Skip to content

Instantly share code, notes, and snippets.

@ruo91
Created April 25, 2024 22:53
Show Gist options
  • Save ruo91/7b2c48114efb204a370cea962aea7320 to your computer and use it in GitHub Desktop.
Save ruo91/7b2c48114efb204a370cea962aea7320 to your computer and use it in GitHub Desktop.
F5 Container Ingress Services - F5BigIpCtlr
Usage of /app/bin/k8s-bigip-ctlr.real
  Global:
      --cccl-log-level string            Optional, logging level for cccl
      --controller-mode string           Optional, to put the controller to process desired resources.
      --custom-resource-mode             Optional, When set to true, controller processes only F5 Custom Resources.
      --default-route-domain int         Optional, CIS uses this value as default Route Domain in BIG-IP 
      --disable-teems                    Optional, flag to disable sending telemetry data to TEEM
      --enable-ipv6                      Optional, flag to enbale ipv6 network support.
      --extended-spec-configmap string   Required, specify a configmap that holds additional spec for controller. It's a required parameter if controller-mode is 'openshift'
      --http-listen-address string       Optional, address to serve http based informations (/metrics and /health). (default "0.0.0.0:8080")
      --log-file string                  Optional, filepath to store the CIS logs
      --log-level string                 Optional, logging level (default "INFO")
      --node-poll-interval int           Optional, interval (in seconds) at which to poll for cluster nodes. (default 30)
      --orchestration-cni string         Optional, flag to specify orchestration CNI configured
      --periodic-sync-interval int       Optional, interval (in seconds) at which to queue resources. (default 30)
      --python-basedir string            DEPRECATED: Optional, directory location of python utilities
      --route-spec-configmap string      Required, specify a configmap that holds additional spec for routes if controller-mode is 'openshift'
      --shared-static-routes             Optional, flag to enable configuration of static routes on bigip in common partition
      --static-route-node-cidr string    Optional, flag to specify node network cidr to be used for static routing when node has multiple interfaces.This is supported only with CNI ovn-k8s
      --static-routing-mode              Optional, flag to enable configuration of static routes on bigip for pod network subnets
      --verify-interval int              Optional, interval (in seconds) at which to verify the BIG-IP configuration. (default 30)
      --version                          Optional, print version and exit.

  BigIP:
      --agent string                      Optional, when set to cccl, orchestration agent will be CCCL instead of AS3 (default "as3")
      --as3-post-delay int                Optional, time (in seconds) that CIS waits to post the available AS3 declaration.
      --as3-validation                    Optional, when set to false, disables as3 template validation on the controller. (default true)
      --bigip-partition stringArray       Required, partition(s) for the Big-IP kubernetes objects.
      --bigip-password string             Required, password for the Big-IP user account.
      --bigip-url string                  Required, URL for the Big-IP
      --bigip-username string             Required, user name for the Big-IP user account.
      --cccl-gtm-agent                    Optional, Option to configure GTM objects using CCCL or AS3 Agent. Default Agent is CCCL. (default true)
      --cipher-group string               Optional, Configures a Cipher Group in BIG-IP and reference it here. cipher-group and ciphers are mutually exclusive, only use one. (default "/Common/f5-default")
      --ciphers string                    Optional, Configures a ciphersuite selection string. cipher-group and ciphers are mutually exclusive, only use one. (default "DEFAULT")
      --credentials-directory string      Optional, directory that contains the BIG-IP username, password, and/or url files. To be used instead of username, password, and/or url arguments.
      --http-client-metrics               Optional, adds HTTP client metric instrumentation for the k8s-bigip-ctlr
      --insecure                          Optional, when set to true, enable insecure SSL communication to BIGIP.
      --ipam                              Optional, when set to true, enable ipam feature for CRD.
      --ipam-cluster-label string         Optional, Valid for Infoblox IPAM provider only. Prepends the value of this label to form the key. Generally advised to use in MultiCluster Environment
      --log-as3-response                  Optional, when set to true, add the body of AS3 API response in Controller logs.
      --override-as3-declaration string   Optional, provide Namespace and Name of that ConfigMap as <namespace>/<configmap-name>.The JSON key/values from this ConfigMap will override key/values from internally generated AS3 declaration.
      --share-nodes                       Optional, when set to true, node will be shared among partition.
      --tls-version string                Optional, Configure TLS version to be enabled on BIG-IP. TLS1.3 is only supported in tmos version 14.0+. (default "1.2")
      --trusted-certs-cfgmap string       Optional, when certificates are provided, adds them to controller'trusted certificate store.

  Kubernetes:
      --default-ingress-ip string                 Optional, the controller will configure a virtual server with this IP address for any Ingress with the annotation 'virtual-server.f5.com/ip:controller-default'.
      --filter-tenants                            Optional, specify whether or not to use tenant filtering API for AS3 declaration
      --hubmode                                   Optional, specify whether or not to manage ConfigMap resources in hub-mode
      --ingress-class f5                          Optional, default f5. A class of the Ingress controller. The Ingress controller only processes Ingressresources that belong to its class - i.e. have the annotation `kubernetes.io/ingress.class` equal to the class.Additionally, the Ingress controller processes Ingress resources that do not have that annotation,which can be disabled by setting the `-manage-ingress-class-only` flag (default "f5")
      --kubeconfig string                         Optional, absolute path to the kubeconfig file (default "./config")
      --manage-configmaps                         Optional, specify whether or not to manage ConfigMap resources (default true)
      --manage-ingress                            Optional, specify whether or not to manage Ingress resources (default true)
      --manage-ingress-class-only false           Optional, default false. Process all ingress resources without `kubernetes.io/ingress.class`annotation and ingresses with annotation `kubernetes.io/ingress.class=f5`.
      --manage-routes                             Optional, specify whether or not to manage Legacy Route resources  Please use controller-mode option for NextGen Route Controller 
      --namespace stringArray                     Optional, Kubernetes namespace(s) to watch.If left blank controller will watch all k8s namespaces
      --namespace-label string                    Optional, used to watch for namespaces with this label
      --node-label-selector string                Optional, used to watch only for nodes with this label
      --pool-member-type string                   Optional, type of BIG-IP pool members to create. 'nodeport' will use k8s service NodePort. 'cluster' will use service endpoints. The BIG-IP must be able access the cluster network'nodeportlocal' only supported with antrea cni'auto' will learn service type(ClusterIP/NodePort/LoadBalancer) automatically (default "nodeport")
      --resolve-ingress-names string[="LOOKUP"]   Optional, direct the controller to resolve host names in Ingresses into IP addresses. The 'LOOKUP' option will use the controller's built-in DNS. Any other string will be used as a custom DNS server, either by name or IP address.
      --running-in-cluster                        Optional, if this controller is running in a kubernetes cluster,use the pod secrets for creating a Kubernetes client. (default true)
      --schema-db-base-dir string                 Optional, where the schema db's locally reside (default "file:///app/vendor/src/f5/schemas/")
      --use-node-internal                         Optional, provide kubernetes InternalIP addresses to pool (default true)
      --use-secrets                               Optional, enable/disable use of Secrets for Ingress or ConfigMap SSL Profiles. (default true)
      --vs-snat-pool-name string                  Optional, the controller will configure each virtual server to reference the pool with this name.

  Openshift SDN:
      --cilium-name string          Must be provided for BIGIP Cilium Integration, full path of BigIP Cilium VxLAN Tunnel
      --flannel-name string         Must be provided for BigIP Flannel integration, full path of BigIP Flannel VxLAN Tunnel
      --openshift-sdn-name string   Must be provided for BigIP SDN integration, full path of BigIP OpenShift SDN VxLAN Tunnel

  Openshift Routes:
      --default-client-ssl string    Optional, specify a user-created client ssl profile to be used as default for SNI for Route virtual servers
      --default-server-ssl string    Optional, specify a user-created server ssl profile to be used as default for SNI for Route virtual servers
      --route-http-vserver string    Optional, the name to be used for the OpenShift Route http vserver (default "ose-vserver")
      --route-https-vserver string   Optional, the name to be used for the OpenShift Route https vserver (default "https-ose-vserver")
      --route-label string           Optional, label for which Route objects to watch.
      --route-vserver-addr string    Optional, bind address for virtual server for Route objects.

  GTM:
      --gtm-bigip-password string          Optional, password for the GMT Big-IP user account.
      --gtm-bigip-url string               Optional, URL for the GTM Big-IP
      --gtm-bigip-username string          Optional, user name for the GTM Big-IP user account.
      --gtm-credentials-directory string   Optional, directory that contains the GTM BIG-IP username, password, and/or url files. To be used instead of username, password, and/or url arguments.
      ```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment