F5 Container Connector - OpenShift

| Current Release Notes | Releases and Versioning |

The F5 BIG-IP Controller (k8s-bigip-ctlr) is a cloud-native connector that can use either Kubernetes or OpenShift as a BIG-IP orchestration platform.

The BIG-IP Controller watches the Kubernetes API for specially formatted resources, and updates the BIG-IP system configuration accordingly.


BIG-IP Orchestration

When using BIG-IP Controller and Openshift for BIG-IP orchestration, you can process application traffic using either:


Integration with OpenShift SDN requires a BIG-IP Better or Best license with SDN services.



The BIG-IP Controller requires Administrator permissions in order to provide full functionality.

OpenShift Node Health

In OpenShift clusters, the Kubernetes NodeList records status for all nodes registered with the master. Because the BIG-IP Controller integrates with the cluster network, it can access the NodeList in OpenShift’s underlying Kubernetes API server and watch it for changes. The BIG-IP Controller creates/updates FDB (Forwarding DataBase) entries for the configured VXLAN tunnel according to the NodeList. This ensures the BIG-IP Controller only makes VXLAN requests to reported nodes.

As a function of the BIG-IP VXLAN, the BIG-IP device only communicates with healthy cluster nodes. The BIG-IP device does not attempt to route traffic to an unresponsive node, even if the node remains in the NodeList.


You can also set up BIG-IP health monitors for OpenShift Services.

OpenShift Routes

In OpenShift, the BIG-IP Controller can manage BIG-IP objects for routes.


See manage OpenShift Routes with the BIG-IP Controller for configuration instructions.

Setting up OpenShift Route resources provides the following functionality:

  • Listen for HTTP route events, and modify routes on BIG-IP. This includes L7 config policies such as wildcard routes, and prefixes.
  • Apply Client SSL certificates from Kubernetes/OpenShift Secrets to BIG-IP LTM objects.
  • Provide SSL termination using edge, passthrough, or re-encryption modes.

This table shows how BIG-IP Controller and OpenShift perform BIG-IP orchestration:

BIG-IP Controller and OpenShift BIG-IP configuration
Create OpenShift Route
  • Creates two virtual servers:
    • One HTTP
    • One HTTPS
  • Creates pools and pool members with policies attached.
  • Attaches defined policies to virtual servers.
Add/remove endpoints
  • Adds/removes pool members correspondng to the endpoints from the Route’s pool.
Delete Routes
  • Removes all BIG-IP objects associated with the Routes: Virtual servers, pools, and policies.

Advanced Deployments

The BIG-IP Controller for OpenShift supports these OpenShift Advanced Deployment Strategies:

Advantages over HAProxy

The BIG-IP Controller for OpenShift provides a number of advantages over the native HAProxy when working with alternate backends:

  • Use any of the BIG-IP load balancing algorithms the Controller supports, not just round robin. [1]
  • Weights assigned to a Service in an OpenShift Route, are assigned by BIG-IP Controller to the Service’s pool on BIG-IP. Weights are not split across the Service’s endpoints, and there are no per-endpoint weight restrictions.

What’s Next

Refer to the docs below for setup and configuration instructions.


[1]The BIG-IP Controller supports BIG-IP load balancing algorithms that do not require additional configuration parameters. You can view the full list of supported algorithms in the f5-cccl schema. See the BIG-IP Local Traffic Management Basics user guide for information about each load balancing mode.