BIG-IP Controller Reference¶
The BIG-IP Controller and Traffic Management Microkernel (TMM) configuration parameters. Each heading below represents the top-level parameter element. For example, to set the Controller’s watchNamespace
, use controller.watchNamespace
.
controller¶
Parameters to configure the BIG-IP Controller.
Parameter | Description |
---|---|
image.repository |
The domain name or IP address of the local container registry. |
watchNamespace |
The Namespace to watch for Service and CRD update events. |
serviceAccount.name |
Specifies the serviceAccount the BIG-IP Controller Pod will use. By default the controller uses the |
serviceAccount.create |
Specifies whether the serviceAccount will be created during the installation: true (default) or false. |
fluentbit_sidecar.enabled |
Enables the fluentbit logging sidecar (true /false). The default is true. |
fluentbit_sidecar.image.repository |
The domain name or IP address of the local container registry. |
fluentbit_sidecar.fluentd.port |
The service port of the Fluend container. The default is 54321. |
tmm¶
Parameters to configure TMM.
Parameter | Description |
---|---|
topologyManager |
Enables using Kubernetes Topology Manager to dynamically allocate and properly align TMM’s CPU cores. |
image.repository |
The domain name or IP address of the local container registry. |
add_k8s_routes |
Enables setting the default gateway using either BGP or the F5BigNetStaticroute CR: true or false (default). |
replicaCount |
Number of CNFs TMMs desired in the replicaset. |
hostNetwork |
Enable TMM pods to use host network namespace. |
cniNetworks |
Comma-seperated list of CNI network interfaces used by TMM. |
robinNetworks |
Enables Robin networking: true or false (default). |
resources.limits.cpu |
The number of TMM threads to allocate. |
resources.limits.hugepages-2Mi |
The amount of hugepages to allocate: 1.5GB x TMM CPU count. |
resources.limits.memory |
The amount of memory to allocate. F5 recommends the default 2Gi. |
serviceAccount.name |
Specifies the serviceAccount the TMM Pod will use. By default TMM uses the default serviceAccount. |
serviceAccount.create |
Specifies whether the serviceAccount will be created during the installation: true or false (default). |
vxlan.enabled |
Enable VXLAN configuration for this TMM deployment (true/false). |
vxlan.name |
VXLAN tunnel name. |
vxlan.localIp |
VXLAN local IP address. |
vxlan.selfIp |
VXLAN self IP address. |
vxlan.port |
VXLAN port. |
vxlan.key |
VXLAN key. |
vxlan.staticRouteNodeNetmask |
Netmask for static routes to nodes. |
vxlan.staticRoutePoolMemberNetmask |
Netmask for static routes to pool members. |
tmm.customEnvVars¶
Parameters to set environment variables that determine TMM’s startup behavior. Refer to the BIG-IP Controller for more information.
Parameter | Description |
---|---|
TMM_CALICO_ROUTER |
Configure the layer 2 and layer 3 addresses of the Calico default router when Proxy ARP is not desired: MAC,v4GATEWAY,v6GATEWAY. Enable setting the standard Calico CNI values: DEFAULT. |
TMM_IGNORE_GATEWAYS |
When enabled, TMM does not configure the default gateways: true. Note: If TMM_IGNORE_GATEWAYS is set to true, then TMM does not configure both IPv4 and IPv6 gateways. |
TMM_IGNORE_IPV4_GATEWAYS |
When enabled, TMM does not configure the IPv4 gateways: true. |
TMM_IGNORE_IPV6_GATEWAYS |
When enabled, TMM does not configure the IPv6 gateways: true. |
ROBIN_VFIO_RESOURCE |
Creates and orders TMM's data plane interface list using Robin ip-pool values. |
TMM_IGNORE_HW_DAG |
Enables internal queues on Rx path and software DAGing at NDAL layer: true. |
tmm.dynamicRouting¶
Parameters to configure BGP. For configuration assistance, refer to the BGP Overview.
Parameter | Description |
---|---|
enabled |
Enable the TMM dynamic routing container. |
trouted.image.repository |
The domain name or IP address of the local container registry. |
tmmRouting.image.repository |
The domain name or IP address of the local container registry. |
tmmRouting.config.bgp.hostname |
Sets the BGP Hostname. |
tmmRouting.config.bgp.logFile |
Sets the name and location for the BGP log file. |
tmmRouting.config.bgp.debugs |
BGP array of debug. |
tmmRouting.config.bgp.asn |
TMM's BGP Autonomous System Number. |
tmmRouting.config.bgp.maxPathsEbgp |
BGP maximum number of paths for External BGP (2-64). Disable with 'null' value. |
tmmRouting.config.bgp.maxPathsIbgp |
BGP maximum number of paths for Internal BGP (2-64). Disable with 'null' value. |
tmmRouting.config.bgp.neighbors |
BGP router array of neighbors. |
tmmRouting.config.bgp.neighbors.ip |
BGP router neighbors IP. |
tmmRouting.config.bgp.neighbors.acceptsIPv4 |
Advertise IPv4 virtual server addresses neighbors. true enables - empty string disables. |
tmmRouting.config.bgp.neighbors.acceptsIPv6 |
Advertise IPv6 virtual server addresses to neighbors. true enables - empty string disables. |
tmmRouting.config.bgp.neighbors.ebgpMultihop |
Sets the BGP TTL (range: 1-255). |
tmmRouting.config.bgp.neighbors.password |
BGP router neighbors Password. |
tmmRouting.config.bgp.gracefulRestartTime |
BGP graceful restart time. |
tmmRouting.config.bgp.routeMap |
The name of the routeMaps use to filter neighbor routes. |
tmmRouting.config.prefixList.name |
The name of the prefixList entry. |
tmmRouting.config.prefixList.seq |
The order of the prefixList entry. |
tmmRouting.config.prefixList.deny |
Allow or deny the prefixList entry. |
tmmRouting.config.prefixList.prefix |
The IP address subnet to filter. |
tmmRouting.config.routeMaps.name |
The name of the routeMaps object applied to the neighbor |
tmmRouting.config.routeMaps.seq |
The order of the routeMaps entry. |
tmmRouting.config.routeMaps.deny |
Allow or deny the routeMaps entry. |
tmmRouting.config.routeMaps.match |
The name of the referenced prefixList . |
tmmRouting.config.bgp.neighbors.fallover |
Enable BFD fallover between peers: true / false. |
tmmRouting.config.bfd.interface |
Selects the BFD peering interface if specified. |
tmmRouting.config.bfd.interval |
Sets the minimum transmission interval in milliseconds: 50 (default) - 999. |
tmmRouting.config.bfd.minrx |
Sets the minimum receive interval in milliseconds: 50 (default) - 999. |
tmmRouting.config.bfd.multiplier |
Sets the Hello multiplier value 3 - 50. The default is 10. |
tmmRouting.config.bfd.multihop_peer |
Enables multi-hop BFD to BGP neighbor: true or false (default). |
afm¶
Parameter | Description |
---|---|
enabled |
Enables the Edge Firewall Pod: true or false (default). |
defaultFirewallRule.action |
Sets the Edge Firewall default firewall action: accept (default), reject, or drop. |
defaultFirewallRule.log |
Enables logging messages when a packet matches the defaultFirewallRule.action : true (default) or false. |
pccd.enabled |
Enables the Packet Classification Compiler daemon (PCCD): true or false (default). |
pccd.image.repository |
The domain name or IP address of the local container registry. |
fluentbit_sidecar.enabled |
Enables the fluentbit logging sidecar (true /false). The default is true. |
fluentbit_sidecar.image.repository |
The domain name or IP address of the local container registry. |
ipsd¶
Parameter | Description |
---|---|
enabled |
Enables the intrusion detection and protection system Pod: true or false (default). |
image.repository |
The domain name or IP address of the local container registry. |
f5-toda-logging¶
Parameters to send TMM logging data to the Fluentd Logging container.
Note: f5-toda-logging is a subchart of the Ingress Helm chart.
Parameter | Description |
---|---|
enabled |
Enable or disable TMM logging: true (default) or false. |
fluentD.host |
Sets the fluentd service name used as a target to send logging information. |
sidecar.image.repository |
Sidecar regitry name. |
tmstats.config.image.repository |
The path of f5-toda-tmstatsd image. |
debug¶
Parameters for the Debug Sidecar.
Parameter | Description |
---|---|
image.repository |
Debug registry name. |