F5 Container Connector - OpenShift¶
This document provides general information regarding the F5 Integration for OpenShift. For deployment and usage instructions, please refer to the guides below.
The BIG-IP Controller for OpenShift enables use of a BIG-IP device in OpenShift. Because OpenShift has a native Kubernetes integration, the F5 Integration for OpenShift utilizes the same controller as the F5 Container Connector - Kubernetes (
k8s-bigip-ctlr). The BIG-IP Controller configures BIG-IP objects for applications in an OpenShift cluster, serving North-South traffic.
In OpenShift, you can use the BIG-IP Controller to use a BIG-IP device(s) to:
- You can launch the k8s-bigip-ctlr application in OpenShift using a Deployment.
- If you use helm you can use the f5-bigip-ctlr chart.
The BIG-IP Controller requires Administrator permissions in order to provide full functionality.
OpenShift Node Health¶
In OpenShift clusters, the Kubernetes NodeList records status for all nodes registered with the master. Because the BIG-IP Controller integrates with the cluster network, it can access the NodeList in OpenShift’s underlying Kubernetes API server and watch it for changes. The BIG-IP Controller creates/updates FDB (Forwarding DataBase) entries for the configured VXLAN tunnel according to the NodeList. This ensures the BIG-IP Controller only makes VXLAN requests to reported nodes.
As a function of the BIG-IP VXLAN, the BIG-IP device only communicates with healthy cluster nodes. The BIG-IP device does not attempt to route traffic to an unresponsive node, even if the node remains in the NodeList.
You can also set up BIG-IP health monitors for OpenShift Services.
In OpenShift, the BIG-IP Controller can manage BIG-IP objects for routes.
See manage OpenShift Routes with the BIG-IP Controller for configuration instructions.
Setting up OpenShift Route resources provides the following functionality:
- listen for HTTP route events in OpenShift and create/delete/expire routes on BIG-IP devices (including L7 config policies such as wildcard routes, prefixes, etc.);
- apply client SSL certificates from Kubernetes/OpenShift Secrets to BIG-IP LTM objects;
- apply existing BIG-IP SSL certificates to BIG-IP LTM objects;
- SSL termination using edge, passthrough, or re-encryption mode.
The table below shows what BIG-IP configurations the BIG-IP Controller applies for common admin tasks in OpenShift.
|User action||Controller action|
|Create OpenShift Route||
|Delete all Routes||
The BIG-IP Controller for OpenShift supports the following OpenShift Advanced Deployment Strategies:
Follow the instructions provided in the OpenShift documentation to use these deployment strategies with your BIG-IP Controller and BIG-IP device(s).
The BIG-IP Controller for OpenShift provides the following advantages over the native HAProxy when working with alternate backends:
- You use any of the BIG-IP load balancing algorithms the Controller supports (not just round robin). 
- When you assign a weight to a Service in an OpenShift Route, the BIG-IP Controller assigns that weight to the Service’s pool on the BIG-IP device. The weight isn’t split across the Service’s endpoints and there are no per-endpoint weight restrictions.
Refer to the docs below for setup and configuration instructions.
- Add your BIG-IP device to an OpenShift Cluster.
- Use the BIG-IP Controller to manage Routes.
- Manage BIG-IP objects with the BIG-IP Controller for OpenShift.
- See the k8s-bigip-ctlr reference documentation.
|||The BIG-IP Controller supports BIG-IP load balancing algorithms that do not require additional configuration parameters. You can view the full list of supported algorithms in the f5-cccl schema. See the BIG-IP Local Traffic Management Basics user guide for information about each load balancing mode.|