Container Ingress Services and AS3 Extensions - HTTP application use case

This use case demonstrates how you can use Container Ingress Services (CIS), and Application Services 3 (AS3) Extenstions to:

  • Deploy a simple HTTP application (Container).
  • Expose the application using a Kubernetes Service.
  • Configure the BIG-IP system to load balance across the application (PODs).

HTTP application overview


Click image for larger view.


To complete this use case, ensure you have:

  • A functioning Kubernetes cluster.
  • A BIG-IP system running software version 12.1.x or higher.
  • AS3 Extension version 3.10 or higher installed on BIG-IP.
  • A BIG-IP system user account with the Administrator role.


If your BIG-IP system is using a self-signed SSL device certificate (the default configuration), include the –insecure=true option in your k8s-bigip-ctlr deployment. Also, to allow the BIG-IP system to reach containers directly, set the --pool-member-type= option to cluster. Your k8s-bigip-ctlr deployment should resemble:

args: [


I. Deploy the HTTP application

Kubernetes Deployments are used to create Kubernetes PODs, or applications distributed across multiple hosts. The following Deployment example creates a new application named f5-hello-world-web, using the f5-hello-world Docker Container, and the f5-hello-world-web label to identify the application.


Labels are simple key value pairs used to group a set of configuration objects.

apiVersion: apps/v1
kind: Deployment
  name: f5-hello-world-web
  namespace: default
  replicas: 2
      app: f5-hello-world-web
        app: f5-hello-world-web
      - env:
        - name: service_name
          value: f5-hello-world-web
          image: f5devcentral/f5-hello-world:latest
        imagePullPolicy: Always
        name: f5-hello-world-web
        - containerPort: 8080
          protocol: TCP

To create the Deployment, run the following command on the Kubernetes Master Node:

kubectl apply -f f5-hello-world-service.yaml

To verify the application is running on the PODs, run:

kubectl get pods | grep f5-hello

f5-hello-world-web-b48bd87d9-rj9fq            1/1     Running   0          70s
f5-hello-world-web-b48bd87d9-v867b            1/1     Running   0          70s

II. Expose the application

Kubernetes Services expose applications to external clients. This Service example creates a new Kubernetes Service named f5-hello-world-web, and uses labels to identify the application as f5-hello-world-web, the Tenent (BIG-IP partition) as AS3, and the BIG-IP pool as web_pool:


CIS creates BIG-IP pool members using the information in the Kubernetes Service Endpoints field. You can view all of the Service fields by running the kubectl describe services command.

apiVersion: v1
kind: Service
  name: f5-hello-world-web
   namespace: default
    app: f5-hello-world-web AS3 A1 web_pool
  - name: f5-hello-world-web
    port: 8080
    protocol: TCP
    targetPort: 8080
  type: NodePort
    app: f5-hello-world-web

To create the Kubernetes Service, run the following command on the Kubernetes Master Node:

kubectl apply -f f5-hello-world-web-service.yaml

To verify the Service, run:

kubectl describe services f5-hello-world-web

Name:                     f5-hello-world-web
Namespace:                default
Labels:                   app=f5-hello-world-web
Selector:                 app=f5-hello-world-web
Type:                     NodePort
Port:                     f5-hello-world-web  8080/TCP
TargetPort:               8080/TCP
NodePort:                 f5-hello-world-web  32225/TCP
Endpoints:      ,
Session Affinity:         None
External Traffic Policy:  Cluster

III. Configure the BIG-IP system

AS3 ConfigMaps create the BIG-IP system configuration used to load balance across the PODs. This AS3 ConfigMap example creates a ConfigMap named f5-as3-declaration. CIS uses this AS3 ConfigMap to create a virtual server, and use Service Discovery to create a load balancing pool named web_pool of Service endpoints. The new configuration is created in the AS3 Tenant (BIG-IP partition) AS3.

kind: ConfigMap
apiVersion: v1
  name: f5-as3-declaration
  namespace: default
    f5type: virtual-server
    as3: "true"
  template: |
        "class": "AS3",
        "declaration": {
            "class": "ADC",
            "schemaVersion": "3.10.0",
            "id": "urn:uuid:33045210-3ab8-4636-9b2a-c98d22ab915d",
            "label": "http",
            "remark": "A1 example",
            "AS3": {
                "class": "Tenant",
                "A1": {
                    "class": "Application",
                    "template": "http",
                    "serviceMain": {
                        "class": "Service_HTTP",
                        "virtualAddresses": [
                        "pool": "web_pool"
                    "web_pool": {
                        "class": "Pool",
                        "monitors": [
                        "members": [
                                "servicePort": 8080,
                                "serverAddresses": []

To deploy the ConfigMap, run the following command on the Kubernetes Master Node:

kubectl create -f f5-hello-world-as3-configmap.yaml

To verify the BIG-IP system has been configured, run:


Modify the admin password, and for your BIG-IP system.

curl -sk -u admin:admin
curl -sk -u admin:admin

Deleting CIS ConfigMaps

Because CIS and AS3 use a Declarative API, the BIG-IP system configuration is not removed after you delete a configmap. To remove the BIG-IP system configuration objects created by an AS3 declaration, you must deploy a blank configmap, and restart the controller. Refer to Deleting CIS AS3 configmaps.

You can use this blank ConfigMap to delete the use case ConfigMap and configuration from the BIG-IP system: