F5 BIG-IP deployment with OpenShift - platform and networking options

Introduction This article is an architectural overview on how F5 BIG-IP can be used with Red Hat OpenShift. Several topics are covered, including: 1-tier or 2-tier arrangements, where the BIG-I...

Updated Feb 22, 2024

Version 2.0

Employee

Solutions architect in Business Development with focus in automation and integration with partner's technologies. Prior to this role I was consultant in Professional Services and escalations engineer in Technical Support. Outside F5, I worked in mobile and wired network operators as network engineer. I started my career in academic research. In all these years, no matter what I've been doing Linux has been always the best tool. Not the one in the picture :-)

View Profile

Ulises_Alonso

Employee

Nov 14, 2025

I like having different CIS instances for the different tenants. Note that each tenant which can represent a set of namespaces, and write in different partitions in the BIG-IP. How to define the scope of a tenant is something that should be adapted to each enterprise, it could be by department, functional unit, end-customer service...

This is specially useful in medium to large environments.

Overall this separation is good because it limits the scope of any possible problem and it is easier to check logs.

Each of these CIS instances could work in multi-cluster mode for the same tenant in different clusters for OpenShift cluster resiliency.

Did I answer your question?

thanhpnt

Nimbostratus

Nov 17, 2025

Hi,
Thank you for your answer. I understand now that having separate CIS instances per tenant (and per OpenShift cluster) is generally better for isolation.
I will proceed to implement multiple F5 tenants for my multi-cluster OpenShift deployment and explore running CIS instances per tenant for resiliency

F5 BIG-IP deployment with OpenShift - platform and networking options

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS