在K8s中通过AS3调用Policy实现多pool配置
2019-12-19 10:37:38
路瑞强
CIS可以支持iapp和AS3,从目前的情况看,F5建议采用AS3。但AS3的pool类中只能配置一个pool。对于很多用户都有配置多个pool的需求,这里提供两种方法配置多个pool
1.
使用policy实现多个pool的配置
2. 使用iRules实现多个pool的配置
这里以2个pool为例。
本文档介绍policy的方式。
下面是两个service、F5 CIS以及AS3的模板:
|
Service
1 : apiVersion:
v1 kind:
Service metadata: creationTimestamp:
2019-09-10T06:58:41Z labels: app:
svc-1 name:
svc-1 namespace:
default resourceVersion:
"5990367" selfLink:
/api/v1/namespaces/default/services/svc-1 uid:
6bebd314-d398-11e9-9a58-fa163e8b240e spec: clusterIP:
172.30.181.9 externalTrafficPolicy:
Cluster ports: -
name: svc-1-80 nodePort:
30713 port:
80 protocol:
TCP targetPort:
80 selector: app:
svc-1 sessionAffinity:
None type:
NodePort status: loadBalancer:
{} |
|
Service
2 : apiVersion:
v1 kind:
Service metadata: creationTimestamp:
2019-09-10T06:58:55Z labels: app:
svc-2 name:
svc-2 namespace:
default resourceVersion:
"5990417" selfLink:
/api/v1/namespaces/default/services/svc-2 uid:
743e0d26-d398-11e9-9a58-fa163e8b240e spec: clusterIP:
172.30.90.66 externalTrafficPolicy:
Cluster ports: -
name: svc-2-80 nodePort:
30540 port:
80 protocol:
TCP targetPort:
80 selector: app:
svc-2 sessionAffinity:
None type:
NodePort status: loadBalancer:
{} |
|
Deployment
: labels: app:
k8s-bigip-ctlr name:
k8s-bigip-ctlr spec: containers: -
args: -
--bigip-username=admin -
--bigip-password=admin -
--bigip-url=10.145.68.219 -
--bigip-partition=openshift -
--pool-member-type=cluster -
--openshift-sdn-name=/Common/openshift_vxlan -
--manage-routes=true -
--route-vserver-addr=172.16.1.3 -
--log-level=debug -
--namespace=default -
--route-label=systest -
--insecure=true -
--agent=cccl command: -
/app/bin/k8s-bigip-ctlr image:
f5networks/k8s-bigip-ctlr:1.10.0 imagePullPolicy:
Always name:
k8s-bigip-ctlr resources:
{} terminationMessagePath:
/dev/termination-log terminationMessagePolicy:
File dnsPolicy:
ClusterFirst restartPolicy:
Always schedulerName:
default-scheduler securityContext:
{} serviceAccount:
bigip-ctlr serviceAccountName:
bigip-ctlr terminationGracePeriodSeconds:
30 status: availableReplicas:
1 conditions: -
lastTransitionTime: 2019-07-30T12:50:59Z lastUpdateTime:
2019-07-30T12:50:59Z message:
Deployment has minimum availability. reason:
MinimumReplicasAvailable status:
"True" type:
Available -
lastTransitionTime: 2019-08-19T09:37:15Z lastUpdateTime:
2019-09-16T09:10:37Z message:
ReplicaSet "k8s-bigip-ctlr-deployment-6bfc946cbf" has successfully
progressed. reason:
NewReplicaSetAvailable status:
"True" type:
Progressing observedGeneration:
113 readyReplicas:
1 replicas:
1 updatedReplicas:
1 |
|
{ "class": "ADC", "schemaVersion":
"3.2.0", "id":
"ltm_policy", "label": "", "remark": "Simple HTTP
application with LTM policy", "Sample_http_08": { "class":
"Tenant", "A1": { "class":
"Application", "template":
"http", "serviceMain":
{ "class":
"Service_HTTP", "virtualAddresses":
[ "172.16.3.3" ], "policyEndpoint":
"forward_policy" }, "web_pool1":
{ "class":
"Pool", "monitors":
[ "http" ], "members":
[ { "servicePort":
80, "serverAddresses":
[ "10.130.0.166" ] } ] }, "web_pool2":
{ "class":
"Pool", "monitors":
[ "http" ], "members":
[ { "servicePort":
80, "serverAddresses":
[ "10.129.0.148" ] } ] }, "forward_policy":
{ "class":
"Endpoint_Policy", "rules":
[ { "name":
"forward_to_pool1", "conditions":
[ { "type":
"httpUri", "path":
{ "operand":
"contains", "values":
[ “foo" ] } } ], "actions":
[ { "type":
"forward", "event":
"request", "select":
{ "pool":
{ "use":
"web_pool1" } } } ] }, { "name":
"forward_to_pool2", "conditions":
[ { "type":
"httpUri", "path":
{ "operand":
"contains", "values":
[ “bar" ] } } ], "actions":
[ { "type":
"forward", "event":
"request", "select":
{ "pool":
{ "use":
"web_pool2" } } } ] } ] } } } } |
在这个例子中,使用AS3支持了2个pool。实现的功能为:我们有两个pool: web_pool1和web_pool2,当请求的URL中包含foo时,流量转发到web_pool1;当请求的URL中包含bar的时候,流量转发到web_pool2。转发的规则是通过F5 policy来实现的。
发布评论 加入社群
相关文章
回复评论
发布评论