F5 Container Integrations

Current Page

Cloud Foundry

Kubernetes / OpenShift

Mesos Marathon




View related articles on DevCentral

Cloud Docs Home > F5 Container Integrations Index

F5 Container Integration - OpenShift

This document provides general information regarding the F5 Integration for OpenShift. For deployment and usage instructions, please refer to the guides below.


The BIG-IP Controller for OpenShift enables use of a BIG-IP device in OpenShift. Because OpenShift has a native Kubernetes integration, the F5 Integration for OpenShift utilizes the same controller as the F5 Integration for Kubernetes (k8s-bigip-ctlr). The BIG-IP Controller configures BIG-IP objects for applications in an OpenShift cluster, serving North-South traffic.

Solution design: The Container Connector runs as an App within the cluster; it configures the BIG-IP device as needed to handle traffic for Apps in the cluster

In OpenShift, you can use the BIG-IP Controller to use a BIG-IP device(s) to:


Integration with OpenShift SDN requires a BIG-IP Better or Best license with SDN services.

OpenShift Node Health

In OpenShift clusters, the Kubernetes NodeList records status for all nodes registered with the master. Because the BIG-IP Controller integrates with the cluster network, it can access the NodeList in OpenShift’s underlying Kubernetes API server and watch it for changes. The BIG-IP Controller creates/updates FDB (Forwarding DataBase) entries for the configured VXLAN tunnel according to the NodeList. This ensures the BIG-IP Controller only makes VXLAN requests to reported nodes.

As a function of the BIG-IP VXLAN, the BIG-IP device only communicates with healthy cluster nodes. The BIG-IP device does not attempt to route traffic to an unresponsive node, even if the node remains in the NodeList.


You can also set up BIG-IP health monitors for OpenShift Services.

OpenShift Routes

In OpenShift, the BIG-IP Controller can manage BIG-IP objects for routes.


See manage OpenShift Routes with the BIG-IP Controller for configuration instructions.

Setting up OpenShift Route resources provides the following functionality:

  • listen for HTTP route events in OpenShift and create/delete/expire routes on BIG-IP devices (including L7 config policies such as wildcard routes, prefixes, etc.);
  • apply client SSL certificates from Kubernetes/OpenShift Secrets to BIG-IP LTM objects;
  • apply existing BIG-IP SSL certificates to BIG-IP LTM objects;
  • SSL termination using edge, passthrough, or re-encryption mode.

The table below shows what BIG-IP configurations the BIG-IP Controller applies for common admin tasks in OpenShift.

User action Controller action
Create OpenShift Route
  • Create two virtual servers:
    • one (1) HTTP
    • one (1) HTTPS
  • Create pools and pool members with policies attached.
  • Attach defined policies to virtual servers.
Add/remove endpoint(s)
  • Add/remove the pool member(s) that correspond to the endpoint(s) from the Route’s pool.
Delete all Routes
  • Remove all objects associated with the Routes (virtual servers, pools, and pool members) from the BIG-IP system.

Advanced Deployments

The BIG-IP Controller for OpenShift supports the following OpenShift Advanced Deployment Strategies:

Follow the instructions provided in the OpenShift documentation to use these deployment strategies with your BIG-IP Controller and BIG-IP device(s).


The BIG-IP Controller for OpenShift provides the following advantages over the native HAProxy when working with alternate backends:

  • You use any of the BIG-IP load balancing algorithms the Controller supports (not just round robin). [1]
  • When you assign a weight to a Service in an OpenShift Route, the BIG-IP Controller assigns that weight to the Service’s pool on the BIG-IP device. The weight isn’t split across the Service’s endpoints and there are no per-endpoint weight restrictions.

What’s Next

Refer to the docs below for setup and configuration instructions.


[1]The BIG-IP Controller supports BIG-IP load balancing algorithms that do not require additional configuration parameters. You can view the full list of supported algorithms in the f5-cccl schema. See the BIG-IP Local Traffic Management Basics user guide for information about each load balancing mode.