F5 Container Integrations v1.2

Current Page

Application Services Proxy

Cloud Foundry

Kubernetes

Mesos Marathon

OpenShift

Support

Troubleshooting

Tutorials

Cloud Docs Home > F5 Container Integrations Index

Replace the OpenShift F5 Router with the BIG-IP Controller

Take the steps below to replace the OpenShift F5 Router with the BIG-IP Controller for Kubernetes in OpenShift deployments.

Step Task
Remove the existing OpenShift F5 Router.
Install the BIG-IP Controller in OpenShift.
Configure the BIG-IP Controller to use OpenShift routes.
Create OpenShift routes.
Verify route creation on the BIG-IP system.

Remove the OpenShift F5 Router

Use the OpenShift CLI to remove the pod(s) associated with the F5 Router.

Note

The BIG-IP Controller will remove/replace any objects on the BIG-IP system when it launches, if you set it to manage the same BIG-IP partition. If you want to manage a different partition with the BIG-IP Controller, you should delete the objects from the F5 Router’s partition manually.

$ oc delete pod <pod>

Install the BIG-IP Controller

  1. Complete the initial setup.

  2. Set up RBAC Authentication.

  3. Create a Deployment for the BIG-IP Controller.

    Define the parameters highlighted below in your Deployment to set up route handling.

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: k8s-bigip-ctlr
      namespace: kube-system
    spec:
      replicas: 1
      template:
        metadata:
          name: k8s-bigip-ctlr
          labels:
            app: k8s-bigip-ctlr
        spec:
          # Name of the Service Account bound to a Cluster Role with the required
          # permissions
          serviceAccountName: bigip-ctlr
          containers:
            - name: k8s-bigip-ctlr
              image: "f5networks/k8s-bigip-ctlr:1.2.0"
              env:
                - name: BIGIP_USERNAME
                  valueFrom:
                    secretKeyRef:
                      name: bigip-login
                      key: username
                - name: BIGIP_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: bigip-login
                      key: password
              command: ["/app/bin/k8s-bigip-ctlr"]
              args: [
                "--bigip-username=$(BIGIP_USERNAME)",
                "--bigip-password=$(BIGIP_PASSWORD)",
                "--bigip-url=10.190.24.171",
                "--bigip-partition=openshift",
                "--pool-member-type=cluster",
                # Path to the BIG-IP VXLAN connected to the OpenShift HostSubnet
                "--openshift-sdn-name=/Common/openshift_vxlan",
                "--manage-routes=true",
                # Assign an IP address from the HostSubnet to the BIG-IP virtual server
                "--route-vserver-addr=1.2.3.4"
                # Provide the "f5type" label you want the BIG-IP Controller to watch for
                # This information would be defined in a Route as, for example, "f5type: App1"
                "--route-label=App1"
                ]
          imagePullSecrets:
            - name: f5-docker-images
    
  4. Upload the Deployment to the OpenShift API server.

Create OpenShift Routes

Important

When you upload the Deployment to your OpenShift API server, the BIG-IP Controller automatically detects existing OpenShift Routes and creates corresponding routes on the BIG-IP system.

If you used the same BIG-IP partition for the F5 Router, the BIG-IP Controller will replace any remaining F5 Router artifacts with new objects.

OpenShift supports 4 (4) types of routes: edge, passthrough, re-encrypt, and unsecure. The BIG-IP Controller supports all four types.

You can download sample Route definitions for each type below. See Supported Route Configurations for more information.

sample-unsecured-route.yaml

sample-edge-route.yaml

sample-passthrough-route.yaml

sample-reencrypt-route.yaml