Installing and Configuring F5 Container Connector for PCF

This topic describes how to install and configure F5 Container Connector for Pivotal Cloud Foundry (PCF).

Installing and Configuring F5 Container Connector for PCF

  1. Download the product file from Pivotal Network.
  2. Navigate to the Ops Manager Installation Dashboard and click Import a Product to upload the product file.
  3. Under the Import a Product button, click + next to the version number of F5 Container Connector for PCF. This adds the tile to your staging area.
  4. Click the F5 Container Connector for PCF tile.
  5. Under the Settings tab, configure the following settings:
    1. Assign an Availability Zone and a network for the Container Connector to connect to.
      Settings tab
    2. Under the Connection Information page, configure the following settings:
      Connection information page
      • BIG-IP IP Address or FQDN: The IP address of either the MGMT interface or another interface configured to handle MGMT traffic. This can also be a FQDN that PCF can resolve.
      • BIG-IP Username and BIG-IP Password: The BIG-IP username and password for an account that has administrator privileges.
      • BIG-IP Partition: The name of the partition on the BIG-IP that you created specifically for Container Connector. All the App connection information will go in this partition.
      • BIG-IP Virtual Server IP Address: The IP address that is the entry point for all PCF apps. Wildcard DNS entries should reference this IP address.
      • BIG-IP Policies: The full path to a BIG-IP Policy object (i.e., /Common/VALID_URL). In this field, you can enforce security policies, add X-Headers to requests, and more.
      • BIG-IP Profiles: The full path to a BIG-IP Profile object. This can be any valid traffic profile.
      • BIG-IP Health Monitors: The full path to a BIG-IP Health Monitor. You will use this to determine the health of all the apps running in the PCF environment.
      • NATS Host IP Address: View this IP address in Pivotal Elastic Runtime, under the Status tab.
      • NATS Host Port: By default, this is 4222.
      • NATS User Password: View these credentials in Pivotal Elastic Runtime, under the Credentials tab, under the NATS line entry. Click on Link to Credential to view the password.
      • OAuth Endpoint: The FQDN of the UAA service. By default, this is uaa.YOUR-SYSTEM-DOMAIN. View your system domain on the Domains page of Pivotal Elastic Runtime’s Settings tab.
      • OAuth Secret: View this secret in Pivotal Elastic Runtime, under the Credentials tab. Look for the UAA line, and find the Gorouter Client Credentials. Click on Link to Credential to view the password.
      • PCF API Endpoint: The FQDN of the API service. By default, this is api.YOUR-SYSTEM-DOMAIN. View your system domain on the Domains page of Pivotal Elastic Runtime’s Settings tab.
  6. Click Save.
  7. Return to the Ops Manager Installation Dashboard and click Apply changes to install the F5 Container Connector for PCF tile.

Manually Installing F5 Container Connector for PCF

If necessary, you can install the F5 Container Connector for PCF manually. You may want to install the Container Connector manually if you need to specify which Org or Space to use.

A manual install is useful if you run into any issues with the tile installing correctly after following the procedure in Installing and Configuring F5 Container Connector for PCF. The manual install process is also faster.

The F5 Container Connector for PCF is located on the Public Docker Registry. You can pull it down from within a cf push command.

How to Manually Install F5 Container Connector for PCF

  1. Create a cf push manifest file. This manifest tells PCF what the app should be named, how to check its health, and sets up the environment variables for the Container Connector that store its configuration information.

    Below is an example manifest.yml file. You can use this as the basis for your manifest. Modify the {EXAMPLE} fields with information that pertains to your PCF installation:

       applications:
         - name: {Appname - cc4pcf is what we have been using.}
           health-check-type: http
           health-check-http-endpoint: /health
           routes:
             - route: {App Route - like cc4pcf.apps.company.com}
           env:
             BIGIP_CTLR_CFG: |
                 bigip:
                   url: https://{IP Address of BIG-IP MGMT interface}
                   user: {BIG-IP Username that has 'admin' rights}
                   pass: {Password for above Username}
                   partition:
                     - {Partition for Container Connector's sole use - like 'pcf'}
                   balance: round-robin
                   verify_interval: 1000000
                   external_addr: {BIG-IP Virtual Server IP Address for external connections}
                   policies:
                     - {BIG-IP Policy path #1 - like '/Common/my-policy'}
                     - {BIG-IP Policy path #2 - multiple policies can be defined}
                   profiles:
                     - {BIG-IP Profile path #1 - like '/Common/forwarded-for'}
                     - {BIG-IP Profile path #2 - multiple profiles can be defined}
                   health_monitors:
                     - {BIG-IP Monitor path #1 - like '/Common/tcp_half_open'}
                     - {BIG-IP Monitor path #2 - multiple health monitors can be defined}
    
                 status:
                   user: admin
                   pass: admin
                 nats:
                   - host: {IP Address of NATS host}
                     port: {Port of NATS service - default is 4222}
                     user: nats
                     pass: {Admin password of 'nats' user}
    
                 logging:
                   file: /tmp/cf-bigip.ctlr.log
                   syslog: vcap.cf-bigip-ctlr
                   level: info
                   loggregator_enabled: false
                   metron_address: "localhost:3457"
    
                 go_max_procs: -1
                 prune_stale_droplets_interval: 30s
                 droplet_stale_threshold: 120s
                 suspend_pruning_if_nats_unavailable: false
    
                 oauth:
                   token_endpoint: {FQDN of UAA Service - like 'uaa.service.company.com'}
                   client_name: "gorouter"
                   client_secret: {Gorouter Client Credentials}
                   port: 443
                   skip_ssl_validation: true
                   ca_certs:
    
                 routing_api:
                   uri: {URI of API Serivce - like 'api.service.company.com'}
                   port: 80
                   auth_disabled: false
    
                 start_response_delay_interval: 20s
    
                 token_fetcher_max_retries: 3
                 token_fetcher_retry_interval: 5s
                 token_fetcher_expiration_buffer_time: 30
    
    

  2. cf push to finish the install.
       cf push cc4pcf -f ./manifest.yml -o f5networks/cf-bigip-ctlr -k 128M -m 128M
    

    This assumes that your manifest.yml file is in the local directory. The -k 128M -m 128M is optional to limit the amount of Memory and Disk space to 128 Mb, since PCF defaults to 1 GB for each.
  3. Install complete. Log into your BIG-IP and confirm there is a routing-vip-http virtual service. If its not there, see the Troubleshooting section of the documentation.
  4. Useful Reminders About Manual Installation

    • You can configure multiple Policies and Profiles - one per line in the manifest - in the appropriate sections above.
    • Your endpoints may have a different configuration from the examples used above. They all default to whatever is set up for the service domain in the ERT Domain configuration.
    • Most of the PCF services use default IP ports, but if your PCF installation uses different ports, you will need to do the manual install in order to specify the different port values.
    • The status section of the Manifest file is for BasicAuth access to a /routes endpoint on the Container Connector. This API will return all the running apps that it knows about in a JSON format.