$ oadm policy remove-scc-from-user hostnetwork -z router $ oadm policy add-scc-to-user privileged -z router
The F5 router plug-in is available starting in OpenShift Container Platform 3.0.2. |
The F5 router plug-in is provided as a container image and run as a pod, just like
the default haproxy router. Deploying the F5 router is
done similarly as well, using the oadm router
command but providing additional
flags (or environment variables) to specify the following parameters for the F5
BIG-IP® host:
Flag | Description |
---|---|
|
Specifies that an F5 router should be launched (the default |
|
Specifies the F5 BIG-IP® host’s management interface’s host name or IP address. |
|
Specifies the F5 BIG-IP® user name (typically admin). |
|
Specifies the F5 BIG-IP® password. |
|
Specifies the name of the F5 virtual server for HTTP connections. |
|
Specifies the name of the F5 virtual server for HTTPS connections. |
|
Specifies the path to the SSH private key file for the F5 BIG-IP® host. Required to upload and delete key and certificate files for routes. |
|
A Boolean flag that indicates that the F5 router should skip strict certificate verification with the F5 BIG-IP® host. |
As with the haproxy router, the oadm router
command creates the service and
deployment configuration objects, and thus the replication controllers and
pod(s) in which the F5 router itself runs. The replication controller restarts
the F5 router in case of crashes. Because the F5 router is only watching routes
and endpoints and configuring F5 BIG-IP® accordingly, running the F5 router in
this way along with an appropriately configured F5 BIG-IP® deployment should
satisfy high-availability requirements.
The F5 router must be run in privileged mode because route certificates get
copied using scp
:
$ oadm policy remove-scc-from-user hostnetwork -z router $ oadm policy add-scc-to-user privileged -z router
To deploy the F5 router:
First, establish a tunnel using a ramp node, which allows for the routing of traffic to pods through the OpenShift Container Platform SDN.
Run the oadm router
command with the appropriate
flags. For example:
$ oadm router \ --type=f5-router \ --external-host=10.0.0.2 \ --external-host-username=admin \ --external-host-password=mypassword \ --external-host-http-vserver=ose-vserver \ --external-host-https-vserver=https-ose-vserver \ --external-host-private-key=/path/to/key \ --service-account=router