Learn how to use NGINX Ingress Controller with F5 IngressLink to configure your F5 BIG-IP device.
F5 IngressLink is the integration between NGINX Ingress Controller and F5 BIG-IP Container Ingress Services (CIS) that configures an F5 BIG-IP device as a load balancer for NGINX Ingress Controller pods.
Create a service for the Ingress Controller pods for ports 80 and 443. For example:
apiVersion: v1 kind: Service metadata: name: nginx-ingress-ingresslink namespace: nginx-ingress labels: app: ingresslink spec: ports: - port: 80 targetPort: 80 protocol: TCP name: http - port: 443 targetPort: 443 protocol: TCP name: https selector: app: nginx-ingress
Note the label
app: ingresslink. We will use it in the Configure CIS step.
In the ConfigMap resource enable the proxy protocol, which the BIG-IP system will use to pass the client IP and port information to NGINX. For the
set-real-ip-fromkey, use the subnet of the IP which the BIG-IP system uses to send traffic to NGINX:
proxy-protocol: "True" real-ip-header: "proxy_protocol" set-real-ip-from: "0.0.0.0/0"
Deploy NGINX Ingress Controller with additional command-line arguments:
args: - -ingresslink=nginx-ingress - -report-ingress-status . . .
ingresslinkreferences the name of the IngressLink resource from step 1, and
report-ingress-statusenables reporting ingress statuses.
Install a Helm release with the following values:
controller: config: entries: proxy-protocol: "True" real-ip-header: "proxy_protocol" set-real-ip-from: "0.0.0.0/0" reportIngressStatus: ingressLink: nginx-ingress service: type: ClusterIP externalTrafficPolicy: Cluster extraLabels: app: ingresslink
We will use the
extraLabels parameter values to configure CIS in the next section. For the
set-real-ip-from key, use the subnet of the IP which the BIG-IP system uses to send traffic to NGINX.
To enable the integration, F5 BIG-IP Container Ingress Services must be deployed in the cluster and configured to support the integration. Follow the instructions on the CIS documentation portal.
Make sure that:
- The name of the IngressLink resource is the same as the one used during the installation of NGINX Ingress Controller (
nginx-ingressin the previous example).
- The selector in the IngressLink resource is the same as the Service labels configured during Ingress Controller installation (
app: ingresslinkin the previous example).
- The IngressLink must belong to the same namespace as the Ingress Controller pod (
nginx-ingressor the namespace used for installing the Helm chart).