BIG-IP Controller Reference

The BIG-IP Controller and Traffic Management Microkernel (TMM) configuration parameters. Each heading below represents the top-level parameter element. For example, to set the Controller’s watchNamespace, use controller.watchNamespace.

controller

Parameters to configure the BIG-IP Controller.

Parameter Description
image.repository The domain name or IP address of the local container registry.
watchNamespace The Namespace to watch for Service and CR update events.
serviceAccount.name Specifies the serviceAccount the BIG-IP Controller Pod will use. By default, the controller uses the -f5ingress serviceAccount.
serviceAccount.create Specifies whether the serviceAccount will be created during the installation. The default value is true.
fluentbit_sidecar.enabled Enables the fluentbit logging sidecar (true /false). The default value is true.
fluentbit_sidecar.image.repository The domain name or IP address of the local container registry.
fluentbit_sidecar.fluentd.port The service port of the Fluend container. The default value is 54321.
resources.limits.cpu The maximum amount of CPU that the container is allowed to use.
resources.limits.memory The maximum amount of memory that the container is allowed to use.
resources.requests.cpu The minimum CPU allocation for the container.
resources.requests.memory The minimum memory allocation for the container.
maxActiveReplicas Defines the maximum limit of active TMM replicas. The default value is set to 32. For more information on Deterministic Config Allocation, Active and Standby TMMs, see Deterministic Config Allocation

tmm

Parameters to configure TMM.

Parameter Description
topologyManager Enables using Kubernetes Topology Manager to dynamically allocate and properly align TMM’s CPU cores.
image.repository The domain name or IP address of the local container registry.
add_k8s_routes Enables setting the default gateway using either BGP or the F5BigNetStaticroute CR.The default value is false.
replicaCount Number of CNFs TMMs desired in the replicaset.
hostNetwork Enable TMM pods to use host network namespace.
cniNetworks Comma-separated list of CNI network interfaces used by TMM.
resources.limits.cpu The number of TMM threads to allocate.
resources.limits.hugepages-2Mi The amount of hugepages to allocate: 1.5GB x TMM CPU count.
resources.limits.memory The amount of memory to allocate. F5 recommends the default value 2Gi.
resources.requests.cpu The minimum CPU allocation for the container.
resources.requests.memory The minimum memory allocation for the container.
serviceAccount.name Specifies the serviceAccount the TMM Pod will use. By default, TMM uses the default serviceAccount.
serviceAccount.create Specifies whether the serviceAccount will be created during the installation. The default value is false.
vxlan.enabled Enable VXLAN configuration for this TMM deployment (true/false).
vxlan.name VXLAN tunnel name.
vxlan.localIp VXLAN local IP address.
vxlan.selfIp VXLAN self IP address.
vxlan.port VXLAN port.
vxlan.key VXLAN key.
vxlan.staticRouteNodeNetmask Netmask for static routes to nodes.
vxlan.staticRoutePoolMemberNetmask Netmask for static routes to pool members.

tmm.customEnvVars

Parameters to set environment variables that determine TMM’s startup behavior. Refer to the BIG-IP Controller for more information.

Parameter Description
TMM_CALICO_ROUTER Configure the layer 2 and layer 3 addresses of the Calico default router when Proxy ARP is not desired: MAC,v4GATEWAY,v6GATEWAY. Enable setting the standard Calico CNI values: DEFAULT.
TMM_IGNORE_GATEWAYS When enabled, TMM does not configure the default gateways: true.
Note: If TMM_IGNORE_GATEWAYS is set to true, then TMM does not configure both IPv4 and IPv6 gateways.
TMM_IGNORE_IPV4_GATEWAYS When enabled, TMM does not configure the IPv4 gateways: true.
TMM_IGNORE_IPV6_GATEWAYS When enabled, TMM does not configure the IPv6 gateways: true.
TMM_IGNORE_HW_DAG Enables internal queues on Rx path and software DAGing at NDAL layer: true.

tmm.dynamicRouting

Parameters to configure BGP. For configuration assistance, refer to the BGP Overview.

Parameter Description
enabled Enable the TMM dynamic routing container.
trouted.image.repository The domain name or IP address of the local container registry.
tmmRouting.image.repository The domain name or IP address of the local container registry.
tmmRouting.resources.limits.cpu The maximum amount of CPU that the container is allowed to use.
tmmRouting.resources.limits.memory The maximum amount of memory that the container is allowed to use.
tmmRouting.resources.requests.cpu The minimum CPU allocation for the container.
tmmRouting.resources.requests.memory The minimum memory allocation for the container.
tmmRouting.config.bgp.hostname Sets the BGP Hostname.
tmmRouting.config.bgp.logFile Sets the name and location for the BGP log file.
tmmRouting.config.bgp.debugs BGP array of debug.
tmmRouting.config.bgp.asn TMM's BGP Autonomous System Number.
tmmRouting.config.bgp.maxPathsEbgp BGP maximum number of paths for External BGP (2-64). Disable with 'null' value.
tmmRouting.config.bgp.maxPathsIbgp BGP maximum number of paths for Internal BGP (2-64). Disable with 'null' value.
tmmRouting.config.bgp.neighbors BGP router array of neighbors.
tmmRouting.config.bgp.neighbors.ip BGP router neighbors IP.
tmmRouting.config.bgp.neighbors.acceptsIPv4 Advertise IPv4 virtual server addresses neighbors. true enables - empty string disables.
tmmRouting.config.bgp.neighbors.acceptsIPv6 Advertise IPv6 virtual server addresses to neighbors. true enables - empty string disables.
tmmRouting.config.bgp.neighbors.ebgpMultihop Sets the BGP TTL (range: 1-255).
tmmRouting.config.bgp.neighbors.password BGP router neighbors Password.
tmmRouting.config.bgp.gracefulRestartTime BGP graceful restart time.
tmmRouting.config.bgp.routeMap The name of the routeMaps use to filter neighbor routes.
tmmRouting.config.prefixList.name The name of the prefixList entry.
tmmRouting.config.prefixList.seq The order of the prefixList entry.
tmmRouting.config.prefixList.deny Allow or deny the prefixList entry.
tmmRouting.config.prefixList.prefix The IP address subnet to filter.
tmmRouting.config.routeMaps.name The name of the routeMaps object applied to the neighbor
tmmRouting.config.routeMaps.seq The order of the routeMaps entry.
tmmRouting.config.routeMaps.deny Allow or deny the routeMaps entry.
tmmRouting.config.routeMaps.match The name of the referenced prefixList.
tmmRouting.config.bgp.neighbors.fallover Enable BFD fallover between peers: true / false.
tmmRouting.config.bfd.interface Selects the BFD peering interface if specified.
tmmRouting.config.bfd.interval Sets the minimum transmission interval in milliseconds. 50 (default) - 999.
tmmRouting.config.bfd.minrx Sets the minimum receive interval in milliseconds: 50 (default) - 999.
tmmRouting.config.bfd.multiplier Sets the Hello multiplier value 3 - 50. The default value is 10.
tmmRouting.config.bfd.multihop_peer Enables multi-hop BFD to BGP neighbor: The default value is false.

afm

Parameter Description
enabled Enables the Edge Firewall Pod: The default value is false.
defaultFirewallRule.action Sets the Edge Firewall default firewall action: accept (default), reject, or drop.
defaultFirewallRule.log Enables logging messages when a packet matches the defaultFirewallRule.action: true (default) or false.
pccd.enabled Enables the Packet Classification Compiler daemon (PCCD): true or false (default).
pccd.image.repository The domain name or IP address of the local container registry.
pccd.resources.limits.cpu The maximum amount of CPU that the container is allowed to use.
pccd.resources.limits.memory The maximum amount of memory that the container is allowed to use.
pccd.resources.requests.cpu The minimum CPU allocation for the container.
pccd.resources.requests.memory The minimum memory allocation for the container.
fluentbit_sidecar.enabled Enables the fluentbit logging sidecar (true /false). The default value is true.
fluentbit_sidecar.image.repository The domain name or IP address of the local container registry.

ipsd

Parameter Description
enabled Enables the intrusion detection and protection system Pod (true/false). The default value is false.
image.repository The domain name or IP address of the local container registry.
ipsd.resources.limits.cpu The maximum amount of CPU that the container is allowed to use.
ipsd.resources.limits.memory The maximum amount of memory that the container is allowed to use.
ipsd.resources.requests.cpu The minimum CPU allocation for the container.
ipsd.resources.requests.memory The minimum memory allocation for the container.

f5-toda-logging

Parameters to send TMM logging data to the Fluentd Logging container.

_images/spk_info.png Note: f5-toda-logging is a subchart of the Ingress Helm chart.

Parameter Description
enabled Enable or disable TMM logging (true/false). The default value is true.
fluentD.host Sets the fluentd service name used as a target to send logging information.
sidecar.image.repository Sidecar registry name.
tmstats.config.image.repository The path of f5-toda-tmstatsd image.

debug

Parameters for the Debug Sidecar.

Parameter Description
enabled Enable or disable debug (true/false). The default value is true.
image.repository Debug registry name.
resources.limits.cpu The maximum amount of CPU that the container is allowed to use.
resources.limits.memory The maximum amount of memory that the container is allowed to use.
resources.requests.cpu The minimum CPU allocation for the container.
resources.requests.memory The minimum memory allocation for the container.