F5 Container Connector - OpenShift¶
The F5 BIG-IP Controller (
k8s-bigip-ctlr) is a cloud-native connector that can use either Kubernetes or OpenShift as a BIG-IP orchestration platform.
The BIG-IP Controller watches the Kubernetes API for specially formatted resources, and updates the BIG-IP system configuration accordingly.
When using BIG-IP Controller and Openshift for BIG-IP orchestration, you can process application traffic using either:
- You can deploy BIG-IP Controller in OpenShift using a Deployment.
- If you use helm you can use the F5 Helm Chart.
The BIG-IP Controller requires Administrator permissions in order to provide full functionality.
OpenShift Node Health¶
In OpenShift clusters, the Kubernetes NodeList records status for all nodes registered with the master. Because the BIG-IP Controller integrates with the cluster network, it can access the NodeList in OpenShift’s underlying Kubernetes API server and watch it for changes. The BIG-IP Controller creates/updates FDB (Forwarding DataBase) entries for the configured VXLAN tunnel according to the NodeList. This ensures the BIG-IP Controller only makes VXLAN requests to reported nodes.
As a function of the BIG-IP VXLAN, the BIG-IP device only communicates with healthy cluster nodes. The BIG-IP device does not attempt to route traffic to an unresponsive node, even if the node remains in the NodeList.
You can also set up BIG-IP health monitors for OpenShift Services.
In OpenShift, the BIG-IP Controller can manage BIG-IP objects for routes.
See manage OpenShift Routes with the BIG-IP Controller for configuration instructions.
Setting up OpenShift Route resources provides the following functionality:
- Listen for HTTP route events, and modify routes on BIG-IP. This includes L7 config policies such as wildcard routes, and prefixes.
- Apply Client SSL certificates from Kubernetes/OpenShift Secrets to BIG-IP LTM objects.
- Provide SSL termination using edge, passthrough, or re-encryption modes.
This table shows how BIG-IP Controller and OpenShift perform BIG-IP orchestration:
|BIG-IP Controller and OpenShift||BIG-IP configuration|
|Create OpenShift Route||
The BIG-IP Controller for OpenShift supports these OpenShift Advanced Deployment Strategies:
Advantages over HAProxy¶
The BIG-IP Controller for OpenShift provides a number of advantages over the native HAProxy when working with alternate backends:
- Use any of the BIG-IP load balancing algorithms the Controller supports, not just round robin. 
- Weights assigned to a Service in an OpenShift Route, are assigned by BIG-IP Controller to the Service’s pool on BIG-IP. Weights are not split across the Service’s endpoints, and there are no per-endpoint weight restrictions.
Refer to the docs below for setup and configuration instructions.
- Add your BIG-IP device to an OpenShift Cluster.
- Use the BIG-IP Controller to manage Routes.
- Manage BIG-IP objects with the BIG-IP Controller for OpenShift.
- See the k8s-bigip-ctlr reference documentation.
|||The BIG-IP Controller supports BIG-IP load balancing algorithms that do not require additional configuration parameters. You can view the full list of supported algorithms in the f5-cccl schema. See the BIG-IP Local Traffic Management Basics user guide for information about each load balancing mode.|