When you have a requirement for the container gateway on openshift to be able to authenticate clients based on ip or based client certificate authentication. 

The gateway service is exposed externally using Openshift F5 routes using ssl pass through profile since we want the gateway to be able to authenticate end user's client cert.

How can this be done in Kubernetes?

CA API Gateway 10.1 

Container Based: Openshift Any version.

Open up a port (8443) directly on the host and have bound that to layer7 gateway pod. So any http request that would come in to the host would be routed directly to the pod bypassing the OpenShift ingress controllers(HA Proxy) and the internal service. But a specific fixed NIC needs to be bound so the IP doesnt change every time the POD restarts.