Forum Discussion
F5 CIS Deployment in OpenShift, CRD Mode
Hi everyone,
Looking at the F5 documentation I understand that deploying the F5 BigIP Ctrl in CRD Mode is incompatible with Kubernetes Ingress objects.
What would be the deployment model in which we have flexibility to use CRDs but also use standard Kubernetes Ingress or OpenShift Routes objects via F5?
Regards
Rares
Hi Raresd,
Are you using AS3 mode.
In agent AS3 mode, CIS handles Ingress or Route resources by converting them into AS3 declarations before posting to BIG-IP. When AS3 ConfigMap is configured along with Ingress or Routes, CIS manages ConfigMap and Ingress (or) Routes AS3 declarations separately. While sending an AS3 declaration to BIG-IP, CIS will combine both of these AS3 declarations as a single declaration and POST it to BIG-IP.
CIS can be configured in multiple ways depending on the customer scenario. CIS can be deployed on Kubernetes platform. CIS installation may differ based on the resources (for example: ConfigMap, Ingress, Routes, and CRD) used by the customer to expose the Kubernetes services. CIS installation also depends on BIG-IP deployment (Standalone and High Availability configuration) and Kubernetes cluster networking (Flannel/Calico).
Can you try reference these article :
My first CRD deployment with CIS | DevCentral
https://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/v2.2/
F5 Container Ingress Services for Kubernetes & OpenShift¶
https://clouddocs.f5.com/containers/latest/userguide/crd/as3cm-to-crd.html#crd-as3-to-crd
Kubernetes¶
CIS Installation¶
Overview¶
https://clouddocs.f5.com/containers/latest/userguide/kubernetes/
OpenShift¶
Overview of OpenShift¶
https://clouddocs.f5.com/containers/latest/userguide/openshift/
🙏
- raresdNimbostratus
Hi F5_Design_Engineer,
Thanks for your reply! This however does not answer my question.
Also in the documentation you've link there is a note:
"
- CIS does not watch for Ingress/Routes/ConfigMaps when deployed in CRD Mode.
- CIS does not support the combination of CRDs with any of Ingress/Routes and ConfigMaps."
As I mentioned, I would like to deploy CIS in CRD mode which looks to be the more flexible model and close to what a Kubernetes engineer would use, but in the same time I would like to use standard Kubernetes Ingress objects. I guess this is not supported, but I think it's an important limitation.
Better see the youtube channel (664) Mark Dittmer - YouTube as this is the expert in this field.
Example video and github link:
OpenShift Multi-Cluster Standalone using Cluster IP (youtube.com)
Edit: Also see this new Devcentral article:
F5 BIG-IP per application Red Hat OpenShift cluster migrations | DevCentral because of the openshift OpenShiftSDN to OVNKubernetes changes.
- raresdNimbostratus
Hi Nikoolayy1,
Thank you for your reply and pointers.
I'm familiar with Mark's YouTube channel, GitHub work and F5 k8s-bigip-ctlr Github repo.
I advised the customer to open a F5 support ticket, but all public information points in direction that F5 CIS deployed in CRD mode does NOT support standard Kubernetes Ingress. I have a workaround with F5 doing basic load balancing to a sharded OpenShift Ingress Controller.
Regards
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com