Cloud Docs Home > F5 BIG-IP Controller for Kubernetes Index

Release Notes for BIG-IP Controller for Kubernetes

v1.3.0

Added Functionality

  • Create health monitors for OpenShift Routes via an annotation.
  • Optionally disable loading of certificates and keys from Routes in preference of using pre-existing profiles on the BIG-IP system.
  • Optionally disable loading of Kubernetes Secrets on an Ingress.
  • Resolve the first host name in an Ingress to an IP address using a local or custom DNS server. The controller configures the virtual server with this address.
  • Support for BIG-IP partitions with non-zero default route domains.

Bug Fixes

  • OpenShift Route targetPort field is no longer required if the port is not 80 or 443.
  • Properly configure named targetPorts in OpenShift Route configurations.
  • Remove ssl certificate lists for deleted custom profiles.

Limitations

  • If a Route configuration contains no targetPort, the controller uses the first port it sees on the referenced Service. The controller does not use all ports.
  • You cannot change the default route domain for a partition managed by an F5 controller after the controller has deployed. To specify a new default route domain, use a different partition.

v1.2.0

Added Functionality

  • Introduced support for Kubernetes 1.6 and 1.7.
  • Watch all nodes by default; watch a subset of nodes with a user-specified label.
  • Create BIG-IP SSL Profiles from Kubernetes Secrets via Ingress TLS.
  • Create BIG-IP objects from OpenShift Route resources. - This includes unsecured, edge, passthrough, and re-encrypt Routes.
  • This is a feature-complete upgrade from the OpenShift F5Router. See Replace the OpenShift F5 Router with the BIG-IP Controller for more information.

Bug Fixes

  • Properly configure http redirect rules on v11.6.1 BIG-IP systems.
  • Failed configurations for objects do not prevent future configurations from happening.

Limitations

  • OpenShift - Does not currently support redirect for individual Routes. If a Route specifies “insecureEdgeTerminationPolicy” as “Redirect”, the http virtual server will enable this policy for all Routes. [#341]

v1.1.1

Bug Fixes

  • Fix SIGSEV on non-“f5” valued class annotation [#311]
  • Remove default pool for Ingress and Routes [#288]

v1.1.0

Added Functionality

  • Creation of BIG-IP Virtual Servers from Kubernetes Ingress resources.
  • Configure multiple SSL Profiles for a BIG-IP Virtual Server.
  • Watch all Kubernetes namespaces by default; watch a list of namespaces; watch namespaces with a user-specified label.
  • Watch for Kubernetes annotation if virtual address not specified, enabling custom IPAM integration.
  • Create detached pools if virtual server bind addresses not specified.
  • Container image size reduced from 361MB to 123MB.
  • Can use local and non-local BIG-IP users.

Limitations

  • The SSL Profiles referenced in Ingress resources must already exist on the BIG-IP device. Any Secret resources configured in Kubernetes are not used.

v1.0.0

Added Functionality

  • Can manage multiple BIG-IP partitions in the following environments
    • Kubernetes
    • Red Hat OpenShift
  • Manages the following LTM resources for the BIG-IP partition(s)
    • Virtual Servers
    • Virtual Addresses
    • Pools
    • Pool Members
    • Nodes
    • Health Monitors
    • Application Services
  • Manages the following Network resource for the BIG-IP partition(s)
    • FDB tunnel records (Red Hat OpenShift)

Limitations

  • Cannot share endpoints managed in a partition controlled by the K8S BIG-IP Controller with endpoints managed in another partition.
  • Kubernetes allows a service to name the individual service ports within a particular service. However, the K8S BIG-IP Controller requires the virtual server section within the configmap to refer to the port number for the service port, not the name.
  • Two virtual servers cannot point to the same servicePort. The last one specified will be the one that remains configured.
  • The BIG-IP Controller does not handle non-zero route domains. All managed partitions should use the default route domain (0).
  • Parameters other than IPAddress and Port (e.g. Connection Limit) specified in the iApp Pool Member Table apply to all members of the pool.
  • Cannot configure virtual servers with IPv6 addresses in the configmap.
  • The K8S BIG-IP Controller cannot watch more than one namespace.