PRESENTED BY:

Dynamic App Services in Containers

• Apps and container market overview• Container description and benefits• Container platforms and orchestration tools• Container integrations: F5 Container Connector• Live and recorded demos:

• Kubernetes deployments: Helm charts and orchestration• Gain visibility using Prometheus integration

• Ordering, documentation, and online resources• Q & A

Related Labs: Intro for Container Ecosystems and Advanced Lab for Red Hat OpenShift Platforms

Long-lived

Monolithic and built on a single stack

Deployed to a single server

Development is iterative and constant

Built from loosely coupled components

Deployed to a multitude of servers

2000 2018

• Cloud is here:o Currently 85% multi-

cloudo 41% of workloads in

cloud• Benefits: Faster

infrastructure, greater scalability

• 53% optimizing clouds 52% moving workloads to clouds

The Future Is Cloudy

• Modular application construction is now dominant

• Emergence of development integrated with operations

• Shared ownership of applications is beginning to take root

• Automation is key

DevOps Is Rising

• Containerized microservices are gaining popularity

• Orchestration is part of the application landscape• Kubernetes,

OpenShift, Cloud Foundry, Mesos

• Analytics now built into applications

Technology Is Changing

Lightweight alternative for app development

App runs without guest VMs

Portability: Easy lift and shift to clouds or vice versa

•

•

o 2016: 8% deployed, 76% evaluatedo 2017: 45% deployed, 55% evaluated

• Future: containers become dominant app development platform

••

••

••••

© F5 Networks

Container-as-a-Service(CaaS)

Platform-as-a-Service(PaaS)

• Open-source app development environments

• Enhanced agility and scaling

• Platform independence and portability—containers can be transferred between public and private clouds

• Platform automatically packages software into containers and provides compute resources

• Lets developers focus on writing code for greater agility

• Provide container engines, orchestration tools and compute resources

• Requires the developer to package software into containers

Container Environments

Application Services for Container and PaaS Environments

F5 Container Connector

F5 Application Services in Container and PaaS Environments

Simplify and scale app services deployment through automated service discovery and insertion

Dynamically configure and manage ingress control services using BIG-IP

platform for container apps

Leverage blue/green and A/B traffic management for scaling two or more

apps in production or dev./test

Native Integration with Container and PaaS

Frictionless deployment of app services

Enable self-service traffic management for app teams

Improve user experience through integration with existing native app

deployment workflows

Deploy apps faster with pre-defined templates for simplified policy

management

Enable Self-Service for DevOps

Automate for faster app deployments

Achieve complete view of all traffic exported for easier resolution of

issues

Enhance app insights through integration with analytics platforms

Deliver consistent policies across established and emerging apps

Application Visibility and Management

Gain end-to-end app visibility with data export

F5 Container Integrations: Use Cases

Integrates natively with containers and PaaS for ingress control app

performance and security

Enable self-service for DevOps –deploy app services in seconds with

orchestration

Automated discovery and services insertion – dynamically create,

modify, and remove app services

Dynamic App Services For Container Environments

Frictionless App Services Insertion

Spin app delivery services up and down automatically across

multiple clouds

Advance security protections and mitigate expensive cloud attack

traffic

Flexibility in consuming app services with hourly and

subscription VEs

Auto-Scale and Secure Cloud Container Apps Align DevOps Velocity with Automated App Services

SSL

Manage app protection with advanced security services

Automatically create and scale protection by subscribing to

container events

Integrate with vulnerability assessment for patching and gain

attack insights from F5 and 3rd

party solutions

Advanced Container App Protection

Simplify and CentralizeSecurity Services

WAF

DDoS

© F5 Networks

Streamlined App Migration

Scale Multiple App Versions Simultaneously

Leverage A/B testing and blue/green traffic management

Engage many load balancing methods and customize traffic

streams

Protect applications in development and production from malicious

attacks and DDoS threats

v1

v2

v3

Dynamic App Services For Container EnvironmentsFrictionless And Automated App Services Insertion

Benefits: • Frictionless app services for containers – integrates

natively with container environments, enabling ingress control for app performance.

• Enable self-service for DevOps – spin up, spin down app services in seconds within orchestration and enable self-service selection.

• Automated discovery and services insertion –dynamically create, modify, and remove app services based on container events.

• Elastic app services – increases app performance, enables access control, and delivers app protection.

• Faster deployment and greater visibility – rapid deployment with predefined BIG-IP templates and obtain complete visibility for fast resolution.

Problem: Constant manual changes with container services causes lack of agility and increases friction.

Solutions: • F5 Container Connector• F5 BIG-IP App Delivery Services

Node 2Node 1

Container Environments

F5 BIG-IP App performance

and security services

Visibility and analytics

F5 Container Connector

App

Serv

ices

Acr

oss

Net

wor

k Orchestration

© F5 Networks

Auto-Scale and Secure Cloud Container AppsAlign DevOps Velocity with Automated, Spin-Up App Services

Benefits: • Automated spin up/down services – with BIG-

IP app performance and security for dev/prod.

• Advanced security protections – enables app attack mitigation and access control.

• Reduce expensive attack traffic – on cloud services. Keep malicious communications away from your cloud app workloads.

• Flexibility app service licensing – per-app VE options for app dedication. Full VE subscription for all apps in all environments.

Container Environments

Problems: AppDev needs automated spin up and down container app delivery services in the public cloud.• Apps with public IPs are attacked by bots and hackers. • Production and dev/test apps need service elasticity

Solutions: • F5 BIG-IP VE • F5 Container Connector

BIG-IP App Performance

and Security

Visibility and Analytics

Node 1

BIG-IP App Performance

and Security

Node 2

Cloud LB

Zone 1 Zone 2

F5 Container Connector

Orchestration

© F5 Networks

Benefits:• Simplify and centralize security services – Enable

front-door security service protection from bots, DDoS attacks, unauthorized access, and app data leakage

• Automatically create and scale protection – By subscribing to container events to auto-protect new apps using BIG-IP templates

• Gain attack insights – From logging, reporting, and analytics. Visualize attack traffic via data stream export to 3rd party SIEM and analytics for in-depth review

• Integrate with vulnerability assessment – Scan and patch app vulnerabilities in development and production

Simplify and Centralize Security Services

Node 2Node 1

Container Environments

Visibility and Analytics

Problems: Security workloads are difficult to deploy.• Container apps need security services outside of

the environment for advanced protection.• Competitive solutions lack robust security services.

Solutions: • F5 BIG-IP physical or virtual appliance• F5 Container Connector

F5 BIG-IP App Performance and

Security Services

3rd Party DAST Vulnerability Assessment

F5 Container Connector

Orchestration

Streamlined App Migration to Newer Versions Support Blue/Green and A/B Application Testing

Red Hat OpenShift

F5 BIG-IP App performance

and security services

Visibility and Analytics

F5 Container Connector

75%

25%

Node 1 Node 2

Pool A:

Pool B:

A B A B

v1 v2 v1 v2

Orchestration

Benefits:

• Leverage blue/green and A/B traffic management in OpenShift for scaling two versions of same app in production or dev and test at the same time

• Select from many BIG-IP load balancing methods such as fastest ratio or custom load balancing using iRules, unlike other ingress controllers

• Advanced security services during the app development and production lifecycle such as DDoS protection and WAF for ongoing protection

Problem: Multiple app versions during production and development require migration and app services.

Solutions: • F5 Container Connector• F5 BIG-IP App Delivery Services

© F5 Networks

“Ingress” = HTTP routing:

• Currently defined as only HTTP routing (L7)

• Kubernetes/OpenShift resource• Handled by Ingress controller:

• Container Connector + BIG-IP

“ingress” = Access into the container environment:• L4 traffic • UDP traffic management• Non-HTTP L7 routing • Handled by ingress controller:

• Container Connector + BIG-IP

What’s the difference?Ingress can refer to HTTP Routing or a collection of rules to reach the cluster services andingress refers to inbound connections, app load balancing, programmability and security services.

Problem: Manual deployment in Kubernetes when multiple containers used. Need enhanced, rapid deployment capability.

Simplify Container Integration Deployments Using Pre-Configured Kubernetes Helm Charts

• Simplifies Container Connector deployments – Easy reproduction, consumability, upgrades, and composability for container integrations

• Enables efficient resourcing – Pre-configured Kubernetes integration resources are packaged, versioned and consumed for quality repetition

Solutions: • F5 Container Connector with helm charts• F5 BIG-IP app delivery services

Current helm charts deployed Define helm chart for Ingress services New helm chart deployed for Ingress

Helm Charts:demo-web-app-0.0.1f5-big-ip-ctlr-0.0.3

Helm Charts:demo-web-app-0.0.1f5-big-ip-ctlr-0.0.3f5-bigip-ingress-0.0.4

Helm Install:

-f app-v1.yaml f5-stable/f5-big-ip-ingress

More Helm Chart examples on https://github.com/F5Networks/charts. Scroll down to see CLI Helm install example below.

Package manager for Kubernetes

Benefits:

LIVE DEMO BY DAVID

F5 Aspen Mesh

Locationaspenmesh.io

Location

Session: The not-so-great eight of microservices

Integration to managed Kubernetes services:

AKS, EKS, GKE

F5 CONTAINER CONNECTOR SERVICE MESH VISUALIZATION AND

ANALYTICSPROGRAMMABILITY AND INTEGRATION

F5 iRules LXF5 BIG-IP

F5 Container Connector

F5 DevCentral

REST API

F5 BIG-IQ

Licensed? Location? Open Source?

Container Connector No charge DockerHub, GitHub, Red Hat YesBIG-IP Per appliance and module F5 No

BIG-IP Virtual Edition Per VE and module F5 NoVIPRION chassis Per chassis, blade, and

moduleF5 No

• No charge required to run F5 Container Connector • Licensing is for BIG-IP per appliance/chassis/VE and any add-on modules• Support for Container Connector is included with a BIG-IP services contract

© F5 Networks

• Clouddocs.f5.com • Kubernetes concepts

© F5 Networks

With you throughout the solution lifecycle

OptimizeMaximize performance, health, securityProactive assessments and integration

iHealth / AskF5 / DevCentralCertification

ArchitectDesign for best-practices deploymentsSolution definition workshopsDesign and assessments

MaintainEnsure continued availability

Upgrades and expert servicesWorld-class support

Premium plus and enhanced services

ImplementDeploy quickly and optimallyInstallations and migrationsWeb and onsite training

© F5 Networks

• Self-service selection and automation to spin up and down in seconds• Enhance app performance and security for containers• Enable Ingress control for routing, load balancing, app services, and

security • Gain visibility for fast issue resolution• Employ a broad ecosystem of connectors • Easily integrate with APIs for more app services

Learn more at https://f5.com/products/application-delivery/container-integrations

© F5 Networks