本文主要介绍第三个声明式组件Application Services 3 Extension(以下简称AS3)的使用方式。
AS3提供了一种声明式的方式来配置F5 BIGIP的L4-L7的配置,包括LTM,DNS,AFM,ASM等模块的配置,它支持multi-tenant和multi route-domain的配置。
包含但不限于以下配置:
- L3/L4: VIP. Pool SNAT Monitors, Profiles, etc. - HTTP/HTTPS ADC - L4 Firewall Policy Support (AFM Policy attachment) - HTTP/HTTPS L7 Security - ASM/APM policy attachment - Traffic Profiles (Endpoint Policy attachment / construction) - iRules - SSL/TLS - Methods for loading policies and iRules: base64 & URL ...
目前AS3和DO一样,支持RPM包安装在f5上,也支持用一个as3的docker容器来代理这些API的交互,当然目前也支持通过BIGIQ来下发这些AS3的json文件配置到每个BIGIP中,方便集中管理,帮助用户更好的实现SuperNetOps。
当然,要使用AS3,和DO一样,也是需要一些预备的条件的:
- 必须使用v12.1或者以上的版本
- 进行API交互的账号,必须有administrator role的权限。
一个简单的AS3例子如下:
{ "class": "AS3", "action": "deploy", "targetHost": "192.0.2.76", "targetUsername": "admin", "targetPassphrase": "admin", "declaration": { "class": "ADC", "schemaVersion": "3.0.0", "id": "container", "label": "Sample 1 in a container", "remark": "Simple HTTP application with RR pool", "Sample_container": { "class": "Tenant", "A1": { "class": "Application", "template": "http", "serviceMain": { "class": "Service_HTTP", "virtualAddresses": [ "10.0.1.10" ], "pool": "web_pool" }, "web_pool": { "class": "Pool", "monitors": [ "http" ], "members": [{ "servicePort": 80, "serverAddresses": [ "192.0.1.10", "192.0.1.11" ] }] } } } } }
然后把这个JSON文件,POST到https://[BIGIP-IP]:PORT/mgmt/shared/appsvcs/declare即可。
更多详细的介绍,请参考https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/