Release Notes for BIG-IP Controller for Kubernetes
- Create health monitors for OpenShift Routes via an annotation.
- Optionally disable loading of certificates and keys from Routes in preference of using pre-existing
profiles on the BIG-IP system.
- Optionally disable loading of Kubernetes Secrets on an Ingress.
- Resolve the first host name in an Ingress to an IP address using a local or custom DNS server. The controller
configures the virtual server with this address.
- Support for BIG-IP partitions with non-zero default route domains.
- OpenShift Route targetPort field is no longer required if the port is not 80 or 443.
- Properly configure named targetPorts in OpenShift Route configurations.
- Remove ssl certificate lists for deleted custom profiles.
- If a Route configuration contains no targetPort, the controller uses the first port it sees
on the referenced Service. The controller does not use all ports.
- You cannot change the default route domain for a partition managed by an F5 controller after the controller has deployed. To specify a new default route domain, use a different partition.
- Introduced support for Kubernetes 1.6 and 1.7.
- Watch all nodes by default; watch a subset of nodes with a user-specified label.
- Create BIG-IP SSL Profiles from Kubernetes Secrets via Ingress TLS.
- Create BIG-IP objects from OpenShift Route resources.
- This includes unsecured, edge, passthrough, and re-encrypt Routes.
- This is a feature-complete upgrade from the OpenShift F5Router.
See Replace the OpenShift F5 Router with the BIG-IP Controller for more information.
- Properly configure http redirect rules on v11.6.1 BIG-IP systems.
- Failed configurations for objects do not prevent future configurations from happening.
- OpenShift - Does not currently support redirect for individual Routes. If a Route specifies
“insecureEdgeTerminationPolicy” as “Redirect”, the http virtual server will enable this policy for all Routes.
- Fix SIGSEV on non-“f5” valued class annotation [#311]
- Remove default pool for Ingress and Routes [#288]
- Creation of BIG-IP Virtual Servers from Kubernetes Ingress resources.
- Configure multiple SSL Profiles for a BIG-IP Virtual Server.
- Watch all Kubernetes namespaces by default; watch a list of namespaces; watch namespaces with a user-specified label.
- Watch for Kubernetes annotation if virtual address not specified, enabling custom IPAM integration.
- Create detached pools if virtual server bind addresses not specified.
- Container image size reduced from 361MB to 123MB.
- Can use local and non-local BIG-IP users.
- The SSL Profiles referenced in Ingress resources must already exist on the BIG-IP device.
Any Secret resources configured in Kubernetes are not used.
- Can manage multiple BIG-IP partitions in the following environments
- Red Hat OpenShift
- Manages the following LTM resources for the BIG-IP partition(s)
- Virtual Servers
- Virtual Addresses
- Pool Members
- Health Monitors
- Application Services
- Manages the following Network resource for the BIG-IP partition(s)
- FDB tunnel records (Red Hat OpenShift)
- Cannot share endpoints managed in a partition controlled by the K8S BIG-IP Controller with endpoints managed in another partition.
- Kubernetes allows a service to name the individual service ports within a particular service. However, the K8S BIG-IP Controller requires the virtual server section within the configmap to refer to the port number for the service port, not the name.
- Two virtual servers cannot point to the same servicePort. The last one specified will be the one that remains configured.
- The BIG-IP Controller does not handle non-zero route domains. All managed partitions should use the default route domain (0).
- Parameters other than IPAddress and Port (e.g. Connection Limit) specified in the iApp Pool Member Table apply to all members of the pool.
- Cannot configure virtual servers with IPv6 addresses in the configmap.
- The K8S BIG-IP Controller cannot watch more than one namespace.