NGINX Docs
    • DevCentral

      Connect & learn in our hosted community

    • MyF5

      Your key to everything F5, including support, registration keys, and subscriptions

    • NGINX

      Learn more about NGINX Open Source and read the community blog

F5 BIG-IP

Learn how to use F5 IngressLink with NGINX Ingress Controller to configure your F5 BIG-IP device.

F5 IngressLink is an integration between NGINX Ingress Controller and F5 BIG-IP Container Ingress Services (CIS) that configures an F5 BIG-IP device as a load balancer for NGINX Ingress Controller pods.

The steps to enable the integration depend on the option chosen to install NGINX Ingress Controller: Using Manifests or using the Helm chart.

  1. Create a service for the Ingress Controller pods for ports 80 and 443. For example:

    yaml
    apiVersion: v1
kind: Service
metadata:
  name: nginx-ingress-ingresslink
  namespace: nginx-ingress
  labels:
    app: ingresslink
spec:
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
    name: http
  - port: 443
    targetPort: 443
    protocol: TCP
    name: https
  selector:
    app: nginx-ingress

    Note the label app: ingresslink. We will use it in the Configure CIS step.

  2. In the ConfigMap resource enable the proxy protocol, which the BIG-IP system will use to pass the client IP and port information to NGINX. For the set-real-ip-from key, use the subnet of the IP which the BIG-IP system uses to send traffic to NGINX:

    yaml
    proxy-protocol: "True"
real-ip-header: "proxy_protocol"
set-real-ip-from: "0.0.0.0/0"

  3. Deploy NGINX Ingress Controller with additional command-line arguments:

    yaml
    args:
- -ingresslink=nginx-ingress
- -report-ingress-status
. . .

    where ingresslink references the name of the IngressLink resource from step 1, and report-ingress-status enables reporting ingress statuses.

Install a Helm release with the following values:

yaml
controller:
  config:
    entries:
      proxy-protocol: "True"
      real-ip-header: "proxy_protocol"
      set-real-ip-from: "0.0.0.0/0"
  reportIngressStatus:
    ingressLink: nginx-ingress
  service:
    type: ClusterIP
    externalTrafficPolicy: Cluster
    extraLabels:
      app: ingresslink

We will use the ingressLink and extraLabels parameter values to configure CIS in the next section. For the set-real-ip-from key, use the subnet of the IP which the BIG-IP system uses to send traffic to NGINX.

To enable the integration, F5 BIG-IP Container Ingress Services must be deployed in the cluster and configured to support the integration. Follow the instructions on the CIS documentation portal.

Make sure that:

  • The name of the IngressLink resource is the same as the one used during the installation of NGINX Ingress Controller (nginx-ingress in the previous example).
  • The selector in the IngressLink resource is the same as the Service labels configured during Ingress Controller installation (app: ingresslink in the previous example).
  • The IngressLink must belong to the same namespace as the Ingress Controller pod (nginx-ingress or the namespace used for installing the Helm chart).