Cloud Docs Home > F5 Container Integrations Index

F5 OpenShift Origin Container Integration


Red Hat’s OpenShift Origin is a containerized application platform with a native Kubernetes integration. The F5 Kubernetes BIG-IP Controller enables use of a BIG-IP device as an edge load balancer, proxying traffic from outside networks to pods inside an OpenShift cluster. OpenShift Origin uses a pod network defined by the OpenShift SDN.

The F5 Kubernetes Integration doc provides an overview of how the F5 Kubernetes BIG-IP Controller works with Kubernetes. Because OpenShift has a native Kubernetes integration, the F5 Kubernetes BIG-IP Controller works the same in both environments. The F5 Kubernetes BIG-IP Controller does have a few OpenShift-specific prerequisites, noted below.

OpenShift Prerequisites

The prerequisites below are in addition to the F5 Kubernetes Integration’s general prerequisites.

  1. The F5 Kubernetes BIG-IP Controller needs an OpenShift user account with permission to access nodes, endpoints, services, and configmaps. Add the verbs and resources shown below to your Authorization Policy:
    1. [get list watch] [nodes endpoints services namespaces]
    2. [get list update watch] [configmaps]
  2. You’ll need to use the OpenShift Origin CLI, in addition to kubectl, to execute OpenShift-specific commands.
  3. To integrate your BIG-IP device into an OpenShift cluster, you’ll need to assign an OpenShift overlay address to the BIG-IP device.

Once you’ve added the BIG-IP device to the OpenShift overlay network, it will have access to all pods in the cluster. You can then use the k8s-bigip-ctlr the same as you would in Kubernetes.

OpenShift Origin Node Health

In OpenShift clusters, the Kubernetes NodeList records status for all nodes registered with the master.

When the F5 Kubernetes BIG-IP Controller runs with pool-member-type set to cluster – which integrates the BIG-IP device into the OpenShift cluster network – it watches the NodeList in OpenShift’s underlying Kubernetes API server. The F5 Kubernetes BIG-IP Controller creates/updates FDB (Forwarding DataBase) entries according to the NodeList. This ensures the k8s-bigip-ctlr only makes VXLAN requests to reported nodes.

As a function of the BIG-IP VXLAN, the BIG-IP device only communicates with healthy cluster nodes. The BIG-IP device does not attempt to route traffic to an unresponsive node, even if the node remains in the NodeList.