f5devcentral · vtog · Apr 23, 2019 · Apr 15, 2019 · Apr 16, 2019 · Apr 16, 2019
diff --git a/docs/class5/appendix1/appendix1.rst b/docs/class5/appendix1/appendix1.rst
@@ -1,2 +1,61 @@
-Appendix 1: Place Holder
-======================================
+Appendix 1: BIG-IP / OpenShift Multi-Pod Deployment
+===================================================
+
+In this appendix we will configuring an HA pair of BIG-IP's to work with two
+OpenShift pods. These pods will use the same internal IP space (10.128.0.0/14).
+To handle this use case BIG-IP will utilize route-domains.
+
+.. attention:: This use case and following lab config is not part of the
+   current Ravello Agility blueprint.
+
+The following is an overview of our lab setup configuration:
+
+.. list-table::
+   :header-rows: 1
+
+   * - **Hostname**
+     - **IP-ADDR**
+     - **Credentials**
+   * - jumpbox (Windows)
+     - 10.1.1.18
+     - Administrator/ncq3Ck6sf
+   * - bigip1
+     - 10.1.1.4
+
+       10.1.10.4
+
+     - admin/admin
+
+       root/default
+   * - bigip2
+     - 10.1.1.5
+
+       10.1.10.5
+
+     - admin/admin
+
+       root/default
+   * - ose-master1
+     - 10.1.10.7
+     - centos/centos
+   * - ose-node1
+     - 10.1.10.8
+     - centos/centos
+   * - ose-node2
+     - 10.1.10.9
+     - centos/centos
+   * - ose-master2
+     - 10.1.10.10
+     - centos/centos
+   * - ose-node3
+     - 10.1.10.11
+     - centos/centos
+   * - ose-node4
+     - 10.1.10.12
+     - centos/centos
+
+.. toctree::
+   :maxdepth: 1
+   :glob:
+
+   lab*
diff --git a/docs/class5/appendix1/lab1.rst b/docs/class5/appendix1/lab1.rst
@@ -0,0 +1,80 @@
+Lab 1.1 - BIG-IP 1 & 2 Configuration
+====================================
+
+The purpose of this lab is not to cover BIG-IP High Availability (HA) in depth
+but focus on OpenShift configuration with BIG-IP. Some prior BIG-IP HA
+knowledge is required. Below is the initial configuration used on
+each BIG-IP:
+
+HA Config
+---------
+
+**bigip1**
+
+.. code-block:: bash
+
+   tmsh create net self external-self address 10.1.10.4/24 vlan external allow-service default
+   tmsh create net self internal-self address 10.1.20.4/24 vlan internal allow-service default
+   tmsh modify cm device bigip1 configsync-ip 10.1.20.4
+   tmsh modify cm device bigip1 unicast-address {{ip 10.1.20.4} {ip management-ip}}
+   tmsh modify cm device bigip1 mirror-ip 10.1.20.4
+   tmsh modify cm trust-domain Root add-device { device-ip 10.1.1.5 device-name bigip2 username admin password admin ca-device true }
+   tmsh create cm device-group device-group-common devices add { bigip1 bigip2 } type sync-failover auto-sync disabled
+   tmsh run cm config-sync to-group device-group-common
+   tmsh save sys config
+
+**bigip2**
+
+.. code-block:: bash
+
+   tmsh create net self external-selfip address 10.1.10.5/24 vlan external allow-service default
+   tmsh create net self internal-selfip address 10.1.20.5/24 vlan internal allow-service default
+   tmsh modify cm device bigip2 configsync-ip 10.1.20.5
+   tmsh modify cm device bigip2 unicast-address {{ip 10.1.20.5} {ip management-ip}}
+   tmsh modify cm device bigip2 mirror-ip 10.1.20.5
+   tmsh save sys config
+
+.. attention:: If **bigip2** is the "Active" device be sure to force bigip2 to
+   "Standby". We want **bigip1** to be "Active".
+
+.. important:: Before adding the BIG-IP devices to OpenShift make sure your
+   High Availability (HA) device trust group, license, selfIP, vlans are
+   configured correctly.
+
+VXLAN Config
+------------
+
+.. important:: Create all objects using the /Common partition unless otherwise
+   directed.
+
+**bigip1**
+
+.. code-block:: bash
+
+   tmsh create net self okd-float-10 address 10.1.10.60/24 vlan external traffic-group traffic-group-1 allow-service default
+   tmsh create net self okd-float-20 address 10.1.10.61/24 vlan external traffic-group traffic-group-1 allow-service default
+   tmsh create net tunnels vxlan okd-vxlan flooding-type multipoint
+   tmsh run cm config-sync to-group device-group-common
+   tmsh create net tunnels tunnel okd-tunnel-10 key 0 profile okd-vxlan local-address 10.1.10.60 secondary-address 10.1.10.4 traffic-group traffic-group-1
+   tmsh create net tunnels tunnel okd-tunnel-20 key 1 profile okd-vxlan local-address 10.1.10.61 secondary-address 10.1.10.4 traffic-group traffic-group-1
+   tmsh create net route-domain okd10 id 10 vlans replace-all-with { okd-tunnel-10 }
+   tmsh create net route-domain okd20 id 20 vlans replace-all-with { okd-tunnel-20 }
+   tmsh create auth partition okd10 default-route-domain 10
+   tmsh create auth partition okd20 default-route-domain 20
+   tmsh create net self okd-vxlan-selfip-10 address 10.131.0.1%10/14 vlan okd-tunnel-10 allow-service all
+   tmsh create net self okd-vxlan-selfip-20 address 10.131.0.1%20/14 vlan okd-tunnel-20 allow-service all
+   tmsh create net self okd-vxlan-float-10 address 10.131.4.1%10/14 vlan okd-tunnel-10 traffic-group traffic-group-1 allow-service all
+   tmsh create net self okd-vxlan-float-20 address 10.131.4.1%20/14 vlan okd-tunnel-20 traffic-group traffic-group-1 allow-service all
+   #Create the objects on "bigip2" below before syncing device group
+   tmsh run cm config-sync to-group device-group-common
+
+**bigip2**
+
+.. code-block:: bash
+
+   tmsh create net tunnels tunnel okd-tunnel-10 key 0 profile okd-vxlan local-address 10.1.10.60 secondary-address 10.1.10.5 traffic-group traffic-group-1
+   tmsh create net tunnels tunnel okd-tunnel-20 key 1 profile okd-vxlan local-address 10.1.10.61 secondary-address 10.1.10.5 traffic-group traffic-group-1
+   tmsh create net route-domain okd10 id 10 vlans replace-all-with { okd-tunnel-10 }
+   tmsh create net route-domain okd20 id 20 vlans replace-all-with { okd-tunnel-20 }
+   tmsh create net self okd-vxlan-selfip-10 address 10.131.2.1%10/14 vlan okd-tunnel-10 allow-service all
+   tmsh create net self okd-vxlan-selfip-20 address 10.131.2.1%20/14 vlan okd-tunnel-20 allow-service all
diff --git a/docs/class5/appendix1/lab2.rst b/docs/class5/appendix1/lab2.rst
@@ -0,0 +1,63 @@
+Lab 1.2 - OpenShift POD 1 & 2 Configuration
+===========================================
+
+VXLAN Config
+----------------------------
+
+#. Create new OpenShift HostSubnet's for bigip 1 & 2 on **POD1**.
+
+   hs-bigip1-10.yaml
+
+   .. literalinclude:: ../../../openshift/advanced/appendix1/hs-bigip1-10.yaml
+      :language: yaml
+      :emphasize-lines: 4,8,9
+
+   hs-bigip2-10.yaml
+
+   .. literalinclude:: ../../../openshift/advanced/appendix1/hs-bigip2-10.yaml
+      :language: yaml
+      :emphasize-lines: 4,8,9
+
+   hs-bigip-float-10.yaml
+
+   .. literalinclude:: ../../../openshift/advanced/appendix1/hs-bigip-float-10.yaml
+      :language: yaml
+      :emphasize-lines: 4,8,9
+
+   Create the HostSubnet files to the OpenShift API server. Run the following
+   commands from **master1**
+
+   .. code-block:: bash
+
+      oc create -f hs-bigip1-10.yaml
+      oc create -f hs-bigip2-10.yaml
+      oc create -f hs-bigip-float-10.yaml
+
+#. Create new OpenShift HostSubnet's for bigip 1 & 2 on **POD2**.
+
+   hs-bigip1-20.yaml
+
+   .. literalinclude:: ../../../openshift/advanced/appendix1/hs-bigip1-20.yaml
+      :language: yaml
+      :emphasize-lines: 4,8,9
+
+   hs-bigip2-20.yaml
+
+   .. literalinclude:: ../../../openshift/advanced/appendix1/hs-bigip2-20.yaml
+      :language: yaml
+      :emphasize-lines: 4,8,9
+
+   hs-bigip-float-20.yaml
+
+   .. literalinclude:: ../../../openshift/advanced/appendix1/hs-bigip-float-20.yaml
+      :language: yaml
+      :emphasize-lines: 4,8,9
+
+   Create the HostSubnet files to the OpenShift API server. Run the following
+   commands from **master2**
+
+   .. code-block:: bash
+
+      oc create -f hs-bigip1-20.yaml
+      oc create -f hs-bigip2-20.yaml
+      oc create -f hs-bigip-float-20.yaml
diff --git a/docs/class5/appendix1/lab3.rst b/docs/class5/appendix1/lab3.rst
@@ -0,0 +1,81 @@
+Lab 1.3 - F5 Container Connector Setup
+======================================
+
+Take the steps below to deploy a contoller for each BIG-IP device in the
+cluster.
+
+Set up RBAC
+-----------
+
+The F5 BIG-IP Controller requires permission to monitor the status of the
+OpenSfhift cluster. The following will create a bigip login secret, Service
+Account, and Cluster Role. Run the following commands on both **master1** and
+**master2**:
+
+.. code-block:: bash
+
+   oc create secret generic bigip-login -n kube-system --from-literal=username=admin --from-literal=password=admin
+   oc create serviceaccount bigip-ctlr -n kube-system
+   oc create clusterrolebinding bigip-ctlr-clusteradmin --clusterrole=cluster-admin --serviceaccount=kube-system:bigip-ctlr
+
+
+Create & Verify CC Deployment
+-----------------------------
+
+#. Create an OpenShift Deployment for **POD1** (one per BIG-IP device). You
+   need to deploy a controller for both bigip1 and bigip2.
+
+   cc-bigip1-10.yaml
+
+   .. literalinclude:: ../../../openshift/advanced/appendix1/cc-bigip1-10.yaml
+      :language: yaml
+      :linenos:
+      :emphasize-lines: 2,4,17,34,35,38
+
+   cc-bigip2-10.yaml
+
+   .. literalinclude:: ../../../openshift/advanced/appendix1/cc-bigip2-10.yaml
+      :language: yaml
+      :linenos:
+      :emphasize-lines: 2,4,17,34,35,38
+
+   .. code-block:: bash
+
+      oc create -f cc-bigip1-10.yaml
+      oc create -f cc-bigip2-10.yaml
+
+#. Verify the deployment and pods that are created
+
+   .. code-block:: bash
+
+      oc get deployment -n kube-system
+      oc get pods -n kube-system
+
+#. Create an OpenShift Deployment for **POD2** (one per BIG-IP device). You
+   need to deploy a controller for both bigip1 and bigip2.
+
+   cc-bigip1-20.yaml
+
+   .. literalinclude:: ../../../openshift/advanced/appendix1/cc-bigip1-20.yaml
+      :language: yaml
+      :linenos:
+      :emphasize-lines: 2,4,17,34,35,38
+
+   cc-bigip2-20.yaml
+
+   .. literalinclude:: ../../../openshift/advanced/appendix1/cc-bigip2-20.yaml
+      :language: yaml
+      :linenos:
+      :emphasize-lines: 2,4,17,34,35,38
+
+   .. code-block:: bash
+
+      oc create -f cc-bigip1-20.yaml
+      oc create -f cc-bigip2-20.yaml
+
+#. Verify the deployment and pods that are created
+
+   .. code-block:: bash
+
+      oc get deployment -n kube-system
+      oc get pods -n kube-system
diff --git a/docs/class5/appendix1/lab4.rst b/docs/class5/appendix1/lab4.rst
@@ -0,0 +1,71 @@
+Lab 1.4 - F5 Container Connector Usage
+======================================
+
+Now that our container connector is up and running, let's deploy an application
+to test both route domans / partitions.
+
+For this lab we'll use a simple pre-configured docker image called
+"f5-hello-world". It can be found on docker hub at
+`f5devcentral/f5-hello-world <https://hub.docker.com/r/f5devcentral/f5-hello-world/>`_
+
+To deploy "f5-hello-world" on **ose-master1** and **ose-master2** create the
+following files:
+
+#. Create a file called ``f5-hello-world-deployment.yaml``
+
+   .. literalinclude:: ../../../openshift/advanced/appendix1/f5-hello-world-deployment.yaml
+      :language: yaml
+      :linenos:
+      :emphasize-lines: 2,6,14
+
+#. Create a file called ``f5-hello-world-service.yaml``
+
+   .. literalinclude:: ../../../openshift/advanced/appendix1/f5-hello-world-service.yaml
+      :language: yaml
+      :linenos:
+      :emphasize-lines: 2,12
+
+Now we need to creat the f5 configmap of the application for each partition.
+
+#. Create a file called ``f5-hello-world-configmap-10.yaml`` on **ose-master1**
+
+   .. literalinclude:: ../../../openshift/advanced/appendix1/f5-hello-world-configmap-10.yaml
+      :language: yaml
+      :linenos:
+      :emphasize-lines: 2,5,7,9,16,18
+
+#. Create a file called ``f5-hello-world-configmap-20.yaml`` on **ose-master2**
+
+   .. literalinclude:: ../../../openshift/advanced/appendix1/f5-hello-world-configmap-20.yaml
+      :language: yaml
+      :linenos:
+      :emphasize-lines: 2,5,7,9,16,18
+
+#. We can now launch our application:
+
+   **ose-master1**
+
+   .. code-block:: bash
+
+      oc create -f f5-hello-world-deployment.yaml
+      oc create -f f5-hello-world-service.yaml
+      oc create -f f5-hello-world-configmap-10.yaml
+
+   **ose-master2**
+
+   .. code-block:: bash
+
+      oc create -f f5-hello-world-deployment.yaml
+      oc create -f f5-hello-world-service.yaml
+      oc create -f f5-hello-world-configmap-20.yaml
+
+#. To check the status of our deployment, you can run the following commands:
+
+   .. code-block:: bash
+
+      oc get pods -o wide
+      oc describe svc f5-hello-world
+
+#. To test the app you need to pay attention to connect to the jumphost, open
+   browser and got http://10.1.10.80 and http://10.1.10.81
+