BIG-IP Controller Reference¶
The BIG-IP Controller and Traffic Management Microkernel (TMM) configuration parameters. Each heading below represents the top-level parameter element. For example, to set the Controller’s watchNamespace, use controller.watchNamespace.
controller¶
Parameters to configure the BIG-IP Controller.
| Parameter | Description |
|---|---|
image.repository |
The domain name or IP address of the local container registry. |
watchNamespace |
The Namespace to watch for Service and CRD update events. |
serviceAccount.name |
Specifies the serviceAccount the BIG-IP Controller Pod will use. By default the controller uses the |
serviceAccount.create |
Specifies whether the serviceAccount will be created during the installation: true (default) or false. |
fluentbit_sidecar.enabled |
Enables the fluentbit logging sidecar (true /false). The default is true. |
fluentbit_sidecar.image.repository |
The domain name or IP address of the local container registry. |
fluentbit_sidecar.fluentd.port |
The service port of the Fluend container. The default is 54321. |
resources.limits.cpu |
The maximum amount of CPU that the container is allowed to use. |
resources.limits.memory |
The maximum amount of memory that the container is allowed to use. |
resources.requests.cpu |
The minimum CPU allocation for the container. |
resources.requests.memory |
The minimum memory allocation for the container. |
maxActiveReplicas |
Defines the maximum limit of active TMM replicas. The default value for this parameter is set to 32. For more information on Active and Standby TMMs and TMMs expected behaviour, see TMM device assignments |
tmm¶
Parameters to configure TMM.
| Parameter | Description |
|---|---|
topologyManager |
Enables using Kubernetes Topology Manager to dynamically allocate and properly align TMM’s CPU cores. |
image.repository |
The domain name or IP address of the local container registry. |
add_k8s_routes |
Enables setting the default gateway using either BGP or the F5BigNetStaticroute CR: true or false (default). |
replicaCount |
Number of CNFs TMMs desired in the replicaset. |
hostNetwork |
Enable TMM pods to use host network namespace. |
resources.limits.cpu |
The number of TMM threads to allocate. |
resources.limits.hugepages-2Mi |
The amount of hugepages to allocate: 1.5GB x TMM CPU count. |
resources.limits.memory |
The amount of memory to allocate. F5 recommends the default 2Gi. |
resources.requests.cpu |
The minimum CPU allocation for the container. |
resources.requests.memory |
The minimum memory allocation for the container. |
serviceAccount.name |
Specifies the serviceAccount the TMM Pod will use. By default TMM uses the default serviceAccount. |
serviceAccount.create |
Specifies whether the serviceAccount will be created during the installation: true or false (default). |
vxlan.enabled |
Enable VXLAN configuration for this TMM deployment (true/false). |
vxlan.name |
VXLAN tunnel name. |
vxlan.localIp |
VXLAN local IP address. |
vxlan.selfIp |
VXLAN self IP address. |
vxlan.port |
VXLAN port. |
vxlan.key |
VXLAN key. |
vxlan.staticRouteNodeNetmask |
Netmask for static routes to nodes. |
vxlan.staticRoutePoolMemberNetmask |
Netmask for static routes to pool members. |
tmm.customEnvVars¶
Parameters to set environment variables that determine TMM’s startup behavior. Refer to the BIG-IP Controller for more information.
| Parameter | Description |
|---|---|
TMM_CALICO_ROUTER |
Configure the layer 2 and layer 3 addresses of the Calico default router when Proxy ARP is not desired: MAC,v4GATEWAY,v6GATEWAY. Enable setting the standard Calico CNI values: DEFAULT. |
TMM_IGNORE_GATEWAYS |
When enabled, TMM does not configure the default gateways: true.  Note: If TMM_IGNORE_GATEWAYS is set to true, then TMM does not configure both IPv4 and IPv6 gateways. |
TMM_IGNORE_IPV4_GATEWAYS |
When enabled, TMM does not configure the IPv4 gateways: true. |
TMM_IGNORE_IPV6_GATEWAYS |
When enabled, TMM does not configure the IPv6 gateways: true. |
ROBIN_VFIO_RESOURCE |
Creates and orders TMM's data plane interface list using Robin ip-pool values. |
TMM_IGNORE_HW_DAG |
Enables internal queues on Rx path and software DAGing at NDAL layer: true. |
tmm.dynamicRouting¶
Parameters to configure BGP. For configuration assistance, refer to the BGP Overview.
| Parameter | Description |
|---|---|
enabled |
Enable the TMM dynamic routing container. |
trouted.image.repository |
The domain name or IP address of the local container registry. |
tmmRouting.image.repository |
The domain name or IP address of the local container registry. |
tmmRouting.resources.limits.cpu |
The maximum amount of CPU that the container is allowed to use. |
tmmRouting.resources.limits.memory |
The maximum amount of memory that the container is allowed to use. |
tmmRouting.resources.requests.cpu |
The minimum CPU allocation for the container. |
tmmRouting.resources.requests.memory |
The minimum memory allocation for the container. |
tmmRouting.config.bgp.hostname |
Sets the BGP Hostname. |
tmmRouting.config.bgp.logFile |
Sets the name and location for the BGP log file. |
tmmRouting.config.bgp.debugs |
BGP array of debug. |
tmmRouting.config.bgp.asn |
TMM's BGP Autonomous System Number. |
tmmRouting.config.bgp.maxPathsEbgp |
BGP maximum number of paths for External BGP (2-64). Disable with 'null' value. |
tmmRouting.config.bgp.maxPathsIbgp |
BGP maximum number of paths for Internal BGP (2-64). Disable with 'null' value. |
tmmRouting.config.bgp.neighbors |
BGP router array of neighbors. |
tmmRouting.config.bgp.neighbors.ip |
BGP router neighbors IP. |
tmmRouting.config.bgp.neighbors.acceptsIPv4 |
Advertise IPv4 virtual server addresses neighbors. true enables - empty string disables. |
tmmRouting.config.bgp.neighbors.acceptsIPv6 |
Advertise IPv6 virtual server addresses to neighbors. true enables - empty string disables. |
tmmRouting.config.bgp.neighbors.ebgpMultihop |
Sets the BGP TTL (range: 1-255). |
tmmRouting.config.bgp.neighbors.password |
BGP router neighbors Password. |
tmmRouting.config.bgp.gracefulRestartTime |
BGP graceful restart time. |
tmmRouting.config.bgp.routeMap |
The name of the routeMaps use to filter neighbor routes. |
tmmRouting.config.prefixList.name |
The name of the prefixList entry. |
tmmRouting.config.prefixList.seq |
The order of the prefixList entry. |
tmmRouting.config.prefixList.deny |
Allow or deny the prefixList entry. |
tmmRouting.config.prefixList.prefix |
The IP address subnet to filter. |
tmmRouting.config.routeMaps.name |
The name of the routeMaps object applied to the neighbor |
tmmRouting.config.routeMaps.seq |
The order of the routeMaps entry. |
tmmRouting.config.routeMaps.deny |
Allow or deny the routeMaps entry. |
tmmRouting.config.routeMaps.match |
The name of the referenced prefixList. |
tmmRouting.config.bgp.neighbors.fallover |
Enable BFD fallover between peers: true / false. |
tmmRouting.config.bfd.interface |
Selects the BFD peering interface if specified. |
tmmRouting.config.bfd.interval |
Sets the minimum transmission interval in milliseconds: 50 (default) - 999. |
tmmRouting.config.bfd.minrx |
Sets the minimum receive interval in milliseconds: 50 (default) - 999. |
tmmRouting.config.bfd.multiplier |
Sets the Hello multiplier value 3 - 50. The default is 10. |
tmmRouting.config.bfd.multihop_peer |
Enables multi-hop BFD to BGP neighbor: true or false (default). |
afm¶
| Parameter | Description |
|---|---|
enabled |
Enables the Edge Firewall Pod: true or false (default). |
defaultFirewallRule.action |
Sets the Edge Firewall default firewall action: accept (default), reject, or drop. |
defaultFirewallRule.log |
Enables logging messages when a packet matches the defaultFirewallRule.action: true (default) or false. |
pccd.enabled |
Enables the Packet Classification Compiler daemon (PCCD): true or false (default). |
pccd.image.repository |
The domain name or IP address of the local container registry. |
pccd.resources.limits.cpu |
The maximum amount of CPU that the container is allowed to use. |
pccd.resources.limits.memory |
The maximum amount of memory that the container is allowed to use. |
pccd.resources.requests.cpu |
The minimum CPU allocation for the container. |
pccd.resources.requests.memory |
The minimum memory allocation for the container. |
fluentbit_sidecar.enabled |
Enables the fluentbit logging sidecar (true /false). The default is true. |
fluentbit_sidecar.image.repository |
The domain name or IP address of the local container registry. |
ipsd¶
| Parameter | Description |
|---|---|
enabled |
Enables the intrusion detection and protection system Pod: true or false (default). |
image.repository |
The domain name or IP address of the local container registry. |
ipsd.resources.limits.cpu |
The maximum amount of CPU that the container is allowed to use. |
ipsd.resources.limits.memory |
The maximum amount of memory that the container is allowed to use. |
ipsd.resources.requests.cpu |
The minimum CPU allocation for the container. |
ipsd.resources.requests.memory |
The minimum memory allocation for the container. |
f5-toda-logging¶
Parameters to send TMM logging data to the Fluentd Logging container.
Note: f5-toda-logging is a subchart of the Ingress Helm chart.
| Parameter | Description |
|---|---|
enabled |
Enable or disable TMM logging: true (default) or false. |
fluentD.host |
Sets the fluentd service name used as a target to send logging information. |
sidecar.image.repository |
Sidecar regitry name. |
tmstats.config.image.repository |
The path of f5-toda-tmstatsd image. |
debug¶
Parameters for the Debug Sidecar.
| Parameter | Description |
|---|---|
enabled |
Enable or disable debug: true (default) or false. |
image.repository |
Debug registry name. |
resources.limits.cpu |
The maximum amount of CPU that the container is allowed to use. |
resources.limits.memory |
The maximum amount of memory that the container is allowed to use. |
resources.requests.cpu |
The minimum CPU allocation for the container. |
resources.requests.memory |
The minimum memory allocation for the container. |