本文主要介绍第三个声明式组件Application Services 3 Extension(以下简称AS3)的使用方式。
AS3提供了一种声明式的方式来配置F5 BIGIP的L4-L7的配置,包括LTM,DNS,AFM,ASM等模块的配置,它支持multi-tenant和multi route-domain的配置。
包含但不限于以下配置:
- L3/L4: VIP. Pool SNAT Monitors, Profiles, etc.
- HTTP/HTTPS ADC
- L4 Firewall Policy Support (AFM Policy attachment)
- HTTP/HTTPS L7 Security
- ASM/APM policy attachment
- Traffic Profiles (Endpoint Policy attachment / construction)
- iRules
- SSL/TLS
- Methods for loading policies and iRules: base64 & URL
...
目前AS3和DO一样,支持RPM包安装在f5上,也支持用一个as3的docker容器来代理这些API的交互,当然目前也支持通过BIGIQ来下发这些AS3的json文件配置到每个BIGIP中,方便集中管理,帮助用户更好的实现SuperNetOps。
当然,要使用AS3,和DO一样,也是需要一些预备的条件的:
- 必须使用v12.1或者以上的版本
- 进行API交互的账号,必须有administrator role的权限。
一个简单的AS3例子如下:
{
"class": "AS3",
"action": "deploy",
"targetHost": "192.0.2.76",
"targetUsername": "admin",
"targetPassphrase": "admin",
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"id": "container",
"label": "Sample 1 in a container",
"remark": "Simple HTTP application with RR pool",
"Sample_container": {
"class": "Tenant",
"A1": {
"class": "Application",
"template": "http",
"serviceMain": {
"class": "Service_HTTP",
"virtualAddresses": [
"10.0.1.10"
],
"pool": "web_pool"
},
"web_pool": {
"class": "Pool",
"monitors": [
"http"
],
"members": [{
"servicePort": 80,
"serverAddresses": [
"192.0.1.10",
"192.0.1.11"
]
}]
}
}
}
}
}
然后把这个JSON文件,POST到https://[BIGIP-IP]:PORT/mgmt/shared/appsvcs/declare即可。
更多详细的介绍,请参考https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/