Cloud Docs Home > F5 Container Integrations Index

F5 Container Integration - OpenShift

This document provides general information regarding the F5 Integration for OpenShift. For deployment and usage instructions, please refer to the guides below.

Overview

The BIG-IP Controller for OpenShift enables use of a BIG-IP device in OpenShift. Because OpenShift has a native Kubernetes integration, the F5 Integration for OpenShift utilizes the same controller as the F5 Integration for Kubernetes (k8s-bigip-ctlr). The BIG-IP Controller configures BIG-IP objects for applications in an OpenShift cluster, serving North-South traffic.

Solution design: The Container Connector runs as an App within the cluster; it configures the BIG-IP device as needed to handle traffic for Apps in the cluster

In OpenShift, you can use the BIG-IP Controller to use a BIG-IP device(s) to:

Note

Integration with OpenShift SDN requires a BIG-IP Better or Best license with SDN services.

OpenShift Node Health

In OpenShift clusters, the Kubernetes NodeList records status for all nodes registered with the master. Because the BIG-IP Controller integrates with the cluster network, it can access the NodeList in OpenShift’s underlying Kubernetes API server and watch it for changes. The BIG-IP Controller creates/updates FDB (Forwarding DataBase) entries for the configured VXLAN tunnel according to the NodeList. This ensures the BIG-IP Controller only makes VXLAN requests to reported nodes.

As a function of the BIG-IP VXLAN, the BIG-IP device only communicates with healthy cluster nodes. The BIG-IP device does not attempt to route traffic to an unresponsive node, even if the node remains in the NodeList.

Tip

You can also set up BIG-IP health monitors for OpenShift Services.

OpenShift Routes

In OpenShift, the BIG-IP Controller can manage BIG-IP objects for routes.

Tip

See manage OpenShift Routes with the BIG-IP Controller for configuration instructions.

Setting up OpenShift Route resources provides the following functionality:

  • listen for HTTP route events in OpenShift and create/delete/expire routes on BIG-IP devices (including L7 config policies such as wildcard routes, prefixes, etc.);
  • apply client SSL certificates from Kubernetes/OpenShift Secrets to BIG-IP LTM objects;
  • apply existing BIG-IP SSL certificates to BIG-IP LTM objects;
  • SSL termination using edge, passthrough, or re-encryption mode.

The table below shows what BIG-IP configurations the BIG-IP Controller applies for common admin tasks in OpenShift.

User action Controller action
Create OpenShift Route
  • Create two virtual servers:
    • one (1) HTTP
    • one (1) HTTPS
  • Create pools and pool members with policies attached.
  • Attach defined policies to virtual servers.
Add/remove endpoint(s)
  • Add/remove the pool member(s) that correspond to the endpoint(s) from the Route’s pool.
Delete all Routes
  • Remove all objects associated with the Routes (virtual servers, pools, and pool members) from the BIG-IP system.

What’s Next

Refer to the docs listed below for setup and configuration instructions.