This document provides an overview of an OpenShift/F5 Container Ingress Services workshop. It begins with an introduction and agenda. It then covers OpenShift and Kubernetes concepts like containers, pods, deployments, services and the overall architecture. It discusses what Container Ingress Services (CIS) is and how it integrates F5 BIG-IP devices. The lab will demonstrate CIS components like the controller, configmaps and deployment methods. It concludes with next steps and resources for further learning.

1. OpenShift / F5 Container Ingress Services Workshop
Tyler Hatton
Technical Solutions Architect

2. WWT Platform & WWT ATC - https://www.wwt.com/
Solutions Networking Application Delivery Controllers
WWT F5 OpenShift Lab
W h e r e t o f i n d u s

3. OpenShift/K8s Refresher
Containers overview
Why OpenShift/K8s?
OpenShift architecture and terms
Container Ingress Services
What is CIS?
Why CIS?
CIS components and how it works
Interactive Lab
Agenda
+

4. Agenda
+

5. App
Container
App
Container
Kernel / Host Operating System
Hardware
Network RAMHDD CPU
A container is a unit of software that packages
up code and all its dependencies, so the
application runs reliably from one computing
environment to another.
OS
Dependencies
OS
Dependencies
Docker Containers

6. App
Container
App
Container
Kernel / Host Operating System
Hardware
Network RAMHDD CPU
OS
Dependencies
OS
Dependencies
AppApp
VM
Kernel / Host Operating System
Hardware
Network RAMHDD CPU
OS Dependencies
VMs vs. Containers

7. Container
Container Orchestration
Container
Container Container
Scaling
Networking
Security
Resource management
Storage
Kubernetes (K8s) is an open-source system for automating
deployment, scaling, and management of containerized applications.

8. OpenShift
Red Hat OpenShift is an enterprise-
ready Kubernetes container platform
with full-stack automated operations
to manage hybrid cloud and
multicloud deployments.

9. PodPod
Container
K8s Components
ContainerContainer
A pod is one or more closely related containers deployed to one host

10. OpenShift Components
Pod
Container
Deployment
Pod
Container
Pod
Container
Image name
Replicas
CPU & Memory
Storage
Deployment Strategy
A pod configuration is defined inside a deployment

11. OpenShift Components
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment-example
spec:
replicas: 3
template:
spec:
containers:
- name: nginx
image: nginx
YAML Manifest
Pod
Container
Pod
Container
Pod
Container
A pod configuration is defined inside a deployment
Docs

12. OpenShift Components - Services
Pod
Container
Pod
Container
Pod
Container
role: redis
Pod
Container
Redis Service
172.30.100.101
Services are an abstraction which defines a logical set of Pods and a policy by which to access them
role: redis role: redis
10.10.1.11 10.10.1.12 10.10.1.13
role: frontend
10.10.1.10

13. OpenShift Components - Services
Pod
Container
Pod
Container
Pod
Container
role: redis
Pod
Container
Redis ClusterIP
172.30.100.101
ClusterIPs provide internal load balancing and service discovery of pods
role: redis role: redis
10.10.1.11 10.10.1.12 10.10.1.13
role: frontend
10.10.1.10

14. OpenShift Components - Services
Pod
Container
Pod
Container
Pod
Container
role: redis
Redis NodePort
172.30.100.101
NodePorts exposes externally a service within Kubernetes on a static port
role: redis role: redis
10.10.1.11 10.10.1.12 10.10.1.13

15. OpenShift Components
Pod
Container
Pod
Container
Pod
Container
role: redis
Redis ClusterIP
172.30.100.101
role: redis role: redis
10.10.1.11 10.10.1.12 10.10.1.13
apiVersion: v1
kind: Service
metadata:
name: redis-service
spec:
selector:
component: redis
type: ClusterIP
ports:
- port: 6379
targetPort: 6379
YAML Manifest

16. OpenShift Components
Pod
Container
Pod
Container
Pod
Container
role: frontend
Frontend Service
172.30.100.102
Routes/Ingresses enable external access to a service
role: frontend role: frontend
10.10.1.15 10.10.1.16 10.10.1.17
Route
frontend.apps.example.com

17. Hardware Architecture
Pods are hosted on Nodes
Node
Pod Pod
Pod Pod
Node
Pod Pod
Pod Pod
Node
Pod Pod
Pod Pod
Node
Pod Pod
Pod Pod

18. Hardware Architecture
The Master manages state and orchestrates changes within the cluster
Node
Pod Pod
Pod Pod
Node
Pod Pod
Pod Pod
Node
Pod Pod
Pod Pod
Master
API /
Authentication
Data Store
Scheduler
Health/Scaling
Node
Pod Pod
Pod PodKubectl
GUI
API

19. OpenShift SDN Architecture
Node
172.16.1.20
Pod
10.1.4.2
Node
172.16.1.30
Pod
10.1.2.2
Pod
10.1.4.4
Pod
10.1.2.4
OVS
IP Network
VxLAN Overlay
Network
Overlay: 10.1.0.0/16
Underlay: 172.16.1.0/24
Kubernetes Alternatives: Flannel / Calico

20. F5 Container Ingress Services(CIS)

21. Ingress Architecture
Shared
Network
Router / Ingress
Node
Pod Pod
Pod Pod
Node
Pod Pod
Pod Pod

22. Container Ingress Services
Shared
Network
Node
Pod Pod
Pod Pod
Node
Pod Pod
Pod Pod
F5 Container Ingress Services (CIS)
integrates with container orchestration
platforms to dynamically create L4/L7
services on F5 BIG-IP
Application Security
Web Application Firewall
Identity & Access
Controls
DDoS Protection
SSL/TLS Termination

23. Simplified Deployments
Shared
Network
Node
Pod Pod
Pod Pod
Node
Pod Pod
Pod Pod
Manifests

24. Which Should I Use?
Shared
Network
Node
Pod Pod
Pod Pod
Node
Pod Pod
Pod Pod
Ingress

25. BIG-IP VE
Node 1
OpenShift Cluster
VXLAN Tunnel
Productpage
CIS Components - Connectivity
Node 2
ReviewsDetails RatingsProductpage
OpenShift SDN
VTEP
VTEP

26. BIG-IP VE
Node 1
OpenShift Cluster
VXLAN Tunnel
BIG-IP Ctlr Productpage
CIS Components - Controller
Node 2
ReviewsDetails RatingsProductpage
OpenShift SDN
Configurations

27. BIG-IP VE
Node 1
OpenShift Cluster
BIG-IP Ctlr Productpage
CIS Components - Controller
Node 2
ReviewsDetails RatingsProductpage
OpenShift SDN
Deployment Methods
Manual Helm Operator
VXLAN Tunnel

28. BIG-IP VE
Node 1
OpenShift Cluster
VXLAN Tunnel
BIG-IP Ctlr Productpage
CIS Components - Controller
Node 2
ReviewsDetails RatingsProductpage
OpenShift SDN
kind: Deployment
…
spec:
args: [
"--bigip-username=$(BIGIP_USERNAME)",
"--bigip-password=$(BIGIP_PASSWORD)",
"--bigip-url=192.168.2.201",
"--bigip-partition=openshift",
"--openshift-sdn-name=/Common/vxlan-tun"

29. Node 1
OpenShift Cluster
BIG-IP VE
Productpage
CIS Components – Controller - Nodeport
Node 2
ReviewsDetails RatingsProductpage
OpenShift SDN
Considerations
Cluster vs Nodeport
Multiple vs Single VS
Configmap vs Route
Kube-proxy Kube-proxy
BIG-IP Ctlr
kind: Deployment
…
spec:
args: [
"--pool-member-type=nodeport",

30. BIG-IP VE
Node 1
OpenShift Cluster
VXLAN Tunnel
BIG-IP Ctlr Productpage
CIS Components – Controller - Cluster
Node 2
ReviewsDetails RatingsProductpage
OpenShift SDN
Considerations
Cluster vs Nodeport
Multiple vs Single VS
Configmap vs Route
kind: Deployment
…
spec:
args: [
"--pool-member-type=cluster",
… Docs

31. BIG-IP VE
Node 1
OpenShift Cluster
VXLAN Tunnel
BIG-IP Ctlr Productpage
CIS Components - ConfigMap
Node 2
ReviewsDetails RatingsProductpage
OpenShift SDN
kind: ConfigMap
apiVersion: v1
metadata:
name: application.vs.https
labels:
f5type: virtual-server
as3: "true"
data:
F5 Configuration
Three Flavors
bigip-virtual-server Schema
iApp
AS3 Schema

32. OpenShift ConfigMap to F5 VIP
---
apiVersion: v1
kind: Service
metadata:
name: productpage
labels:
app: productpage
service: productpage
cis.f5.com/as3-tenant: AS3
cis.f5.com/as3-app: productpage
cis.f5.com/as3-pool: productpage_pool
kind: ConfigMap
apiVersion: v1
metadata:
name: productpage.vs.https
labels:
f5type: virtual-server
as3: "true"
data:
template: |
{
"class": "AS3",
"AS3": {
"class": "Tenant",
"productpage": {
…
Service ConfigMap F5 Configs

33. Simplified Deployments
Shared
Network
Node
Pod Pod
Pod Pod
Node
Pod Pod
Pod Pod
Manifests

34. https://clouddocs.f5.com/containers/v2/openshift/kctlr-openshift-bigip-ha.html
That’s Cool – How does HA work?

35. Questions?

36. Next Steps
WWT Labs
F5 CIS Resources
https://clouddocs.f5.com/containers/v2/
https://clouddocs.f5.com/containers/v2/releases_and_versioning.html
https://f5cloudsolutions.herokuapp.com/
https://github.com/F5Networks/k8s-bigip-ctlr/issues
https://www.wwt.com/lab/openshift-101-lab
https://www.wwt.com/lab/openshift-cicd-lab
https://www.wwt.com/lab/f5-ansible-automation-training-lab
https://www.wwt.com/lab/f5-nginx-lab

37. WWT Platform & WWT ATC - https://www.wwt.com/
Explore Networking Application Delivery Controllers
WWT F5 OpenShift Lab
W h e r e t o f i n d u s