Adding f5 router to existing openshift cluster

Question

I'm running okd 3.6 (upgrade is a work in progress) with a f5 bigip appliance running 11.8. We currently have 2 virtual servers for http(s) doing nat/pat and talking to the clusters haproxy. The cluster is configured to use redhat/openshift-ovs-subnet.

I now have users asking to do tls passthrough. Can I add new virtual servers and a f5 router pod to the cluster and run this in conjunction with my existing virtual servers and haproxy?

Thank you.

Answer 1

Personally I think... yes, you can. If TLS passthrough is route configuration, then you just define the route as follows, then the HAProxy would transfer to your new virtual server.

apiVersion: v1
kind: Route
metadata:
  labels:
    name: myService
  name: myService-route-passthrough
  namespace: default
spec:
  host: mysite.example.com
  path: "/myApp"
  port:
    targetPort: 443
  tls:
    termination: passthrough
  to:
    kind: Service
    name: myService

Frankly I don't know whether or not I could make sense your needs correclty. I might not answer appropriately against your question, so you had better read the following readings for looking for more appropriate solutions.

• Passthrough Termination

• Simple SSL Passthrough (Non-Prod only)