F5 Kubernetes BIG-IP Controller manages F5 BIG-IP Local Traffic Manager (LTM) objects from Kubernetes.
See the F5 Kubernetes Container Connector user documentation.
F5 Kubernetes BIG-IP Controller is a Docker container that runs in a Kubernetes Pod. It uses an F5 Resource to determine:
The F5 Kubernetes BIG-IP Controller watches the Kubernetes API for the creation and modification of F5 resources. When it discovers changes, the F5 Kubernetes BIG-IP Controller modifies the BIG-IP accordingly.
For example:
virtualServer
resource.The BIG-IP handles traffic for the Service the specified virtual address and load-balances to all nodes in the cluster. Within the cluster, the allocated NodePort load balances traffic to all pods.
Parameter | Type | Required | Default | Description | Allowed Values |
---|---|---|---|---|---|
bigip-username | string | Required | n/a | BIG-IP iControl REST username | |
bigip-password | string | Required | n/a | BIG-IP iControl REST password [3] | |
bigip-url | string | Required | n/a | BIG-IP admin IP address | |
bigip-partition | string | Required | n/a | The BIG-IP partition in which to configure objects. | |
namespace | string | Optional | All | Kubernetes namespace(s) to watch, if not provided will watch all namespaces | |
namespace-label | string | Optional | n/a | Tells the k8s-bigip-ctlr to watch
any namespace with this label |
|
kubeconfig | string | Optional | ./config | Path to the kubeconfig file | |
python-basedir | string | Optional | /app/python | Path to python utilities directory | |
running-in-cluster | boolean | Optional | true | Indicates whether or not a
kubernetes cluster started
k8s-bigip-ctlr |
true, false |
use-node-internal | boolean | Optional | true | filter Kubernetes InternalIP addresses for pool members | true, false |
verify-interval | integer | Optional | 30 | In seconds, interval at which to verify the BIG-IP configuration. | |
node-poll-interval | integer | Optional | 30 | In seconds, interval at which to poll the cluster for its node members. | |
log-level | string | Optional | INFO | Log level | INFO, DEBUG, CRITICAL, WARNING, ERROR |
pool-member-type | string | Optional | nodeport | Create this type of BIG-IP pool members Use Use |
cluster, nodeport |
openshift-sdn-name | string | Optional | n/a | BigIP configured VxLAN name for access into the Openshift SDN and Pod network |
F5 Resources are JSON blobs encoded within Kubernetes ConfigMaps. The ConfigMap must contain the following properties:
Property | Description | Allowed Values |
---|---|---|
f5type | Defines the type of object
k8s-bigip-ctlr creates on the BIG-IP |
virtual-server |
schema | Verifies the data blob |
f5schemadb://bigip-virtual-server_v0.1.3.json |
data | Defines the F5 resource | |
frontend | Defines object(s) created on the BIG-IP | See frontend |
backend | Identifes the Kubernets Service acting as the server pool | See backend |
Property | Type | Required | Default | Description | Allowed Values | |
---|---|---|---|---|---|---|
partition | string | Required | Define the BIG-IP partition to manage | |||
virtualAddress | JSON object | Optional | Allocate a virtual address from the BIG-IP | |||
bindAddr | string | Required | Virtual IP address | |||
port | integer | Required | Port number | |||
mode | string | Optional | tcp | Set the proxy mode | http, tcp | |
balance | string | Optional | round- robin | Set the load balancing mode | round-robin | |
sslProfile | JSON object | Optional | BIG-IP SSL profile to apply to the virtual server. | |||
f5ProfileName | string | Optional | Name of the BIG-IP SSL profile. Uses format ‘partition_name/ cert_name’ Example: ‘Common/testcert’ |
If bindAddr
is not provided in the Frontend configuration, then you must supply it via a Kubernetes Annotation for the ConfigMap. The controller watches for the annotation key virtual-server.f5.com/ip
.
This annotation must contain the IP address that the virtual server will use. You can configure an IPAM system to write out this annotation containing the IP address that it chose.
A user of the Kubernetes API can check the status.virtual-server.f5.com/ip
annotation, set by the controller, to see the bindAddr
that the virtual server is using.
If virtualAddress
or bindAddr
are not provided in the Frontend configuration, then the controller will configure and manage pools, pool members, and healthchecks for the service without a virtual server on the BIG-IP.
Instead you should already have a BIG-IP virtual server that handles client connections and has an irule or traffic policy to forward the request to the correct pool. The stable name of the pool will be the namespace
of the Kubernetes service followed by an underscore followed by the name of the service ConfigMap.
Property | Type | Required | Default | Description | Allowed Values |
---|---|---|---|---|---|
partition | string | Required | Define the BIG-IP partition to manage. | ||
iapp | string | Required | BIG-IP iApp template to use to create the application service. | Any iApp template already configured on the BIG-IP. | |
iappPoolMemberTable | JSON object | Required | Define the name and layout of the pool-member table in the iApp. See the iApp Pool Member Table section below. | ||
iappTables | JSON object array | Optional | Define iApp tables to apply to the Application Service Example:
|
||
iappOptions | key-value object | Required | Define the App configurations | See configuration parameters above. | |
iappVariables | key-value object | Required | Define the iApp variables needed for service creation. |
You can use the iappPoolMemberTable
option to describe the layout of the pool-member table that the controller should configure. It is a JSON object with these properties:
name
(required): A string that specifies the name of the table that contains the pool members.columns
(required): An array that specifies the columns that the controller will configure in the pool-member table, in order.Each entry in columns
is an object that has a name
property and either a kind
or value
property:
name
(required): A string that specifies the column name.kind
: A string that tells the controller what property from the node to substitute. The controller supports "IPAddress"
and "Port"
.value
: A string that specifies a value. The controller will not perform any substitution, it uses the value as specified.For instance, if you configure an application with two pods at 1.2.3.4:20123 and 1.2.3.5:20321, and you specify:
"iappPoolMemberTable" = {
"name": "pool__members",
"columns": [
{"name": "Port", "kind": "Port"},
{"name": "IPAddress", "kind": "IPAddress"},
{"name": "ConnectionLimit", "value": "0"}
]
}
This would configure the following table on BIG-IP:
{
"name": "pool__members",
"columnNames": [
"Port",
"IPAddress",
"ConnectionLimit",
],
"rows": [
{
"row": [
"20123",
"1.2.3.4",
"0",
]
},
{
"row": [
"20321",
"1.2.3.5",
"0",
]
},
]
}
You will need to adjust this for the particular iApp template that you are using. One way to discover the format is to configure an iApp manually from a template, and then check its configuration using tmsh list sys app service <appname>
.
Property | Type | Required | Default | Description | Allowed Values |
---|---|---|---|---|---|
serviceName | string | Required | none | The Kubernetes Service representing the server pool. | |
servicePort | integer | Required | none | Kubernetes Service port number | |
healthMonitors | JSON object array | Optional | none | Array of TCP or HTTP Health Monitors. |
[1] | The F5 Kubernetes BIG-IP Controller creates and manages objects in the BIG-IP partition defined in the F5 resource ConfigMap. |
[2] | The F5 Kubernetes BIG-IP Controller forwards traffic to the NodePort assigned to the service by Kubernetes; see the Kubernetes Services documentation for more information. |
[3] | You can store sensitive information as a Kubernetes Secret. See the user documentation for instructions. |