Managing a Service with the F5 App Services Integration iApp and the F5 Marathon BIG-IP Controller

 

 

The App Services Integration iApp provides an iApp template that can be used to automate and orchestrate Layer 4-7 application service deployments using F5 Networks BIG-IP/iWorkflow Products. Also, this template serves as a common integration point for third party SDN/NFV/Automation/Orchestration products. In this particular case I'll show how to automate service management with this iApp in Marathon via the F5 Marathon BIG-IP Controller.

Marathon and Kubernetes are production-grade container orchestration platforms for automating deployment, scaling, and management of containerized applications. F5’s Container Connectors (CCs) understand these container orchestration environments. The CCs provide PaaS-native integrations for F5 BIG-IP devices and the F5 Application Services Proxy (ASP). The F5 Marathon BIG-IP Controller is a Marathon Application that manages F5 BIG-IP Local Traffic Manager (LTM) services. It watches the Marathon API for the creation/destruction/modification of Marathon Apps; when it discovers an App with F5 labels applied, it automatically manages BIG-IP objects or deploys application services using iApps.

In the following example, I'll demonstrate the combined effectiveness of these two technologies to create and manage an application service that implements a simple L7 policy.

Start the Marathon BIG-IP Controller

Launch the F5 Marathon BIG-IP Controller in Marathon via the Marathon REST API or the Marathon Web Interface. The environment variables configure how the controller connects to Marathon, BIG-IP, and what BIG-IP partitions it manages.

 

Start a service and annotate it with F5 Application Labels

Next, start an application in Marathon and configure it with F5 application labels: key-value pairs that correspond to BIG-IP configuration options.

 

The Marathon BIG-IP Controller automatically discovers the application and its labels, then configures the BIG-iP appropriately; creating, deleting, and updating BIG-IP resources such as Virtual Servers, Pools, Health Monitors, and Policies.

 

The application labels can be simple key-value pairs or JSON-formatted tables, such as the L7 Policy Rules:

F5_0_IAPP_TABLE_l7policy__rulesMatch={"rows": [["0", "http-uri/request/path", "no", "starts-with", "/env", "no", "no"], ["default", "", "no", "", "", "no", "no"]], "columns": ["Group", "Operand", "Negate", "Condition", "Value", "CaseSensitive", "Missing"]}
F5_0_IAPP_TABLE_l7policy__rulesAction={"rows": [["0", "forward/request/reset", "none"], ["default", "forward/request/select/pool", "pool:0"]], "columns": ["Group", "Target", "Parameter"]}

Refer to the Application Service iApp Reference Guide for a complete description of all available configuration options.

Scale App in Marathon

When the application is scaled, the Marathon BIG-IP Controller detects this and creates (or deletes) the pool members to match.

  

Verify L7 Policy

Verify that the configured L7 policy functions as expected. The simple L7 policy configured here will reset the connection for HTTP requests that contain a path of "/env" and forward all other requests to Pool 0.

 

user@test:~$ curl 172.16.3.2:8080
Hello from d9fea065-4f60-47d3-b6ae-352c854cf5be :0)

user@test:~$ curl 172.16.3.2:8080/env
curl: (56) Recv failure: Connection reset by peer

 

This was was a simple example of F5's Container Connector for Marathon. To learn more about F5's Container Integrations for Marathon and Kubernetes, please see the documentation.