Better together - F5 Container Ingress Services and NGINX Plus Ingress Controller Integration

Introduction The F5 Container Ingress Services (CIS) can be integrated with the NGINX Plus Ingress Controllers (NIC) within a Kubernetes (k8s) environment. The benefits are getting the best of both...

Published Mar 05, 2020

Version 1.0

ingress controller

Ret. Employee

Joined May 16, 2019

Ret. Employee

Joined May 16, 2019

Ret. Employee

Jun 26, 2020

SSL offload would need a SSL cert on the F5. - https://gitlab.com/abgmbh/kitchen_sink/-/blob/master/k8s%20and%20Nginx/Kubernetes_IC/F5_Container_Ingress_service/CIS_fronting_NIC/f5-k8s-bigip-ctlr-ConfigMap_with_cert.yaml

SSL passthrough is a straight up L4 VIP. - https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/declarations/non-http-services.html#tcp-load-balanced-to-icap-with-custom-monitor (without the ICAP)

With XFF, you can either use a HTTP profile ( https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#http-profile-insertheader ) to insert the header or use an irule and have AS3 to attach that irule.

For use cases, please take a look at this ( https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/declarations/ ).

The AS3 should be the same for the Kubernetes setup as well, the BIG-IP gets to process it regardless where the declaration comes from.

To assist with writing AS3 declaration, you might want to use Visual Studio Code and take advantage of syntax checking feature. ( https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/userguide/validate.html )