Cloud Docs Home > F5 Application Services Proxy Index

Attach an ASP to a Kubernetes Service

The Application Services Proxy (ASP) watches the Kubernetes API for Services that contain an ASP virtual server Annotation. The Annotation consists of a specially-formatted JSON blob defining the ASP Virtual Server configuration parameters. When you add the ASP annotation to a Kubernetes Service, the ASP creates a virtual server for the Service with the desired configurations.

Add the ASP annotation to the Service

To attach an ASP to a Kubernetes Service, add an Annotation containing the ASP configurations. You can use either the annotate CLI command or edit the Service definition.

Tip

The annotate command is better suited to adding shorter annotations, like that shown in the example below. If you intend to add event handlers, health checks, and/or flags, you may want to edit the Service definition directly.

Use kubectl annotate

Annotate the Service definition with the key-value pair asp.f5.com/config="<JSON-config-blob>". The JSON config blob should contain the desired ASP Virtual Server configuration parameters.

Important

When you annotate the Service using kubectl annotate, the JSON config blob must use the encoding shown in the example below. Use a backslash – \" – to escape all quotation marks.

$ kubectl annotate service example-service asp.f5.com/config="{\"ip-protocol\":\"http\",\"load-balancing-mode\":\"round-robin\"}"
service "example-service" annotated

Edit the Service definition

Edit the Service definition file, then upload the file to the Kubernetes API server.

Listing 9 Service definition with ASP annotation
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
apiVersion: v1
kind: Service
metadata:
  annotations:
    # provide the desired ASP config parameters as a JSON blob
    # The JSON below provides examples for the ASP virtual server configuration
    # parameters available in v1.1.0
    asp.f5.com/config: |
      {
        "ip-protocol": "http",
        "load-balancing-mode": "round-robin",
        "event-handlers" : [
          {
            "http-request": "module.exports = (req, res, next) => {\n if (req.method === 'POST') {\n res.statusCode = 503;\n res.end('POST Method not supported');\n } else { \n next(); \n } \n}\n"
          },
          {
            "http-response": "module.exports = (res, next) => { res.headers['x-my-bar'] = 'foo'; next(); }"
          }
        ],
        "flags" : {
          "x-forwarded-for": true,
          "x-served-by": true
        },
        "health-monitor": {
          "health-checks": {
            "srv1-check": {
              "default-state": "unknown",
              "active": {
                "timeout": 10,
                "interval": 10,
                "up-count": 2,
                "down-count": 3,
                "http": {
                  "path": "/healthz"
                }
              }
            }
          }
        },
      }
  labels:
    # the name of the Service
    name: myService
  # the name of the Service
  name: myService
  # the namespace of the Service you want to proxy; the ASP pod will be
  # created in this namespace
  namespace: default
spec:
  selector:
    # once again, the name of the Service
    app: myService
  type: NodePort
  ports:
    - name: "http"
      protocol: TCP
      port: 80

f5-asp-k8s-example-service.yaml

Listing 10 Upload the Service definition to the Kubernetes API server
$ kubectl replace -f f5-asp-k8s-example-service.yaml
service "myService" replaced

ASP event handlers

You can add ASP event handlers to the virtual server annotation.

See also

Add the event-handlers JSON string to the Service definition.

Important

Be sure to format the JSON list as a string as shown in the example below.

1
2
3
4
5
6
7
8
        "event-handlers" : [
          {
            "http-request": "module.exports = (req, res, next) => {\n if (req.method === 'POST') {\n res.statusCode = 503;\n res.end('POST Method not supported');\n } else { \n next(); \n } \n}\n"
          },
          {
            "http-response": "module.exports = (res, next) => { res.headers['x-my-bar'] = 'foo'; next(); }"
          }
        ],

ASP health checks

To activate the ASP’s health monitor:

Add the desired ASP health check configuration parameters to the ASP annotation in the Service definition.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
        "health-monitor": {
          "health-checks": {
            "srv1-check": {
              "default-state": "unknown",
              "active": {
                "timeout": 10,
                "interval": 10,
                "up-count": 2,
                "down-count": 3,
                "http": {
                  "path": "/healthz"
                }
              }
            }
          }
        },

f5-asp-k8s-example-service.yaml

Important

Because each ASP instance (one per Node) shares the same global configurations, Service endpoints will receive health probes from all of the ASP instances. The ASP can use a health probe sharding algorithm to reduce probe redundancy.

This algorithm allocates a subset of endpoints to each ASP instance. Each ASP instance adds the health data for its assigned endpoints to the ephemeral store, giving all ASP instances access to the data for all endpoints.

You can set up ASP health sharding when you deploy the ASP.