F5 连接NetOps/SecOps与DevOps」 -- 「5」Application Services 3 Extension

「F5 连接NetOps/SecOps与DevOps」 – 「5」Application Services 3 Extension

本文主要介绍第三个声明式组件Application Services 3 Extension(以下简称AS3)的使用方式。

as3

AS3提供了一种声明式的方式来配置F5 BIGIP的L4-L7的配置,包括LTM,DNS,AFM,ASM等模块的配置,它支持multi-tenant和multi route-domain的配置。

包含但不限于以下配置:

- L3/L4: VIP. Pool SNAT Monitors, Profiles, etc.
- HTTP/HTTPS ADC
- L4 Firewall Policy Support (AFM Policy attachment)
- HTTP/HTTPS L7 Security
- ASM/APM policy attachment
- Traffic Profiles (Endpoint Policy attachment / construction)
- iRules
- SSL/TLS
- Methods for loading policies and iRules: base64 & URL
...

as3-2

目前AS3和DO一样,支持RPM包安装在f5上,也支持用一个as3的docker容器来代理这些API的交互,当然目前也支持通过BIGIQ来下发这些AS3的json文件配置到每个BIGIP中,方便集中管理,帮助用户更好的实现SuperNetOps。

当然,要使用AS3,和DO一样,也是需要一些预备的条件的: 1. 必须使用v12.1或者以上的版本 2. 进行API交互的账号,必须有administrator role的权限。

一个简单的AS3例子如下:

{
"class": "AS3",
"action": "deploy",
"targetHost": "192.0.2.76",
"targetUsername": "admin",
"targetPassphrase": "admin",
"declaration": {
    "class": "ADC",
    "schemaVersion": "3.0.0",
    "id": "container",
    "label": "Sample 1 in a container",
    "remark": "Simple HTTP application with RR pool",
    "Sample_container": {
        "class": "Tenant",
        "A1": {
            "class": "Application",
            "template": "http",
            "serviceMain": {
            "class": "Service_HTTP",
            "virtualAddresses": [
                "10.0.1.10"
            ],
            "pool": "web_pool"
            },
            "web_pool": {
            "class": "Pool",
                "monitors": [
                    "http"
                ],
            "members": [{
                "servicePort": 80,
                "serverAddresses": [
                    "192.0.1.10",
                    "192.0.1.11"
                ]
            }]
            }
        }
    }
}
}

然后把这个JSON文件,POST到https://[BIGIP-IP]:PORT/mgmt/shared/appsvcs/declare即可。

更多详细的介绍,请参考https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/