic.example.net and the virtual IP for API traffic will be 192.168.92, DNS resolvable at api.example.net
First, use the F5 web console to create two LTM pools for directing traffic to Tectonic console and API server.
Create an F5 LTM Pool for the API Server:
- Log in to F5 BIG-IP LTM web console as an admin user.
- From the Main tab, select Local Traffic > Pools, and click Create.
- Enter Name: tectonic_api_443.
- Under New Members add the IP address of all MASTER nodes (for example:
192.168.1.110
and192.168.1.111
) and set Service Port to 443 / HTTPS. - Click Finish (leaving the rest of the settings at their default).
Create an F5 LTM Pool for Tectonic console:
- From Local Traffic > Pools, click Create.
- Enter Name: tectonic_console_443.
- Under New Members add the IP address of all WORKER nodes (for example:
192.168.1.112
and192.168.1.113
) and set Service Port to 443 / HTTPS. Note for VMware users: the tectonic ingress service usesnodePort
, nothostPort
so set the Service Port to 32000 instead of 443. - Click Finish (leaving the rest of the settings at their default).
Next, create two Virtual Servers which use the Pools just created.
Create an F5 LTM Virtual Service for the API Server:
- From the Main tab, select Local Traffic > Virtual Servers, and click Create.
- Under General Properties, enter Name: VS-Tectonic-API.
- From Destination select Type: Host and enter an address that matches the DNS entry for the API (for example:
api.example.net / 192.168.1.92
). - Select State: Enabled.
- From Configuration, select Type: Performance (Layer 4), Protocol: TCP, and SNAT Pool: Auto Map.
- Under Resources, select Default Pool: select tectonic_api_443.
- Click Finish (leaving the rest of the settings at their default).
Create an F5 LTM Virtual Service for Tectonic Console:
- Click Create.
- Under General Properties, enter Name: VS-Tectonic-Console.
- From Destination select Type: Host and enter an address that matches the DNS entry for Tectonic (for example:
tectonic.example.net / 192.168.1.91
). - Select State: Enabled.
- From Configuration, select Type: Performance (Layer 4), Protocol: TCP, and SNAT Pool: Auto Map.
- Under Resources, select Default Pool: select tectonic_console_443.
- Click Finish (leaving the rest of the settings at their default).
You may also create the virtual service and pools using the command line, rather than the BIG-IP web console. SSH into the F5 LTM as administrator and run the following commands:
tmsh create ltm pool tectonic_api_443 members add { 192.168.1.110:https { } 192.168.1.111:https { } }
tmsh create ltm virtual VS-Tectonic-API snat automap pool tectonic_api_443 destination 192.168.1.92:https ip-protocol tcp profiles add { fastL4 }
tmsh create ltm pool tectonic_console_443 members add { 192.168.1.112:https { } 192.168.1.113:https { } }
tmsh create ltm virtual VS-Tectonic-Console snat automap pool tectonic_console_443 destination 192.168.1.91:https ip-protocol tcp profiles add { fastL4 }
tmsh save /sys config
Note: The IP addresses used in the CLI example correspond to the IP allocation example above.
Once configured, install Tectonic using the Master DNS and Tectonic DNS defined here to direct traffic through the F5 load balancer.