F5 Kubernetes BIG-IP Controller v1.0.0

Current Page

Cloud Docs Home > F5 Kubernetes BIG-IP Controller Index

F5 Kubernetes BIG-IP Controller

F5 Kubernetes BIG-IP Controller manages F5 BIG-IP Local Traffic Manager (LTM) objects from Kubernetes.

Release Notes

Attributions

Attributions.md

Features

Overview

F5 Kubernetes BIG-IP Controller is a Docker container that runs in a Kubernetes Pod. It uses an F5 Resource to determine:

  • what objects to configure on your BIG-IP, and
  • to which Kubernetes Service the BIG-IP objects belong.

The F5 Kubernetes BIG-IP Controller watches the Kubernetes API for the creation and modification of F5 resources. When it discovers changes, the F5 Kubernetes BIG-IP Controller modifies the BIG-IP accordingly.

For example:

  1. F5 Kubernetes BIG-IP Controller discovers a new F5 virtualServer resource.
  2. F5 Kubernetes BIG-IP Controller creates a new virtual server object on the BIG-IP. [1]
  3. F5 Kubernetes BIG-IP Controller creates a pool member on the virtual server for each node in the cluster. [2]
  4. F5 Kubernetes BIG-IP Controller monitors F5 resources, and linked Kubernetes resources, for changes.
  5. F5 Kubernetes BIG-IP Controller reconfigures the BIG-IP when it discovers changes.

The BIG-IP handles traffic for the Service the specified virtual address and load-balances to all nodes in the cluster. Within the cluster, the allocated NodePort load balances traffic to all pods.

Configuration Parameters

Parameter Type Required Default Description Allowed Values
bigip-username string Required n/a BIG-IP iControl REST username  
bigip-password string Required n/a BIG-IP iControl REST password [3]  
bigip-url string Required n/a BIG-IP admin IP address  
bigip-partition string Required n/a The BIG-IP partition in which to configure objects.  
namespace string Required n/a Kubernetes namespace to watch  
kubeconfig string Optional ./config Path to the kubeconfig file  
python-basedir string Optional /app/python Path to python utilities directory  
running-in-cluster boolean Optional true Indicates whether or not a kubernetes cluster started k8s-bigip-ctlr true, false
use-node-internal boolean Optional true filter Kubernetes InternalIP addresses for pool members true, false
verify-interval integer Optional 30 In seconds, interval at which to verify the BIG-IP configuration.  
node-poll-interval integer Optional 30 In seconds, interval at which to poll the cluster for its node members.  
log-level string Optional INFO Log level INFO, DEBUG, CRITICAL, WARNING, ERROR
pool-member-type string Optional nodeport

Create this type of BIG-IP pool members

Use cluster to create pool members for each of the endpoints for the service. e.g. the pod’s ip

Use nodeport to create pool members for each schedulable node using the service’s NodePort

 cluster, nodeport
openshift-sdn-name string Optional n/a BigIP configured VxLAN name for access into the Openshift SDN and Pod network  

F5 Resource Properties

F5 Resources are JSON blobs encoded within Kubernetes ConfigMaps. The ConfigMap must contain the following properties:

Property Description Allowed Values
f5type Defines the type of object k8s-bigip-ctlr creates on the BIG-IP virtual-server
schema Verifies the data blob f5schemadb://bigip-virtual-server_v0.1.2.json
data Defines the F5 resource  
frontend Defines object(s) created on the BIG-IP See frontend
backend Identifes the Kubernets Service acting as the server pool See backend

Frontend

virtualServer

Property Type Required Default Description Allowed Values
partition string Required   Define the BIG-IP partition to manage  
mode string Required   Set the proxy mode http, tcp
balance string Required round- robin Set the load balancing mode round-robin
virtualAddress JSON object Required   Allocate a virtual address from the BIG-IP  
  bindAddr string Required   Virtual IP address  
  port integer Required   Port number  
sslProfile JSON object Optional   BIG-IP SSL profile to apply to the virtual server.  
  f5ProfileName string Optional  

Name of the BIG-IP SSL profile.

Uses format ‘partition_name/ cert_name’

Example: ‘Common/testcert’

  

iApps

Property Type Required Default Description Allowed Values
partition string Required   Define the BIG-IP partition to manage.  
iapp string Required   BIG-IP iApp template to use to create the application service. Any iApp template already configured on the BIG-IP.
iappPoolMemberTable JSON object Required   Define the name and layout of the pool-member table in the iApp. See the iApp Pool Member Table section below.  
iappTables JSON object array Optional  

Define iApp tables to apply to the Application Service

Example: "iappTables": { "monitor__Monitors": {"columns": ["Index", "Name", "Type", "Options"], "rows": [[0, "mon1", "tcp", "" ], [1, "mon2", "http", ""]]}}"

  
iappOptions key-value object Required   Define the App configurations See configuration parameters above.
iappVariables key-value object Required   Define the iApp variables needed for service creation.  

iApp Pool Member Table

You can use the iappPoolMemberTable option to describe the layout of the pool-member table that the controller should configure. It is a JSON object with these properties:

  • name (required): A string that specifies the name of the table that contains the pool members.
  • columns (required): An array that specifies the columns that the controller will configure in the pool-member table, in order.

Each entry in columns is an object that has a name property and either a kind or value property:

  • name (required): A string that specifies the column name.
  • kind: A string that tells the controller what property from the node to substitute. The controller supports "IPAddress" and "Port".
  • value: A string that specifies a value. The controller will not perform any substitution, it uses the value as specified.

For instance, if you configure an application with two pods at 1.2.3.4:20123 and 1.2.3.5:20321, and you specify:

"iappPoolMemberTable" = {
  "name": "pool__members",
  "columns": [
    {"name": "Port", "kind": "Port"},
    {"name": "IPAddress", "kind": "IPAddress"},
    {"name": "ConnectionLimit", "value": "0"}
  ]
}

This would configure the following table on BIG-IP:

{
  "name": "pool__members",
  "columnNames": [
    "Port",
    "IPAddress",
    "ConnectionLimit",
  ],
  "rows": [
    {
      "row": [
        "20123",
        "1.2.3.4",
        "0",
      ]
    },
    {
      "row": [
        "20321",
        "1.2.3.5",
        "0",
      ]
    },
  ]
}

You will need to adjust this for the particular iApp template that you are using. One way to discover the format is to configure an iApp manually from a template, and then check its configuration using tmsh list sys app service <appname>.

Backend

Property Type Required Default Description Allowed Values
serviceName string Required none The Kubernetes Service representing the server pool.  
servicePort integer Required none Kubernetes Service port number  
healthMonitors JSON object array Optional none Array of TCP or HTTP Health Monitors.  

Example Configuration Files

[1]The F5 Kubernetes BIG-IP Controller creates and manages objects in the BIG-IP partition defined in the F5 resource ConfigMap.
[2]The F5 Kubernetes BIG-IP Controller forwards traffic to the NodePort assigned to the service by Kubernetes; see the Kubernetes Services documentation for more information.
[3]You can store sensitive information as a Kubernetes Secret. See the user documentation for instructions.