Deploy the BIG-IP Controller for Cloud Foundry

Complete the steps provided below to deploy the BIG-IP Controller for Cloud Foundry using the default global configuration mode.

Note

If you need to configure BIG-IP objects for individual Routes, you’ll need to register the BIG-IP Controller as a Service Broker. See Deploy the BIG-IP Controller for Cloud Foundry with per-Route Virtual Servers for more information.

Task Summary
Step Task
Complete the setup prerequisites

Create an application manifest

Add BIG-IP Health Monitors (OPTIONAL)

Apply BIG-IP policies and profiles (OPTIONAL)

Push the BIG-IP Controller app to Cloud Foundry
Verify object creation on the BIG-IP system

Before you begin

  1. Enable Docker in Cloud Foundry .
  2. Create a read-only Admin user in Cloud Foundry
    • In global mode, this user needs “routing.routes.read” and “routing.router_groups.read” permissions.
    • In service_broker mode, the user needs “routing.routes.read”, “routing.router_groups.read”, and “cloud_controller.read” permissions.
  3. Add the BIG-IP device to Cloud Foundry as a custom load balancer.

Create an application manifest

Create a new Application Manifest file containing your desired cf-bigip-ctlr configuration parameters.

Include the following in the env.BIGIP_CTLR_CFG.bigip section of the manifest:

  • the IP address and user account credentials for the BIG-IP device;

    Important

    The BIG-IP Controller requires Administrator permissions in order to provide full functionality.

  • the BIG-IP partition you want the BIG-IP Controller to manage (must already exist on the BIG-IP device);

  • the load balancing method desired for all pools created by the BIG-IP Controller;

  • the poll interval at which the BIG-IP Controller should attempt to verify BIG-IP settings;

  • the external IP address you want to assign to the virtual server (should be an existing BIG-IP Self IP address); and

  • a username and password the Cloud Controller can use to interact with the BIG-IP Controller API.

To support L7 (HTTP) routing, include the nats section shown in the example manifest.

To support L4 (TCP) routing, define the following sections:

  • routing_api (REQUIRED)
  • oauth (REQUIRED)
  • route_mode (OPTIONAL)

See the cf-bigip-ctlr configuration parameters table for more information.

Example App Manifest for cf-bigip-ctlr
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
applications:
  - name: cf-bigip-ctlr
    health-check-type: http
    health-check-http-endpoint: /health
    env:
      # Provide the desired BIG-IP configurations including partition, load
      # balancing algorithm, and Self IP address to assign to the virtual server
      # THE SETTINGS IN THIS SECTION ARE GLOBAL
      # Set "broker_mode" to "true" to run the BIG-IP Controller as a
      # Service Broker
      BIGIP_CTLR_CFG: |
                      bigip:
                        url: https://bigip.example.com
                        user: myBigipUsername
                        pass: myBigipPassword
                        partition:
                          - cf
                        balance: least-connections-node
                        verify_interval: 30
                        external_addr: 10.100.100.101
                        # Required if running the Controller in broker mode
                        tier2_ip_range: 255.255.255.0
                        ssl_profiles:
                          - /Common/my-ssl-policy
                        policies:
                          - /Common/example-ltm-policy
                        profiles:
                          - /Common/example-profile
                        health_monitors:
                          - /Common/tcp_half_open

                      # Required to run the BIG-IP Controller as a Service
                      # Broker (introduced in v1.1.0)
                      broker_mode: true

                      logging:
                        level: info

                      route_mode: all

                      # Required for HTTP routing
                      nats:

manifest.yaml

Add BIG-IP Health Monitors

In the global bigip configuration section, you can attach health monitors that already exist on the BIG-IP device. The example below attaches the existing BIG-IP health monitor called “http.get”, which resides in the /Common partition.

Excerpt from example manifest with health monitor defined
BIGIP_CTLR_CFG: |
          bigip:
            url: https://bigip.example.com
            user: myBigipUsername
            pass: myBigipPassword
            partition:
              - cf
            balance: round-robin
            verify_interval: 30
            external_addr: 192.168.1.1
            health-monitors:
            - /Common/http.get

Tip

You can create new health monitors and/or attach existing BIG-IP health monitors for per-Route virtual servers <define per-route vs settings>.

Apply BIG-IP policies and profiles

You can apply existing BIG-IP policies and profiles to the virtual server(s) created for your Cloud Foundry Routes. For example: to use the “x-forwarded-for” and “x-forwarded-proto” headers, take the steps below.

  1. Create a BIG-IP local traffic profile with “x-forwarded-for” enabled.

  2. Create a BIG-IP local traffic policy to set the “x-forwarded-proto” header.

  3. Add the profile and policy to the Application Manifest. This will associate the objects with the virtual server when the Controller creates it on the BIG-IP system.

    Excerpt from example manifest with policy and profile defined
    BIGIP_CTLR_CFG: |
              bigip:
                url: https://bigip.example.com
                user: myBigipUsername
                pass: myBigipPassword
                partition:
                  - cf
                balance: round-robin
                verify_interval: 30
                external_addr: 192.168.1.1
                profiles:
                - /Common/x-forwarded-for
                policies:
                - /Common/x-forwarded-proto
    

Push the BIG-IP Controller app to Cloud Foundry

Deploy the cf-bigip-ctlr App using the cf push command.

Be sure to use the -o flag to specify the Docker image and version you want to use.

cf push cf-bigip-ctlr -o f5networks/cf-bigip-ctlr:1.1.0 -f manifest.yaml

Verify object creation on the BIG-IP system

Important

The objects created on the BIG-IP system will vary depending on how you set up your Application Manifest.

At minimum, you should see one HTTP virtual server accepting traffic on port 80. If you included an SSL profile in your Manifest, you should also see an HTTPS virtual server accepting traffic on port 443. If you’re using TCP Routes, you should see one virtual server for each Route.

  1. Log in to the BIG-IP configuration utility at the management IP address (for example, https://10.90.25.228/xui).
  2. Choose the configured partition (for example, “cf”) from the Partition dropdown menu.
    1. Go to Local Traffic ‣ Virtual Servers to view the list of virtual server(s) in the partition.
    2. Go to Local Traffic ‣ Policies to view a list of all policies in the partition.
    3. Go to Local Traffic ‣ Pools to view a list of all pools in the partition.