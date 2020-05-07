Successfully reported this slideshow.
OpenShift / F5 Container Ingress Services Workshop Tyler Hatton Technical Solutions Architect
OpenShift/K8s Refresher Containers overview Why OpenShift/K8s? OpenShift architecture and terms Container Ingress Services...
App Container App Container Kernel / Host Operating System Hardware Network RAMHDD CPU A container is a unit of software t...
App Container App Container Kernel / Host Operating System Hardware Network RAMHDD CPU OS Dependencies OS Dependencies App...
Container Container Orchestration Container Container Container Scaling Networking Security Resource management Storage Ku...
OpenShift Red Hat OpenShift is an enterprise- ready Kubernetes container platform with full-stack automated operations to ...
PodPod Container K8s Components ContainerContainer A pod is one or more closely related containers deployed to one host
OpenShift Components Pod Container Deployment Pod Container Pod Container Image name Replicas CPU & Memory Storage Deploym...
OpenShift Components apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment-example spec: replicas: 3 templ...
OpenShift Components - Services Pod Container Pod Container Pod Container role: redis Pod Container Redis Service 172.30.1...
OpenShift Components - Services Pod Container Pod Container Pod Container role: redis Pod Container Redis ClusterIP 172.30...
OpenShift Components - Services Pod Container Pod Container Pod Container role: redis Redis NodePort 172.30.100.101 NodePo...
OpenShift Components Pod Container Pod Container Pod Container role: redis Redis ClusterIP 172.30.100.101 role: redis role...
OpenShift Components Pod Container Pod Container Pod Container role: frontend Frontend Service 172.30.100.102 Routes/Ingre...
Hardware Architecture Pods are hosted on Nodes Node Pod Pod Pod Pod Node Pod Pod Pod Pod Node Pod Pod Pod Pod Node Pod Pod...
Hardware Architecture The Master manages state and orchestrates changes within the cluster Node Pod Pod Pod Pod Node Pod P...
OpenShift SDN Architecture Node 172.16.1.20 Pod 10.1.4.2 Node 172.16.1.30 Pod 10.1.2.2 Pod 10.1.4.4 Pod 10.1.2.4 OVS IP Ne...
F5 Container Ingress Services(CIS)
Ingress Architecture Shared Network Router / Ingress Node Pod Pod Pod Pod Node Pod Pod Pod Pod
Container Ingress Services Shared Network Node Pod Pod Pod Pod Node Pod Pod Pod Pod F5 Container Ingress Services (CIS) in...
Simplified Deployments Shared Network Node Pod Pod Pod Pod Node Pod Pod Pod Pod Manifests
Which Should I Use? Shared Network Node Pod Pod Pod Pod Node Pod Pod Pod Pod Ingress
BIG-IP VE Node 1 OpenShift Cluster VXLAN Tunnel Productpage CIS Components - Connectivity Node 2 ReviewsDetails RatingsPro...
BIG-IP VE Node 1 OpenShift Cluster VXLAN Tunnel BIG-IP Ctlr Productpage CIS Components - Controller Node 2 ReviewsDetails ...
BIG-IP VE Node 1 OpenShift Cluster BIG-IP Ctlr Productpage CIS Components - Controller Node 2 ReviewsDetails RatingsProduc...
BIG-IP VE Node 1 OpenShift Cluster VXLAN Tunnel BIG-IP Ctlr Productpage CIS Components - Controller Node 2 ReviewsDetails ...
Node 1 OpenShift Cluster BIG-IP VE Productpage CIS Components – Controller - Nodeport Node 2 ReviewsDetails RatingsProduct...
BIG-IP VE Node 1 OpenShift Cluster VXLAN Tunnel BIG-IP Ctlr Productpage CIS Components – Controller - Cluster Node 2 Revie...
BIG-IP VE Node 1 OpenShift Cluster VXLAN Tunnel BIG-IP Ctlr Productpage CIS Components - ConfigMap Node 2 ReviewsDetails R...
OpenShift ConfigMap to F5 VIP --- apiVersion: v1 kind: Service metadata: name: productpage labels: app: productpage servic...
https://clouddocs.f5.com/containers/v2/openshift/kctlr-openshift-bigip-ha.html That’s Cool – How does HA work?
Questions?
Next Steps WWT Labs F5 CIS Resources https://clouddocs.f5.com/containers/v2/ https://clouddocs.f5.com/containers/v2/releas...
  1. 1. OpenShift / F5 Container Ingress Services Workshop Tyler Hatton Technical Solutions Architect
  2. 2. WWT Platform & WWT ATC - https://www.wwt.com/ Solutions Networking Application Delivery Controllers WWT F5 OpenShift Lab W h e r e t o f i n d u s
  3. 3. OpenShift/K8s Refresher Containers overview Why OpenShift/K8s? OpenShift architecture and terms Container Ingress Services What is CIS? Why CIS? CIS components and how it works Interactive Lab Agenda +
  4. 4. Agenda +
  5. 5. App Container App Container Kernel / Host Operating System Hardware Network RAMHDD CPU A container is a unit of software that packages up code and all its dependencies, so the application runs reliably from one computing environment to another. OS Dependencies OS Dependencies Docker Containers
  6. 6. App Container App Container Kernel / Host Operating System Hardware Network RAMHDD CPU OS Dependencies OS Dependencies AppApp VM Kernel / Host Operating System Hardware Network RAMHDD CPU OS Dependencies VMs vs. Containers
  7. 7. Container Container Orchestration Container Container Container Scaling Networking Security Resource management Storage Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications.
  8. 8. OpenShift Red Hat OpenShift is an enterprise- ready Kubernetes container platform with full-stack automated operations to manage hybrid cloud and multicloud deployments.
  9. 9. PodPod Container K8s Components ContainerContainer A pod is one or more closely related containers deployed to one host
  10. 10. OpenShift Components Pod Container Deployment Pod Container Pod Container Image name Replicas CPU & Memory Storage Deployment Strategy A pod configuration is defined inside a deployment
  11. 11. OpenShift Components apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment-example spec: replicas: 3 template: spec: containers: - name: nginx image: nginx YAML Manifest Pod Container Pod Container Pod Container A pod configuration is defined inside a deployment Docs
  12. 12. OpenShift Components - Services Pod Container Pod Container Pod Container role: redis Pod Container Redis Service 172.30.100.101 Services are an abstraction which defines a logical set of Pods and a policy by which to access them role: redis role: redis 10.10.1.11 10.10.1.12 10.10.1.13 role: frontend 10.10.1.10
  13. 13. OpenShift Components - Services Pod Container Pod Container Pod Container role: redis Pod Container Redis ClusterIP 172.30.100.101 ClusterIPs provide internal load balancing and service discovery of pods role: redis role: redis 10.10.1.11 10.10.1.12 10.10.1.13 role: frontend 10.10.1.10
  14. 14. OpenShift Components - Services Pod Container Pod Container Pod Container role: redis Redis NodePort 172.30.100.101 NodePorts exposes externally a service within Kubernetes on a static port role: redis role: redis 10.10.1.11 10.10.1.12 10.10.1.13
  15. 15. OpenShift Components Pod Container Pod Container Pod Container role: redis Redis ClusterIP 172.30.100.101 role: redis role: redis 10.10.1.11 10.10.1.12 10.10.1.13 apiVersion: v1 kind: Service metadata: name: redis-service spec: selector: component: redis type: ClusterIP ports: - port: 6379 targetPort: 6379 YAML Manifest
  16. 16. OpenShift Components Pod Container Pod Container Pod Container role: frontend Frontend Service 172.30.100.102 Routes/Ingresses enable external access to a service role: frontend role: frontend 10.10.1.15 10.10.1.16 10.10.1.17 Route frontend.apps.example.com
  17. 17. Hardware Architecture Pods are hosted on Nodes Node Pod Pod Pod Pod Node Pod Pod Pod Pod Node Pod Pod Pod Pod Node Pod Pod Pod Pod
  18. 18. Hardware Architecture The Master manages state and orchestrates changes within the cluster Node Pod Pod Pod Pod Node Pod Pod Pod Pod Node Pod Pod Pod Pod Master API / Authentication Data Store Scheduler Health/Scaling Node Pod Pod Pod PodKubectl GUI API
  19. 19. OpenShift SDN Architecture Node 172.16.1.20 Pod 10.1.4.2 Node 172.16.1.30 Pod 10.1.2.2 Pod 10.1.4.4 Pod 10.1.2.4 OVS IP Network VxLAN Overlay Network Overlay: 10.1.0.0/16 Underlay: 172.16.1.0/24 Kubernetes Alternatives: Flannel / Calico
  20. 20. F5 Container Ingress Services(CIS)
  21. 21. Ingress Architecture Shared Network Router / Ingress Node Pod Pod Pod Pod Node Pod Pod Pod Pod
  22. 22. Container Ingress Services Shared Network Node Pod Pod Pod Pod Node Pod Pod Pod Pod F5 Container Ingress Services (CIS) integrates with container orchestration platforms to dynamically create L4/L7 services on F5 BIG-IP Application Security Web Application Firewall Identity & Access Controls DDoS Protection SSL/TLS Termination
  23. 23. Simplified Deployments Shared Network Node Pod Pod Pod Pod Node Pod Pod Pod Pod Manifests
  25. 25. BIG-IP VE Node 1 OpenShift Cluster VXLAN Tunnel Productpage CIS Components - Connectivity Node 2 ReviewsDetails RatingsProductpage OpenShift SDN VTEP VTEP
  26. 26. BIG-IP VE Node 1 OpenShift Cluster VXLAN Tunnel BIG-IP Ctlr Productpage CIS Components - Controller Node 2 ReviewsDetails RatingsProductpage OpenShift SDN Configurations
  27. 27. BIG-IP VE Node 1 OpenShift Cluster BIG-IP Ctlr Productpage CIS Components - Controller Node 2 ReviewsDetails RatingsProductpage OpenShift SDN Deployment Methods Manual Helm Operator VXLAN Tunnel
  28. 28. BIG-IP VE Node 1 OpenShift Cluster VXLAN Tunnel BIG-IP Ctlr Productpage CIS Components - Controller Node 2 ReviewsDetails RatingsProductpage OpenShift SDN kind: Deployment … spec: args: [ "--bigip-username=$(BIGIP_USERNAME)", "--bigip-password=$(BIGIP_PASSWORD)", "--bigip-url=192.168.2.201", "--bigip-partition=openshift", "--openshift-sdn-name=/Common/vxlan-tun"
  29. 29. Node 1 OpenShift Cluster BIG-IP VE Productpage CIS Components – Controller - Nodeport Node 2 ReviewsDetails RatingsProductpage OpenShift SDN Considerations Cluster vs Nodeport Multiple vs Single VS Configmap vs Route Kube-proxy Kube-proxy BIG-IP Ctlr kind: Deployment … spec: args: [ "--pool-member-type=nodeport",
  30. 30. BIG-IP VE Node 1 OpenShift Cluster VXLAN Tunnel BIG-IP Ctlr Productpage CIS Components – Controller - Cluster Node 2 ReviewsDetails RatingsProductpage OpenShift SDN Considerations Cluster vs Nodeport Multiple vs Single VS Configmap vs Route kind: Deployment … spec: args: [ "--pool-member-type=cluster", … Docs
  31. 31. BIG-IP VE Node 1 OpenShift Cluster VXLAN Tunnel BIG-IP Ctlr Productpage CIS Components - ConfigMap Node 2 ReviewsDetails RatingsProductpage OpenShift SDN kind: ConfigMap apiVersion: v1 metadata: name: application.vs.https labels: f5type: virtual-server as3: "true" data: F5 Configuration Three Flavors bigip-virtual-server Schema iApp AS3 Schema
  32. 32. OpenShift ConfigMap to F5 VIP --- apiVersion: v1 kind: Service metadata: name: productpage labels: app: productpage service: productpage cis.f5.com/as3-tenant: AS3 cis.f5.com/as3-app: productpage cis.f5.com/as3-pool: productpage_pool kind: ConfigMap apiVersion: v1 metadata: name: productpage.vs.https labels: f5type: virtual-server as3: "true" data: template: | { "class": "AS3", "AS3": { "class": "Tenant", "productpage": { … Service ConfigMap F5 Configs
  34. 34. https://clouddocs.f5.com/containers/v2/openshift/kctlr-openshift-bigip-ha.html That’s Cool – How does HA work?
  35. 35. Questions?
  36. 36. Next Steps WWT Labs F5 CIS Resources https://clouddocs.f5.com/containers/v2/ https://clouddocs.f5.com/containers/v2/releases_and_versioning.html https://f5cloudsolutions.herokuapp.com/ https://github.com/F5Networks/k8s-bigip-ctlr/issues https://www.wwt.com/lab/openshift-101-lab https://www.wwt.com/lab/openshift-cicd-lab https://www.wwt.com/lab/f5-ansible-automation-training-lab https://www.wwt.com/lab/f5-nginx-lab
  37. 37. WWT Platform & WWT ATC - https://www.wwt.com/ Explore Networking Application Delivery Controllers WWT F5 OpenShift Lab W h e r e t o f i n d u s

