F5 Container Integrations v1.1

Current Page

Application Services Proxy

Cloud Foundry


Mesos Marathon





Cloud Docs Home > F5 Container Integrations Index

F5 OpenShift Origin Container Integration


Red Hat’s OpenShift Origin is a containerized application platform with a native Kubernetes integration. The BIG-IP Controller for Kubernetes enables use of a BIG-IP device as an edge load balancer, proxying traffic from outside networks to pods inside an OpenShift cluster. OpenShift Origin uses a pod network defined by the OpenShift SDN.

The F5 Integration for Kubernetes overview describes how the BIG-IP Controller works with Kubernetes. Because OpenShift has a native Kubernetes integration, the BIG-IP Controller works essentially the same in both environments. It does have a few OpenShift-specific prerequisites, noted below.

OpenShift Prerequisites

The prerequisites below are in addition to the F5 Integration for Kubernetes’ general prerequisites.

  1. You’ll need to use the OpenShift Origin CLI, oc.
  2. To integrate your BIG-IP device into an OpenShift cluster, you’ll need to assign an OpenShift overlay address to the BIG-IP device.
  3. The BIG-IP Controller for Kubernetes needs an OpenShift service account with permission to access the following:
    • nodes,
    • endpoints,
    • services,
    • configmaps,
    • ingresses,
    • ingresses/status, and
    • events.

Once you’ve added the BIG-IP device to the OpenShift overlay network, it will have access to all pods in the cluster. You can then use the BIG-IP Controller the same as you would in Kubernetes.

OpenShift Origin Node Health

In OpenShift clusters, the Kubernetes NodeList records status for all nodes registered with the master.

When the BIG-IP Controller for Kubernetes runs with pool-member-type set to cluster – which integrates the BIG-IP device into the OpenShift cluster network – it watches the NodeList in OpenShift’s underlying Kubernetes API server. The BIG-IP Controller creates/updates FDB (Forwarding DataBase) entries for the configured VXLAN tunnel according to the NodeList. This ensures the BIG-IP Controller only makes VXLAN requests to reported nodes.

As a function of the BIG-IP VXLAN, the BIG-IP device only communicates with healthy cluster nodes. The BIG-IP device does not attempt to route traffic to an unresponsive node, even if the node remains in the NodeList.