Follow the instructions provided here to run the BIG-IP Controller for Cloud Foundry in
broker_mode, the BIG-IP Controller acts as a Service Broker to let you deploy per-Route BIG-IP virtual servers.
Apply BIG-IP policies and profiles (OPTIONAL)
Add BIG-IP Health Monitors (OPTIONAL)
|Push the BIG-IP Controller app to Cloud Foundry|
|Register the BIG-IP Controller as a Service Broker|
|Bind the f5servicebroker Service to a Route|
|Edit or Remove BIG-IP Objects for Cloud Foundry Routes|
Define the desired BIG-IP virtual server settings as a Service Plan in the BIG-IP Controller Application Manifest. You can add the Service Plan section to the Application Manifest for an existing BIG-IP Controller instance, or when deploying the Controller for the first time.
You can use as many Service Plans as you need to define the BIG-IP services your Apps require. When you Register the BIG-IP Controller as a Service Broker, the
f5servicebroker Service discovers Service Plan(s) associated with the BIG-IP Controller automatically.
Cloud Foundry supports one Route Service Binding per Route. While you can define multiple Service Plans in a single BIG-IP Controller Application Manifest, you cannot apply multiple plans to the same Application.
Deploy or update the BIG-IP Controller Application with the following settings:
tier2_ip_rangein CIDR format.
SERVICE_BROKER_CONFIGsection. Use the cf-bigip-ctlr Service Broker config parameters to define the desired virtual server settings.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90
applications: - name: cf-bigip-ctlr health-check-type: http health-check-http-endpoint: /health env: # Provide the desired BIG-IP configurations including partition, load # balancing algorithm, and Self IP address to assign to the virtual server # THE SETTINGS IN THIS SECTION ARE GLOBAL # Set "broker_mode" to "true" to run the BIG-IP Controller as a # Service Broker BIGIP_CTLR_CFG: | bigip: url: https://bigip.example.com user: myBigipUsername pass: myBigipPassword partition: - cf balance: least-connections-node verify_interval: 30 external_addr: 10.100.100.101 # Required if running the Controller in broker mode tier2_ip_range: 255.255.255.0 ssl_profiles: - /Common/my-ssl-policy policies: - /Common/example-ltm-policy profiles: - /Common/example-profile health_monitors: - /Common/tcp_half_open # Required to run the BIG-IP Controller as a Service # Broker (introduced in v1.1.0) broker_mode: true logging: level: info route_mode: all # Required for HTTP routing nats: - host: 192.168.10.1 port: 4222 user: myNatsUser pass: myNatsPassword # Required for TCP routing oauth: token_endpoint: uaa.system.cf.local client_name: uaa-client client_secret: uaa-secret port: 443 skip_ssl_validation: true ca-certs: routing_api: uri: http://api.system.cf.local port: 80 auth_disabled: false # User account for authentication to the Service Broker API status: user: user pass: pass # Include the section below to use the cf-bigip-ctlr as a Service Broker # THE SETTINGS IN THIS SECTION ARE ROUTE-SPECIFIC SERVICE_BROKER_CONFIG: | plans: - description: plan for sb test example, name: sbtest, virtualServer: - policies: - /Common/PreventSpoofOfXFF - profiles: - /Common/x-forwarded-for - sslProfiles: - /Common/server-ssl pool: balance: ratio-member healthMonitors: # Use a health monitor that already exists in the cf partition on the BIG-IP device - name: /cf/my-healthMonitor # Create a new health monitor - name: hm-test type: http interval: 12 timeout: 5 send: hello
To add a Service Plan for a Controller that’s already registered as a Service Broker:
Include any of the following BIG-IP objects in the Service Plan to attach them to the Route’s virtual server:
The BIG-IP Controller cannot create or manage policies or profiles on the BIG-IP system. All of the BIG-IP objects that you want to apply to the virtual server – With the exception of health monitors – must already exist on the BIG-IP device.
You can create a new health monitor in the Service Plan, use an existing BIG-IP health monitor, or both:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
SERVICE_BROKER_CONFIG: | plans: - description: plan for sb test example, name: sbtest, virtualServer: - policies: - /Common/PreventSpoofOfXFF - profiles: - /Common/x-forwarded-for - sslProfiles: - /Common/server-ssl pool: balance: ratio-member healthMonitors: # Use a health monitor that already exists in the cf partition on the BIG-IP device - name: /cf/my-healthMonitor # Create a new health monitor - name: hm-test type: http interval: 12 timeout: 5 send: hello
cf-bigip-ctlr App using the cf push command.
Be sure to use the
-o flag to specify the Docker image and version you want to use.
cf push cf-bigip-ctlr -o f5networks/cf-bigip-ctlr:1.1.0 -f manifest.yaml
The tasks in this section require a Cloud Foundry user account with administrator permissions.
Map a Route for the BIG-IP Controller.
Mapping a new Route creates a unique endpoint to use for calls to the Service Broker. This allows you to differentiate between calls to the Controller (such as Cloud Foundry health checks) and calls to the Service Broker API.
cf map-route cf-bigip-ctlr example.com --hostname sbtest
Register the Controller as a Service Broker.
Follow the instructions provided in Register a Broker as appropriate for your environment. You’ll need to provide the following information:
bigip.statussection of the Application Manifest (lets the Cloud Controller authenticate to the BIG-IP Controller Service Broker API;
cf create-service-broker cfbigip-sb someUser somePass https://sbtest.example.com
Enable Service Access for the
cf enable-service-access f5servicebroker
Create a Service instance for your users.
The plan name you provide here – “sbtest” in the example below – must match the name of a plan defined in your
cf-bigip-ctlr Application Manifest.
cf create-service f5servicebroker sbtest myAppSbTest
Verify availability of the Service in the Cloud Foundry Marketplace.
cf marketplace -s f5servicebroker
Once an administrator has completed the section above, developers can use the
f5servicebroker Service for their Apps. To do so, bind the
f5servicebroker Service to the App’s Route.
Cloud Foundry supports one Route Service Binding per Route.
cf bind-route-service example.com myAppSbTest --hostname myApp
When you bind a Route to the Service, the BIG-IP Controller creates a virtual server, pool(s), and pool member(s) on the BIG-IP device with the requested policy(ies) and profile(s) attached.
When you remove a Service Plan from the Application Manifest, the Controller removes all of the BIG-IP objects associated with the Plan. This is the case regardless of whether any Routes are still bound to the Service when you delete the plan.
If you no longer want to use the F5 Service Broker for an App, unbind the Service from the Route.
cf unbind-route-service example.com myAppSbTest --hostname myApp