f5devcentral / f5-bd-gslb-tool Goto Github PK

This tool allows automated publishing of Openshift Routes and K8s Ingress in GSLB using either F5 Cloud Services or BIG-IP DNS.

Shell 81.33% Python 18.67%

gslb cloudservices dns-lb-service openshift ansible migration openshift-routes kubernetes-ingress ingress dns-lb

f5-bd-gslb-tool's Introduction

Welcome to the GSLB tool project! This README is an introduction to the project. GSLB tool is in beta status.

Introduction

GSLB tool allows the automatic creation of GSLB DNS entries for Ingress/Route Kubernetes/Openshift published applications. At present the tool supports the following backend:

F5 BIG-IP's DNS LB. This is a module for BIG-IP which can (likewise all BIG-IP functionalities) run in either physical or VM appliances (aka BIG-IP VE). For the general case, at present it is recommended to use this option because of its maturity and enhanced monitoring capabilities.

Other backends for other DNS implementations or DNS SaaS offferings can be added.

Please note that GSLB tool is not tied to any specific Openshfit Router (or Kubernetes Ingress) implementation. GSLB tool can use either RedHat's default Router implementation, BIG-IP, any other implementation or a combination of these.

Use cases

Multi-cluster deployments
- Data center load distribution
- Enhanced customer experience
- Advanced Blue/Green, A/B and Canary deployment options
- Disaster Recovery
Migrations
- Kubernetes <-> Openshift migrations
- Container's platform version migration. For example OCP 3.x to 4.x or OCP 4.x to 4.y.

Operational overview

GSLB tool automatically retrieves Layer 7 routes (ie: https://www.mycompany.com/shop) from your container platform and automatically generates the GSLB configuration. The tool has several utilities which allow the move the workloads across the different container platforms.

This tool can ingest either Kubernetes Ingress or Openshift Route resources, in a per data center basis. GSLB tool has been tested with Openshift 3.x and 4.x. This allows to use gslb-tool also for migrating from K8s to Openshift or between Openshift versions.

The different members of a DevOps team can have the tool in their laptops and share the desired configuration in a git repository (source of truth) or use this tool from a Continuous Delivery automation. The overall architecture can be seen in the next diagram.

GSLB tool doesn't require any special installation and doesn't modify your Openshift/K8s cluster (it only performs read-only operations). GSLB Tool is a set of Ansible playbooks and roles to allow automation happen with a large degree of flexibility. GSLB tool is compromised of the following commands.

project- commands operates on a projec/namespace basis (it's always a parameter) and performs operations only on the local version of the config, prior to updating the source of truth and updating the active/published GSLB config in CloudServices. These commands are:

project-retrieve: retrieves all the routes of the given project/namespace and deployment.
project-populate: populates (copies) the routes of a given project/namespace from one deployment to another.
project-evacuate: evacuates (removes) from GSLB all the routes being hosted in the given project/namespace and deployment.
project-ratios: sets the GSLB ratio for each deployment for a given project/namespace.

Whilst the project- commands operates on all the routes of a given project/namespace at a time, the commands with the gslb- prefix don't have as parameter a project/namespace. Instead these operates on all of them:

gslb-commit: publishes into F5 Cloud Services the local GSLB configuration and after success stores the succesful change into the source of truth.
gslb-rollback: sets in the local config the configuration prior to the last commit. Needs that gslb-commit is run afterwards to make effective the rollback.

Please note that when a gslb-commit command is executed it commits all the changes or doesn't commit any since the previous gslb-commit no matter how many project- operations have been performed previously.

The next animation will give you a hint of tool's operation.

Demo

To see an actual demo of the tool please check this youtube video https://www.youtube.com/watch?v=TiAMINSBPns

Additional information

Please check the

License

gslb-tool is released to the community under the Apache v2 license. It is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

f5-bd-gslb-tool's People

Contributors

Stargazers

Watchers

Forkers

mdelder nsxsoft

f5-bd-gslb-tool's Issues

BIG-IP DNS: 01070083:3: /Common/Shared/monitor is in use

Researching the scope of this issue with F5 support in C3401513

COSMETIC: when all l7 routes are deleted virtual-servers and monitors definitions are not deleted from BIG-IP

When all l7 routes are evacuated this is the AS3 post done

{
  "class": "ADC",
  "schemaVersion": "3.21.0",
  "id": "GSLB_Tool",
  "Common": {
    "class": "Tenant",
    "Shared": {
      "class": "Application",
      "template": "shared",
      "monitor_tcp_80": {
        "class": "GSLB_Monitor",
        "monitorType": "tcp",
        "label": "monitor_tcp_80",
        "target": "*:80"
      },
      "monitor_tcp_443": {
        "class": "GSLB_Monitor",
        "monitorType": "tcp",
        "label": "monitor_tcp_443",
        "target": "*:443"
      }
    }
  },
  "gslb_f5bddemos_io": {
    "class": "Tenant",
    "Application": {
      "class": "Application"
    }
  }
}

This doesn't eliminate the virtual-servers and the monitors associated with them. This issue is being considered cosmetic. No service configuration is left so this doesn't affect functionality.

Create a project-ttl command

It is important to easily change the TTL: whenever project changes are approaching TTL should be reduced to improve GSLB behavior and increase the TTL when changes are not planned to reduce the cost.

BIG-IP DNS: tracker for AS3's issue #366

This issue happens when a renaming a GSLB_Server which is a not normal operation. At the moment the best is just to get the naming right from start. A workaround has been mentioned in the upstream bug tracker:

F5Networks/f5-appsvcs-extension#366

A better workaround might be to delete the GSLB_Server that is going to be renamed, then create it again.

rename gslbState.{current,desired}.yaml

Seems it makes more sense to name them gslbState.{comitted,uncommitted}.yaml respectively.

IDEA: generate AS3 JSON with a script instead of ansible

This would drastically speed-up the tool. I find that it should use the same templating system it does now for flexibility

Speed-up gslb-prepare round #2 by potentially parallelizing some loops, removing dead code

First identify when .included files are not needed and eliminate as appropriate.
Contemplate parallelizing loops. Check next links:
https://toptechtips.github.io/2019-07-09-ansible_run_playbooks_tasks_in_parallel/
https://toroid.org/ansible-parallel-dispatch
https://blog.crisp.se/2018/01/27/maxwenzin/how-to-run-ansible-tasks-in-parallel

rename gslb- to bigip- in some files, check bigip-prepare role
rename non-TLS to HTTP and TLS to HTTPS

[RFE] Speed-up gslb-prepare round #1 by caching previously generated files (high priority)

At the moment gslb-prepare rebuilds the whole GSLB declaration each time.

At present the cost is linear wrt the number of L7 routes, regardless the number of changes since last time.

This RFE aaims to reduce the cost to linear wrt to the number of chances since the last time.

This depends on high priority #6

[RFE] Cleanup gslbState.{current, desired}.yaml files (high priority)

The aim is to:

Eliminate sendString/recvString using httpPaths, httpsPaths like the BIG-IP DNS backend is doing now.
Consolidate HTTP/HTTPS routes in a single entry. That is there will be one entry per DNS entry.
Eliminate monitorType
Eliminate protocol

IDEA: rollback N

[RFE] Rename dRouter to l7router

As per conversation with Stephen Archer this makes more sense.