F5 Kubernetes BIG-IP Controller manages F5 BIG-IP Local Traffic Manager (LTM) objects from Kubernetes.
See the F5 Kubernetes Container Connector user documentation.
F5 Kubernetes BIG-IP Controller is a Docker container that runs in a Kubernetes Pod. It uses an F5 Resource to determine:
The F5 Kubernetes BIG-IP Controller watches the Kubernetes API for the creation and modification of F5 resources. When it discovers changes, the F5 Kubernetes BIG-IP Controller modifies the BIG-IP accordingly.
For example:
virtualServer
resource.The BIG-IP handles traffic for the Service the specified virtual address and load-balances to all nodes in the cluster. Within the cluster, the allocated NodePort load balances traffic to all pods.
Parameter | Type | Required | Default | Description | Allowed Values |
---|---|---|---|---|---|
bigip-username | string | Required | n/a | BIG-IP iControl REST username | |
bigip-password | string | Required | n/a | BIG-IP iControl REST password [3] | |
bigip-url | string | Required | n/a | BIG-IP admin IP address | |
bigip-partition | string | Required | n/a | The BIG-IP partition in which to configure objects. | |
namespace | string | Required | n/a | Kubernetes namespace to watch | |
kubeconfig | string | Optional | ./config | Path to the kubeconfig file | |
python-basedir | string | Optional | /app/python | Path to python utilities directory | |
running-in-cluster | boolean | Optional | true | Indicates whether or not a
kubernetes cluster started
k8s-bigip-ctlr |
true, false |
use-node-internal | boolean | Optional | true | filter Kubernetes InternalIP addresses for pool members | true, false |
verify-interval | integer | Optional | 30 | In seconds, interval at which to verify the BIG-IP configuration. | |
node-poll-interval | integer | Optional | 30 | In seconds, interval at which to poll the cluster for its node members. | |
log-level | string | Optional | INFO | Log level | INFO, DEBUG, CRITICAL, WARNING, ERROR |
pool-member-type | string | Optional | nodeport | Create this type of BIG-IP pool members Use Use |
cluster, nodeport |
openshift-sdn-name | string | Optional | n/a | BigIP configured VxLAN name for access into the Openshift SDN and Pod network |
F5 Resources are JSON blobs encoded within Kubernetes ConfigMaps. The ConfigMap must contain the following properties:
Property | Description | Allowed Values |
---|---|---|
f5type | Defines the type of object
k8s-bigip-ctlr creates on the BIG-IP |
virtual-server |
schema | Verifies the data blob |
f5schemadb://bigip-virtual-server_v0.1.2.json |
data | Defines the F5 resource | |
frontend | Defines object(s) created on the BIG-IP | See frontend |
backend | Identifes the Kubernets Service acting as the server pool | See backend |
Property | Type | Required | Default | Description | Allowed Values | |
---|---|---|---|---|---|---|
partition | string | Required | Define the BIG-IP partition to manage | |||
mode | string | Required | Set the proxy mode | http, tcp | ||
balance | string | Required | round- robin | Set the load balancing mode | round-robin | |
virtualAddress | JSON object | Required | Allocate a virtual address from the BIG-IP | |||
bindAddr | string | Required | Virtual IP address | |||
port | integer | Required | Port number | |||
sslProfile | JSON object | Optional | BIG-IP SSL profile to apply to the virtual server. | |||
f5ProfileName | string | Optional | Name of the BIG-IP SSL profile. Uses format ‘partition_name/ cert_name’ Example: ‘Common/testcert’ |
Property | Type | Required | Default | Description | Allowed Values |
---|---|---|---|---|---|
partition | string | Required | Define the BIG-IP partition to manage. | ||
iapp | string | Required | BIG-IP iApp template to use to create the application service. | Any iApp template already configured on the BIG-IP. | |
iappPoolMemberTable | JSON object | Required | Define the name and layout of the pool-member table in the iApp. See the iApp Pool Member Table section below. | ||
iappTables | JSON object array | Optional | Define iApp tables to apply to the Application Service Example:
|
||
iappOptions | key-value object | Required | Define the App configurations | See configuration parameters above. | |
iappVariables | key-value object | Required | Define the iApp variables needed for service creation. |
You can use the iappPoolMemberTable
option to describe the layout of the pool-member table that the controller should configure. It is a JSON object with these properties:
name
(required): A string that specifies the name of the table that contains the pool members.columns
(required): An array that specifies the columns that the controller will configure in the pool-member table, in order.Each entry in columns
is an object that has a name
property and either a kind
or value
property:
name
(required): A string that specifies the column name.kind
: A string that tells the controller what property from the node to substitute. The controller supports "IPAddress"
and "Port"
.value
: A string that specifies a value. The controller will not perform any substitution, it uses the value as specified.For instance, if you configure an application with two pods at 1.2.3.4:20123 and 1.2.3.5:20321, and you specify:
"iappPoolMemberTable" = {
"name": "pool__members",
"columns": [
{"name": "Port", "kind": "Port"},
{"name": "IPAddress", "kind": "IPAddress"},
{"name": "ConnectionLimit", "value": "0"}
]
}
This would configure the following table on BIG-IP:
{
"name": "pool__members",
"columnNames": [
"Port",
"IPAddress",
"ConnectionLimit",
],
"rows": [
{
"row": [
"20123",
"1.2.3.4",
"0",
]
},
{
"row": [
"20321",
"1.2.3.5",
"0",
]
},
]
}
You will need to adjust this for the particular iApp template that you are using. One way to discover the format is to configure an iApp manually from a template, and then check its configuration using tmsh list sys app service <appname>
.
Property | Type | Required | Default | Description | Allowed Values |
---|---|---|---|---|---|
serviceName | string | Required | none | The Kubernetes Service representing the server pool. | |
servicePort | integer | Required | none | Kubernetes Service port number | |
healthMonitors | JSON object array | Optional | none | Array of TCP or HTTP Health Monitors. |
[1] | The F5 Kubernetes BIG-IP Controller creates and manages objects in the BIG-IP partition defined in the F5 resource ConfigMap. |
[2] | The F5 Kubernetes BIG-IP Controller forwards traffic to the NodePort assigned to the service by Kubernetes; see the Kubernetes Services documentation for more information. |
[3] | You can store sensitive information as a Kubernetes Secret. See the user documentation for instructions. |