dynamic app services in containers · apps using big -ip templates • gain attack insights –...
TRANSCRIPT
PRESENTED BY:
Dynamic App Services in Containers
• Apps and container market overview• Container description and benefits• Container platforms and orchestration tools• Container integrations: F5 Container Connector• Live and recorded demos:
• Kubernetes deployments: Helm charts and orchestration• Gain visibility using Prometheus integration
• Ordering, documentation, and online resources• Q & A
Related Labs: Intro for Container Ecosystems and Advanced Lab for Red Hat OpenShift Platforms
Long-lived
Monolithic and built on a single stack
Deployed to a single server
Development is iterative and constant
Built from loosely coupled components
Deployed to a multitude of servers
2000 2018
• Cloud is here:o Currently 85% multi-
cloudo 41% of workloads in
cloud• Benefits: Faster
infrastructure, greater scalability
• 53% optimizing clouds 52% moving workloads to clouds
The Future Is Cloudy
• Modular application construction is now dominant
• Emergence of development integrated with operations
• Shared ownership of applications is beginning to take root
• Automation is key
DevOps Is Rising
• Containerized microservices are gaining popularity
• Orchestration is part of the application landscape• Kubernetes,
OpenShift, Cloud Foundry, Mesos
• Analytics now built into applications
Technology Is Changing
Lightweight alternative for app development
App runs without guest VMs
Portability: Easy lift and shift to clouds or vice versa
•
•
o 2016: 8% deployed, 76% evaluatedo 2017: 45% deployed, 55% evaluated
• Future: containers become dominant app development platform
••
••
••••
© F5 Networks
Container-as-a-Service(CaaS)
Platform-as-a-Service(PaaS)
• Open-source app development environments
• Enhanced agility and scaling
• Platform independence and portability—containers can be transferred between public and private clouds
• Platform automatically packages software into containers and provides compute resources
• Lets developers focus on writing code for greater agility
• Provide container engines, orchestration tools and compute resources
• Requires the developer to package software into containers
Container Environments
Application Services for Container and PaaS Environments
F5 Container Connector
F5 Application Services in Container and PaaS Environments
Simplify and scale app services deployment through automated service discovery and insertion
Dynamically configure and manage ingress control services using BIG-IP
platform for container apps
Leverage blue/green and A/B traffic management for scaling two or more
apps in production or dev./test
Native Integration with Container and PaaS
Frictionless deployment of app services
Enable self-service traffic management for app teams
Improve user experience through integration with existing native app
deployment workflows
Deploy apps faster with pre-defined templates for simplified policy
management
Enable Self-Service for DevOps
Automate for faster app deployments
Achieve complete view of all traffic exported for easier resolution of
issues
Enhance app insights through integration with analytics platforms
Deliver consistent policies across established and emerging apps
Application Visibility and Management
Gain end-to-end app visibility with data export
F5 Container Integrations: Use Cases
Integrates natively with containers and PaaS for ingress control app
performance and security
Enable self-service for DevOps –deploy app services in seconds with
orchestration
Automated discovery and services insertion – dynamically create,
modify, and remove app services
Dynamic App Services For Container Environments
Frictionless App Services Insertion
Spin app delivery services up and down automatically across
multiple clouds
Advance security protections and mitigate expensive cloud attack
traffic
Flexibility in consuming app services with hourly and
subscription VEs
Auto-Scale and Secure Cloud Container Apps Align DevOps Velocity with Automated App Services
SSL
Manage app protection with advanced security services
Automatically create and scale protection by subscribing to
container events
Integrate with vulnerability assessment for patching and gain
attack insights from F5 and 3rd
party solutions
Advanced Container App Protection
Simplify and CentralizeSecurity Services
WAF
DDoS
© F5 Networks
Streamlined App Migration
Scale Multiple App Versions Simultaneously
Leverage A/B testing and blue/green traffic management
Engage many load balancing methods and customize traffic
streams
Protect applications in development and production from malicious
attacks and DDoS threats
v1
v2
v3
Dynamic App Services For Container EnvironmentsFrictionless And Automated App Services Insertion
Benefits: • Frictionless app services for containers – integrates
natively with container environments, enabling ingress control for app performance.
• Enable self-service for DevOps – spin up, spin down app services in seconds within orchestration and enable self-service selection.
• Automated discovery and services insertion –dynamically create, modify, and remove app services based on container events.
• Elastic app services – increases app performance, enables access control, and delivers app protection.
• Faster deployment and greater visibility – rapid deployment with predefined BIG-IP templates and obtain complete visibility for fast resolution.
Problem: Constant manual changes with container services causes lack of agility and increases friction.
Solutions: • F5 Container Connector• F5 BIG-IP App Delivery Services
Node 2Node 1
Container Environments
F5 BIG-IP App performance
and security services
Visibility and analytics
F5 Container Connector
App
Serv
ices
Acr
oss
Net
wor
k Orchestration
© F5 Networks
Auto-Scale and Secure Cloud Container AppsAlign DevOps Velocity with Automated, Spin-Up App Services
Benefits: • Automated spin up/down services – with BIG-
IP app performance and security for dev/prod.
• Advanced security protections – enables app attack mitigation and access control.
• Reduce expensive attack traffic – on cloud services. Keep malicious communications away from your cloud app workloads.
• Flexibility app service licensing – per-app VE options for app dedication. Full VE subscription for all apps in all environments.
Container Environments
Problems: AppDev needs automated spin up and down container app delivery services in the public cloud.• Apps with public IPs are attacked by bots and hackers. • Production and dev/test apps need service elasticity
Solutions: • F5 BIG-IP VE • F5 Container Connector
BIG-IP App Performance
and Security
Visibility and Analytics
Node 1
BIG-IP App Performance
and Security
Node 2
Cloud LB
Zone 1 Zone 2
F5 Container Connector
Orchestration
© F5 Networks
Benefits:• Simplify and centralize security services – Enable
front-door security service protection from bots, DDoS attacks, unauthorized access, and app data leakage
• Automatically create and scale protection – By subscribing to container events to auto-protect new apps using BIG-IP templates
• Gain attack insights – From logging, reporting, and analytics. Visualize attack traffic via data stream export to 3rd party SIEM and analytics for in-depth review
• Integrate with vulnerability assessment – Scan and patch app vulnerabilities in development and production
Simplify and Centralize Security Services
Node 2Node 1
Container Environments
Visibility and Analytics
Problems: Security workloads are difficult to deploy.• Container apps need security services outside of
the environment for advanced protection.• Competitive solutions lack robust security services.
Solutions: • F5 BIG-IP physical or virtual appliance• F5 Container Connector
F5 BIG-IP App Performance and
Security Services
3rd Party DAST Vulnerability Assessment
F5 Container Connector
Orchestration
Streamlined App Migration to Newer Versions Support Blue/Green and A/B Application Testing
Red Hat OpenShift
F5 BIG-IP App performance
and security services
Visibility and Analytics
F5 Container Connector
75%
25%
Node 1 Node 2
Pool A:
Pool B:
A B A B
v1 v2 v1 v2
Orchestration
Benefits:
• Leverage blue/green and A/B traffic management in OpenShift for scaling two versions of same app in production or dev and test at the same time
• Select from many BIG-IP load balancing methods such as fastest ratio or custom load balancing using iRules, unlike other ingress controllers
• Advanced security services during the app development and production lifecycle such as DDoS protection and WAF for ongoing protection
Problem: Multiple app versions during production and development require migration and app services.
Solutions: • F5 Container Connector• F5 BIG-IP App Delivery Services
© F5 Networks
“Ingress” = HTTP routing:
• Currently defined as only HTTP routing (L7)
• Kubernetes/OpenShift resource• Handled by Ingress controller:
• Container Connector + BIG-IP
“ingress” = Access into the container environment:• L4 traffic • UDP traffic management• Non-HTTP L7 routing • Handled by ingress controller:
• Container Connector + BIG-IP
What’s the difference?Ingress can refer to HTTP Routing or a collection of rules to reach the cluster services andingress refers to inbound connections, app load balancing, programmability and security services.
Problem: Manual deployment in Kubernetes when multiple containers used. Need enhanced, rapid deployment capability.
Simplify Container Integration Deployments Using Pre-Configured Kubernetes Helm Charts
• Simplifies Container Connector deployments – Easy reproduction, consumability, upgrades, and composability for container integrations
• Enables efficient resourcing – Pre-configured Kubernetes integration resources are packaged, versioned and consumed for quality repetition
Solutions: • F5 Container Connector with helm charts• F5 BIG-IP app delivery services
Current helm charts deployed Define helm chart for Ingress services New helm chart deployed for Ingress
Helm Charts:demo-web-app-0.0.1f5-big-ip-ctlr-0.0.3
Helm Charts:demo-web-app-0.0.1f5-big-ip-ctlr-0.0.3f5-bigip-ingress-0.0.4
Helm Install:
-f app-v1.yaml f5-stable/f5-big-ip-ingress
More Helm Chart examples on https://github.com/F5Networks/charts. Scroll down to see CLI Helm install example below.
Package manager for Kubernetes
Benefits:
LIVE DEMO BY DAVID
F5 Aspen Mesh
Locationaspenmesh.io
Location
Session: The not-so-great eight of microservices
Integration to managed Kubernetes services:
AKS, EKS, GKE
F5 CONTAINER CONNECTOR SERVICE MESH VISUALIZATION AND
ANALYTICSPROGRAMMABILITY AND INTEGRATION
F5 iRules LXF5 BIG-IP
F5 Container Connector
F5 DevCentral
REST API
F5 BIG-IQ
Licensed? Location? Open Source?
Container Connector No charge DockerHub, GitHub, Red Hat YesBIG-IP Per appliance and module F5 No
BIG-IP Virtual Edition Per VE and module F5 NoVIPRION chassis Per chassis, blade, and
moduleF5 No
• No charge required to run F5 Container Connector • Licensing is for BIG-IP per appliance/chassis/VE and any add-on modules• Support for Container Connector is included with a BIG-IP services contract
© F5 Networks
• Clouddocs.f5.com • Kubernetes concepts
© F5 Networks
With you throughout the solution lifecycle
OptimizeMaximize performance, health, securityProactive assessments and integration
iHealth / AskF5 / DevCentralCertification
ArchitectDesign for best-practices deploymentsSolution definition workshopsDesign and assessments
MaintainEnsure continued availability
Upgrades and expert servicesWorld-class support
Premium plus and enhanced services
ImplementDeploy quickly and optimallyInstallations and migrationsWeb and onsite training
© F5 Networks
• Self-service selection and automation to spin up and down in seconds• Enhance app performance and security for containers• Enable Ingress control for routing, load balancing, app services, and
security • Gain visibility for fast issue resolution• Employ a broad ecosystem of connectors • Easily integrate with APIs for more app services
Learn more at https://f5.com/products/application-delivery/container-integrations
© F5 Networks