Table of Contents
- LoadBalancer Type Service
- CRD
- CRD Arcadia
- Configmap Hub Mode
- Configmap Hub Mode Debug
- Configmap Hub Mode Per Tenants Update
- Installation - Limited CIS RBAC
- Installation - Limited BIG-IP User Account
- Configmap Isolation with L4/l7 Application ADC
- Configmap Management isolation
- Configmap Canary
- Configmap Arcadia
- Configmap Arcadia Across Namespace Routing
- Configmap Path Based Route
- Configmap FastL4 Vs Standard
- Configmap AS3 Performance
1. Install both CIS and IPAM Controller
kubectl apply -f loadbalancer/install/ns.yaml
kubectl apply -f loadbalancer/install/ipam/rbac.yaml
kubectl apply -f loadbalancer/install/ipam/localstorage-pv-pvc.yaml
kubectl apply -f loadbalancer/install/ipam/ipam_schema.yaml
kubectl apply -f loadbalancer/install/ipam/fic.yaml
kubectl create secret generic bigip-login --from-literal=username=admin --from-literal=password=admin -n bigip-ctlr
kubectl apply -f loadbalancer/install/rbac.yaml
kubectl apply -f loadbalancer/install/customresourcedefinitions.yaml
kubectl apply -f loadbalancer/install/cis.yamlExecute kubectl get pods -n bigip-ctlr to verify the installation.
2. Deploy App
kubectl apply -f loadbalancer/ttcp.yaml
kubectl apply -f loadbalancer/cafe.yaml1. Install CIS Controller
kubectl apply -f crd/install/ns.yaml
kubectl create secret generic bigip-login --from-literal=username=admin --from-literal=password=admin -n bigip-ctlr
kubectl apply -f crd/install/rbac.yaml
kubectl apply -f crd/install/customresourcedefinitions.yaml
kubectl apply -f crd/install/cis.yaml2. Deploy app
kubectl apply -f crd/cafe.yaml
kubectl apply -f crd/ttcp.yaml3. App delivery
kubectl apply -f crd/vs.yaml
kubectl apply -f crd/transport.yaml1. Deploy
kubectl apply -f arcadia/arcadia.yaml2. App delivery
kubectl apply -f arcadia/vs.yaml1. Install CIS Controller
kubectl apply -f configmap-hub/install/ns.yaml
kubectl create secret generic bigip-login --from-literal=username=admin --from-literal=password=admin -n bigip-ctlr
kubectl apply -f configmap-hub/install/rbac.yaml
kubectl apply -f configmap-hub/install/cis.yaml2. Deploy App
kubectl apply -f configmap-hub/apps.yaml3. Deploy Configmap
kubectl apply -f configmap-hub/cm-hub-1.yaml
kubectl apply -f configmap-hub/cm-hub-2.yamlThe above configmap will demostrate:
-
Hub mode with 2 hub configmap in 2 namespace
-
AS3 pool member’s
servicePortis optional, container exposed port is 8080, but AS3 pool member port is 8088
"members": [
{
"servicePort": 8088,-
Immediate Action On Service Down reset mode
"serviceDownImmediateAction": "reset",4. Verify deployment via tmsh
~ # tmsh list auth partition | grep cistest | awk '{print $3}'
cistest1
cistest2
cistest3
cistest4
cistest5
~ # tmsh list ltm virtual /cistest3/app-1/app_svc_vs | grep reset
service-down-immediate-action reset5. #1387 duplicated label verification
kubectl apply -f configmap-hub/duplicated-label.yamlCheck from cis pod log, the following logs
2022/05/16 08:44:11 [WARNING] [CORE] Multiple Services are tagged for this pool. Using oldest service endpoints.
Service: app-svc-1, Namespace: cistest1,Timestamp: 2022-05-16 08:07:30 +0000 UTC
2022/05/16 08:44:12 [WARNING] [CORE] Multiple Services are tagged for this pool. Using oldest service endpoints.
Service: app-svc-1, Namespace: cistest1,Timestamp: 2022-05-16 08:07:30 +0000 UTC6. Tear down
kubectl delete -f configmap-hub/duplicated-label.yaml
kubectl delete -f configmap-hub/cm-hub-1.yaml
kubectl delete -f configmap-hub/cm-hub-2.yaml
kubectl delete -f configmap-hub/apps.yaml
kubectl delete -f configmap-hub/install/rbac.yaml
kubectl delete -f configmap-hub/install/cis.yaml
kubectl delete -f configmap-hub/install/ns.yaml1. Install CIS Controller
kubectl apply -f configmap-debug/install/ns.yaml
kubectl create secret generic bigip-login --from-literal=username=admin --from-literal=password=admin -n bigip-ctlr
kubectl apply -f configmap-debug/install/rbac.yaml
kubectl apply -f configmap-debug/install/cis.yaml1. Install CIS Controller
kubectl apply -f configmap-filter-tenants/install/ns.yaml
kubectl create secret generic bigip-login --from-literal=username=admin --from-literal=password=admin -n bigip-ctlr
kubectl apply -f configmap-filter-tenants/install/rbac.yaml
kubectl apply -f configmap-filter-tenants/install/cis.yaml2. Use the following script to test CIS control plane performance
kubectl apply -f configmap-filter-tenants/deploy-10.yaml
kubectl apply -f configmap-filter-tenants/cm-10.yaml3. Delete 1 service’s pods 10 times
ns=cistest010 ; for j in {1..10} ; do for i in $(kubectl get pods -n $ns --no-headers | awk '{print $1}') ; do kubectl delete pod $i -n $ns ; done ; done4. Delete and create all 30 services 3 times
for i in {1..3} ; do kubectl delete -f configmap-debug/deploy.yaml ; kubectl apply -f configmap-debug/deploy.yaml ; echo; done ;5. Clean up
kubectl delete -f configmap-debug/cm.yaml
kubectl delete -f configmap-debug/deploy.yaml
kubectl delete -f configmap-debug/install/cis.yaml
kubectl delete -f configmap-debug/install/rbac.yaml
kubectl delete -f configmap-debug/install/ns.yaml1. Install CIS Controller
kubectl apply -f configmap-limited-rbac/install/ns.yaml
kubectl create secret generic bigip-login --from-literal=username=admin --from-literal=password=admin -n bigip-ctlr
kubectl apply -f configmap-limited-rbac/install/rbac-small.yaml
kubectl apply -f configmap-limited-rbac/install/cis.yaml2. Clean up
kubectl delete -f configmap-debug/install/cis.yaml
kubectl delete -f configmap-debug/install/rbac.yaml
kubectl delete -f configmap-debug/install/ns.yaml1. Install
kubectl apply -f configmap-limited-bigip-account/install/ns.yaml
kubectl create secret generic bigip-login --from-literal=username=cis_user --from-literal=password=default -n bigip-ctlr
kubectl apply -f configmap-limited-bigip-account/install/rbac.yaml
kubectl apply -f configmap-limited-bigip-account/install/cis.yaml2. Deploy App
kubectl apply -f configmap-limited-bigip-account/deploy.yaml
kubectl apply -f configmap-limited-bigip-account/cm.yaml3. Create a customized BIG-IP User
create auth user cis_user password default partition-access add { all-partitions { role admin } }|
Note
|
The admin role is necessary for CIS to work. |
1. Install
kubectl apply -f configmap-advanced-adc/install/ns.yaml
kubectl create secret generic bigip-login --from-literal=username=cis_user --from-literal=password=default -n bigip-ctlr
kubectl apply -f configmap-advanced-adc/install/rbac.yaml
kubectl apply -f configmap-advanced-adc/install/cis.yaml2. Deploy APP
kubectl apply -f configmap-advanced-adc/cafe.yaml
kubectl apply -f configmap-advanced-adc/ttcp.yaml3. Deliver APP
kubectl apply -f configmap-advanced-adc/cm-cafe.yaml
kubectl apply -f configmap-advanced-adc/cm-ttcp.yamlThe L7 ADC will demostrate:
-
Cookie persistence with insert method
-
Cookie encription with random cipher text
-
Service down immediate action with drop
-
Health monitor with path and response pattern mapping
-
XFF via iRule
-
Least connections member load balancer algorithm
-
Customized snat address
-
Customized TCP attributes
The L4 ADC will demostrate:
-
Source address persistence
-
Customized snat address
-
Enabled Connection mirroring
-
TCP half open health monitoring
-
Least connections member load balancer algorithm
1. Install
kubectl apply -f configmap-management-isolation/install/ns.yaml
kubectl create secret generic bigip-login --from-literal=username=cis_user --from-literal=password=default -n bigip-ctlr
kubectl apply -f configmap-management-isolation/install/rbac.yaml
kubectl apply -f configmap-management-isolation/install/cis.yaml2. Deploy APP
kubectl apply -f configmap-management-isolation/deploy.yaml3. Deliver APP 1(this will failed due to configmap syntax err)
kubectl apply -f configmap-management-isolation/cm-cistest001.yamlCheck from the cis log, the following errors show up:
2022/06/06 09:19:42 [ERROR] [AS3] Big-IP Responded with error code: 4224. Deliver APP 2
kubectl apply -f configmap-management-isolation/cm-cistest002.yamlCheck from BIG-IP VE, the test002 be delivered successfully even the app 1 delivered failed.
[root@bigip1:Active:Standalone] config # tmsh list ltm virtual /cistest002/app-svc-1-app/app-svc-1-app-vs
ltm virtual /cistest002/app-svc-1-app/app-svc-1-app-vs {
creation-time 2022-06-06:16:57:13
description app-svc-1-app
destination /cistest002/10.10.10.2:http
ip-protocol tcp
last-modified-time 2022-06-06:16:57:13
mask 255.255.255.255
partition cistest002
persist {
cookie {
default yes
}
}
pool /cistest002/app-svc-1-app/app-svc-1-app-pool
profiles {
f5-tcp-progressive { }
http { }
}
serverssl-use-sni disabled
source 0.0.0.0/0
source-address-translation {
pool /cistest002/app-svc-1-app/app-svc-1-app-vs-self
type snat
}
translate-address enabled
translate-port enabled
vs-index 1947
}1. Install
kubectl apply -f configmap-canary/install/ns.yaml
kubectl create secret generic bigip-login --from-literal=username=cis_user --from-literal=password=default -n bigip-ctlr
kubectl apply -f configmap-canary/install/rbac.yaml
kubectl apply -f configmap-canary/install/cis.yaml2. Deploy APP(Deploy 2 version of app, 1.0 version on test001, 1.1 version on test002)
kubectl apply -f configmap-canary/backend-canary.yaml| Methods | Steps |
|---|---|
URL |
Deliver kubectl apply -f configmap-canary/cm-canary-v1.yaml kubectl apply -f configmap-canary/cm-canary-v2.yaml kubectl apply -f configmap-canary/cm-canary-url.yaml Test curl 192.168.200.13/foo |
URL Parameter |
Deliver kubectl apply -f configmap-canary/cm-canary-v1.yaml kubectl apply -f configmap-canary/cm-canary-v2.yaml kubectl apply -f configmap-canary/cm-canary-parametes.yaml Test curl 192.168.200.13/foo?name=1010 |
Source Address |
Deliver kubectl apply -f configmap-canary/cm-canary-v1.yaml kubectl apply -f configmap-canary/cm-canary-v2.yaml kubectl apply -f configmap-canary/cm-canary-sourceaddr.yaml Test curl 192.168.200.13/foo |
Http Header |
Deliver kubectl apply -f configmap-canary/cm-canary-v1.yaml kubectl apply -f configmap-canary/cm-canary-v2.yaml kubectl apply -f configmap-canary/cm-canary-headers.yaml Test curl 192.168.200.13/foo --header "Canary: true" |
Cookie |
Deliver kubectl apply -f configmap-canary/cm-canary-v1.yaml kubectl apply -f configmap-canary/cm-canary-v2.yaml kubectl apply -f configmap-canary/cm-canary-cookie.yaml Test curl 192.168.200.13/foo --cookie "Canary=true" |
Ratio |
Deliver kubectl apply -f configmap-canary/cm-canary-v1.yaml kubectl apply -f configmap-canary/cm-canary-v2.yaml kubectl apply -f configmap-canary/cm-canary-ratio.yaml Test curl 192.168.200.13/foo |
1. Install
kubectl apply -f configmap-arcadia/install/ns.yaml
kubectl create secret generic bigip-login --from-literal=username=cis_user --from-literal=password=default -n bigip-ctlr
kubectl apply -f configmap-arcadia/install/rbac.yaml
kubectl apply -f configmap-arcadia/install/cis.yaml2. Deploy APP
kubectl apply -f configmap-arcadia/arcadia.yaml3. Deliver APP
kubectl apply -f configmap-arcadia/cm-v1.yaml
kubectl apply -f configmap-arcadia/cm.yamlRouting Rules
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/api" } {
pool /arcadia/api/api-svc-pool
} elseif { [HTTP::uri] starts_with "/files" } {
pool /arcadia/backend/backend-svc-pool
} elseif { [HTTP::uri] starts_with "/app3" } {
pool /arcadia/refer/refer-svc-pool
} else {
pool /arcadia/main/main-svc-pool
}
}1. Install
kubectl apply -f configmap-arcadia/install/ns.yaml
kubectl create secret generic bigip-login --from-literal=username=cis_user --from-literal=password=default -n bigip-ctlr
kubectl apply -f configmap-arcadia/install/rbac.yaml
kubectl apply -f configmap-arcadia/install/cis.yaml2. Deploy APP
kubectl apply -f configmap-arcadia/arcadia-backend.yaml
kubectl apply -f configmap-arcadia/arcadia-api.yaml
kubectl apply -f configmap-arcadia/arcadia-refer.yaml
kubectl apply -f configmap-arcadia/arcadia-main.yaml3. Deliver APP
kubectl apply -f configmap-arcadia/cm-backend.yaml
kubectl apply -f configmap-arcadia/cm-api.yaml
kubectl apply -f configmap-arcadia/cm-refer.yaml
kubectl apply -f configmap-arcadia/cm-main.yamlRouting Rules
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/api" } {
pool /arcadia-api/api/api-svc-pool
} elseif { [HTTP::uri] starts_with "/files" } {
pool /arcadia-backend/backend/backend-svc-pool
} elseif { [HTTP::uri] starts_with "/app3" } {
pool /arcadia-refer/refer/refer-svc-pool
} else {
pool /arcadia-main/main/main-svc-pool
}
}1. Install
kubectl apply -f configmap-routing/install/ns.yaml
kubectl create secret generic bigip-login --from-literal=username=cis_user --from-literal=password=default -n bigip-ctlr
kubectl apply -f configmap-routing/install/rbac.yaml
kubectl apply -f configmap-routing/install/cis.yaml3. Deploy APP
kubectl apply -f deploy.yaml3. Depliver APP
kubectl apply -f configmap-routing/cm.yaml1. Install
kubectl apply -f configmap-fastl4-standard/install/ns.yaml
kubectl create secret generic bigip-login --from-literal=username=cis_user --from-literal=password=default -n bigip-ctlr
kubectl apply -f configmap-fastl4-standard/install/rbac.yaml
kubectl apply -f configmap-fastl4-standard/install/cis.yaml2. Deploy APP
kubectl apply -f configmap-fastl4-standard/deploy.yaml3. Deliver APP
kubectl apply -f configmap-fastl4-standard/cm-l4.yaml
kubectl apply -f configmap-fastl4-standard/cm-http.yaml1. Install
kubectl apply -f configmap-as3/install/ns.yaml
kubectl create secret generic bigip-login --from-literal=username=cis_user --from-literal=password=default -n bigip-ctlr
kubectl apply -f configmap-as3/install/rbac.yaml
kubectl apply -f configmap-as3/install/cis.yaml2. Deploy APP
kubectl apply -f configmap-as3/deploy.yaml**