BIG-IP Controller Reference

The BIG-IP Controller and Traffic Management Microkernel (TMM) configuration parameters. Each heading below represents the top-level parameter element. For example, to set the Controller’s watchNamespace, use controller.watchNamespace.

controller

Parameters to configure the BIG-IP Controller.

Parameter Description
image.repository The domain name or IP address of the local container registry.
watchNamespace The Namespace to watch for Service and CRD update events.
serviceAccount.name Specifies the serviceAccount the BIG-IP Controller Pod will use. By default the controller uses the -f5ingress serviceAccount.
serviceAccount.create Specifies whether the serviceAccount will be created during the installation: true (default) or false.
fluentbit_sidecar.enabled Enables the fluentbit logging sidecar (true /false). The default is true.
fluentbit_sidecar.image.repository The domain name or IP address of the local container registry.
fluentbit_sidecar.fluentd.port The service port of the Fluend container. The default is 54321.

tmm

Parameters to configure TMM.

Parameter Description
topologyManager Enables using Kubernetes Topology Manager to dynamically allocate and properly align TMM’s CPU cores.
image.repository The domain name or IP address of the local container registry.
add_k8s_routes Enables setting the default gateway using either BGP or the F5BigNetStaticroute CR: true or false (default).
replicaCount Number of CNFs TMMs desired in the replicaset.
hostNetwork Enable TMM pods to use host network namespace.
cniNetworks Comma-seperated list of CNI network interfaces used by TMM.
robinNetworks Enables Robin networking: true or false (default).
resources.limits.cpu The number of TMM threads to allocate.
resources.limits.hugepages-2Mi The amount of hugepages to allocate: 1.5GB x TMM CPU count.
resources.limits.memory The amount of memory to allocate. F5 recommends the default 2Gi.
serviceAccount.name Specifies the serviceAccount the TMM Pod will use. By default TMM uses the default serviceAccount.
serviceAccount.create Specifies whether the serviceAccount will be created during the installation: true or false (default).
vxlan.enabled Enable VXLAN configuration for this TMM deployment (true/false).
vxlan.name VXLAN tunnel name.
vxlan.localIp VXLAN local IP address.
vxlan.selfIp VXLAN self IP address.
vxlan.port VXLAN port.
vxlan.key VXLAN key.
vxlan.staticRouteNodeNetmask Netmask for static routes to nodes.
vxlan.staticRoutePoolMemberNetmask Netmask for static routes to pool members.

tmm.customEnvVars

Parameters to set environment variables that determine TMM’s startup behavior. Refer to the BIG-IP Controller for more information.

Parameter Description
TMM_CALICO_ROUTER Configure the layer 2 and layer 3 addresses of the Calico default router when Proxy ARP is not desired: MAC,v4GATEWAY,v6GATEWAY. Enable setting the standard Calico CNI values: DEFAULT.
TMM_IGNORE_GATEWAYS When enabled, TMM does not configure the default gateways: true.
Note: If TMM_IGNORE_GATEWAYS is set to true, then TMM does not configure both IPv4 and IPv6 gateways.
TMM_IGNORE_IPV4_GATEWAYS When enabled, TMM does not configure the IPv4 gateways: true.
TMM_IGNORE_IPV6_GATEWAYS When enabled, TMM does not configure the IPv6 gateways: true.
ROBIN_VFIO_RESOURCE Creates and orders TMM's data plane interface list using Robin ip-pool values.
TMM_IGNORE_HW_DAG Enables internal queues on Rx path and software DAGing at NDAL layer: true.

tmm.dynamicRouting

Parameters to configure BGP. For configuration assistance, refer to the BGP Overview.

Parameter Description
enabled Enable the TMM dynamic routing container.
trouted.image.repository The domain name or IP address of the local container registry.
tmmRouting.image.repository The domain name or IP address of the local container registry.
tmmRouting.config.bgp.hostname Sets the BGP Hostname.
tmmRouting.config.bgp.logFile Sets the name and location for the BGP log file.
tmmRouting.config.bgp.debugs BGP array of debug.
tmmRouting.config.bgp.asn TMM's BGP Autonomous System Number.
tmmRouting.config.bgp.maxPathsEbgp BGP maximum number of paths for External BGP (2-64). Disable with 'null' value.
tmmRouting.config.bgp.maxPathsIbgp BGP maximum number of paths for Internal BGP (2-64). Disable with 'null' value.
tmmRouting.config.bgp.neighbors BGP router array of neighbors.
tmmRouting.config.bgp.neighbors.ip BGP router neighbors IP.
tmmRouting.config.bgp.neighbors.acceptsIPv4 Advertise IPv4 virtual server addresses neighbors. true enables - empty string disables.
tmmRouting.config.bgp.neighbors.acceptsIPv6 Advertise IPv6 virtual server addresses to neighbors. true enables - empty string disables.
tmmRouting.config.bgp.neighbors.ebgpMultihop Sets the BGP TTL (range: 1-255).
tmmRouting.config.bgp.neighbors.password BGP router neighbors Password.
tmmRouting.config.bgp.gracefulRestartTime BGP graceful restart time.
tmmRouting.config.bgp.routeMap The name of the routeMaps use to filter neighbor routes.
tmmRouting.config.prefixList.name The name of the prefixList entry.
tmmRouting.config.prefixList.seq The order of the prefixList entry.
tmmRouting.config.prefixList.deny Allow or deny the prefixList entry.
tmmRouting.config.prefixList.prefix The IP address subnet to filter.
tmmRouting.config.routeMaps.name The name of the routeMaps object applied to the neighbor
tmmRouting.config.routeMaps.seq The order of the routeMaps entry.
tmmRouting.config.routeMaps.deny Allow or deny the routeMaps entry.
tmmRouting.config.routeMaps.match The name of the referenced prefixList.
tmmRouting.config.bgp.neighbors.fallover Enable BFD fallover between peers: true / false.
tmmRouting.config.bfd.interface Selects the BFD peering interface if specified.
tmmRouting.config.bfd.interval Sets the minimum transmission interval in milliseconds: 50 (default) - 999.
tmmRouting.config.bfd.minrx Sets the minimum receive interval in milliseconds: 50 (default) - 999.
tmmRouting.config.bfd.multiplier Sets the Hello multiplier value 3 - 50. The default is 10.
tmmRouting.config.bfd.multihop_peer Enables multi-hop BFD to BGP neighbor: true or false (default).

afm

Parameter Description
enabled Enables the Edge Firewall Pod: true or false (default).
defaultFirewallRule.action Sets the Edge Firewall default firewall action: accept (default), reject, or drop.
defaultFirewallRule.log Enables logging messages when a packet matches the defaultFirewallRule.action: true (default) or false.
pccd.enabled Enables the Packet Classification Compiler daemon (PCCD): true or false (default).
pccd.image.repository The domain name or IP address of the local container registry.
fluentbit_sidecar.enabled Enables the fluentbit logging sidecar (true /false). The default is true.
fluentbit_sidecar.image.repository The domain name or IP address of the local container registry.

ipsd

Parameter Description
enabled Enables the intrusion detection and protection system Pod: true or false (default).
image.repository The domain name or IP address of the local container registry.

f5-toda-logging

Parameters to send TMM logging data to the Fluentd Logging container.

_images/spk_info.png Note: f5-toda-logging is a subchart of the Ingress Helm chart.

Parameter Description
enabled Enable or disable TMM logging: true (default) or false.
fluentD.host Sets the fluentd service name used as a target to send logging information.
sidecar.image.repository Sidecar regitry name.
tmstats.config.image.repository The path of f5-toda-tmstatsd image.

debug

Parameters for the Debug Sidecar.

Parameter Description
image.repository Debug registry name.