F5 BIG-IP Ingress Controller for Kubernetes with High Availability on Azure

In our architecture we want use F5 as Kubernetes ingress controller to do that, we installed F5 BIG-IP Container Ingress Services (CIS) in to the k8s cluster, CIS will communicate with the F5 for configuration changes. infact single F5 BIG-IP configuration pretty simple but using with HA configuration bit tricky so let me explain the scenarios.

1. Scenario —Active/Passive HA Cluster with F5 Cloud Failover Extension (CFE)

Active/Standby HA cluster but on the cloud we cannot assign 1 ip to 2 server so for this we must switch those ips to do that F5 must speak with Cloud API’s but it take 40–45 second switch between nodes. But this is only on Azure, AWS is little different.

2. Scenario — Active/Active HA Cluster

We have 2 active F5 nodes behind azure external load balancer, Using load balancer to assign public ips. Load balancer redirecting the traffic to these instances. However this configuration has downside, If Azure Load balancer goes down all site goes down too. Its creating single point of failure.

This configuration only expectable while site is in n+1 region.

3. Scenario — 2 Active Site with HA F5-Big IP or Single F5-Big IP Configuration

This scenario require n+1 region to configure properly, because each service will be available as one instance in that region, 2 region will gave required redundancy.

Infect some databases works only single master in that case applications database connection latency getting important, some inter connectivity must be consider.

4. Scenario — New Site with Automation (Terraform)

Teraform is a cloud orchestration tool, it helps to automate cloud related tasks, depending application downtime requirement same architecture can be create in another region or another cloud but in this scenario downside is this automation should be test regularly in case of failure.