|
| 1 | + |
| 2 | +# Example Templates |
| 3 | + |
| 4 | +- [Example Templates](#example-templates) |
| 5 | + - [Introduction](#introduction) |
| 6 | + - [Template Types](#template-types) |
| 7 | + - [Deployment Example](#deployment-example) |
| 8 | + - [Getting Help](#getting-help) |
| 9 | + - [Filing Issues](#filing-issues) |
| 10 | + - [Copyright](#copyright) |
| 11 | + - [License](#license) |
| 12 | + - [Apache V2.0](#apache-v20) |
| 13 | + - [Contributor License Agreement](#contributor-license-agreement) |
| 14 | + |
| 15 | +## Introduction |
| 16 | + |
| 17 | +The examples here leverage the modular [linked templates](https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/linked-templates) design to provide maximum flexibility when authoring solutions using F5 BIG-IP. |
| 18 | + |
| 19 | +Example deployments use parent templates to deploy child templates (or modules) to facilitate quickly standing up entire stacks (complete with **example** network, application, and BIG-IP tiers). |
| 20 | + |
| 21 | +As a basic framework, an example full stack deployment may consist of: |
| 22 | + |
| 23 | +- **(Parent) Solution Template** (ex. Quickstart or Autoscale) |
| 24 | + - **(Child) Network Template** - which creates virtual networks, subnets, and network security groups. |
| 25 | + - **(Child) Application Template** - which creates a generic application, based on the f5-demo-app container, for demonstrating live traffic through the BIG-IP. |
| 26 | + - **(Child) DAG/Ingress Template** - which creates resources required to get traffic to the BIG-IP. |
| 27 | + - **(Child) Access Template** - which creates Identity and Acccess related resources, like a secret in cloud vault that can be referenced by F5 BIG-IP. |
| 28 | + - **(Child) Function Template** - which creates an Azure function to manage licenses for an Azure Virtual Machine Scale Set of BIG-IP instances licensed with BIG-IQ. |
| 29 | + - **(Child) BIG-IP Template** *(existing-stack)* - which creates BIG-IP instance(s). |
| 30 | + |
| 31 | +***Disclaimer:** F5 does not require or have any recommendations on leveraging linked stacks in production. They are used here simply to provide useful tested/validated examples and illustrate various solutions' resource dependencies, configurations, etc., which you may need or want to customize, regardless of the deployment method used.* |
| 32 | + |
| 33 | +## Template Types |
| 34 | +Templates are grouped into the following categories: |
| 35 | + |
| 36 | + - **Quickstart** <br> *Coming Soon*: These parent templates deploy a collection of linked child templates to create a standalone BIG-IP VE in an example full-stack. Standalone BIG-IP VEs are primarily used for Dev/Test/Staging, replacing/upgrading individual instances in traditional failover clusters, and/or manually scaling out. <br> |
| 37 | + |
| 38 | + - **Autoscale** <br> These parent templates deploy a collection of linked child templates to create a Virtual Machine Scale Set (VMSS) of BIG-IP VE instances that scale in and out based on thresholds you configure in the template, as well as the full stack of resources required by the solution. The BIG-IP VEs are "All Active" and are primarily used to scale an L7 service on a single wildcard virtual (although you can add additional services using ports).<br> Unlike previous solutions, this solution leverages the more traditional autoscale configuration management pattern where each instance is created with an identical configuration as defined in the Scale Set's "model". Scale Set sizes are no longer restricted to the smaller limitations of the BIG-IP's cluster. The BIG-IP's configuration, now defined in a single convenient yaml-based [F5 BIG-IP Runtime Init](https://github.com/f5devcentral/f5-bigip-runtime-init) *(IN PREVIEW)* configuration file, leverages [F5 Automation Tool Chain](https://www.f5.com/pdf/products/automation-toolchain-overview.pdf) declarations which are easier to author, validate and maintain as code. For instance, if you need to change the configuration on the instances in the deployment, you update the the "model" by passing the new config version via the template's *runtimeConfig* input parameter. The Scale Set provider will update the instances to the new model according to its rolling update policy. Web Application Firewall (WAF) functionality is provisioned using Declarative Onboarding declaration and configured via a Application Services declaration. Example F5 BIG-IP Runtime Init configurations and Automation Toolchain component declarations are available in the Autoscale examples folder. |
| 39 | + |
| 40 | + |
| 41 | + - **Modules** <br> These child templates create the Azure resources that compose a full stack deployment. They are referenced as linked deployment resources from the parent templates (Quickstart, Autoscale, etc).<br> |
| 42 | + The parent templates manage passing inputs to the child templates and using their outputs as inputs to other child templates.<br> |
| 43 | + |
| 44 | + #### Module Types: |
| 45 | + - **Network**: Use this template to create a reference network stack. This template creates virtual networks, subnets, and network security groups. |
| 46 | + - **Application**: Use this template to deploy an example application. This template creates a generic application, based on the f5-demo-app container, for demonstrating live traffic through the BIG-IP. You can specify a different container or application to use when deploying the example template. |
| 47 | + - **Disaggregation/Ingress** (DAG): Use these templates to create resources required to get or distribute traffic to the BIG-IP instance(s). For example: Azure Public IP Addresses, internal/external Load Balancers, and accompanying resources such as load balancing rules, NAT rules, and probes. |
| 48 | + - **Access**: Use these templates to create a Identity and Access related resources required for the solution. These templates create an Azure Managed User Identity, KeyVault, and secret that can be referenced in the F5 BIG-IP Runtime Init configuration file. The secret can store sensitive information such as the BIG-IP password, BIG-IQ password, or Azure service principal access key for use in service discovery. |
| 49 | + - **Function**: Use these templates to create an Azure function, hosting plan, and other resources required to automatically revoke a BIG-IP license assignment from BIG-IQ when the capacity of the Virtual Machine Scale Set is reduced due to deallocation of a BIG-IP instance. |
| 50 | + - **BIG-IP**: Use these templates to create the BIG-IP Virtual Machine instance(s). For example, a standalone VM or a Virtual Machine Scale Set. The BIG-IP module can be used independently from the linked stack examples here (ex. in an "existing-stack").<br><br> In the Autoscale example, the required Autoscale Settings and Application Insights resources are also created. |
| 51 | + |
| 52 | + |
| 53 | +## Deployment Example |
| 54 | +Autoscale PAYG example template shown |
| 55 | + |
| 56 | + |
| 57 | + |
| 58 | + |
| 59 | + |
| 60 | +## Getting Help |
| 61 | + |
| 62 | +The example templates in this directory are intended to provide reference deployments of F5 BIG-IP Virtual Editions. Due to the heavy customization requirements of external cloud resources and BIG-IP configurations in these solutions, F5 does not provide technical support for deploying, customizing, or troubleshooting the templates themselves. However, the various underlying products and components used (for example: F5 BIG-IP Virtual Edition, Automation Toolchain extensions, and Cloud Failover Extension (CFE)) in the solutions located here are F5-supported and capable of being deployed with other orchestration tools. Read more about [Support Policies](https://www.f5.com/company/policies/support-policies). |
| 63 | + |
| 64 | +### Filing Issues |
| 65 | + |
| 66 | +If you find an issue, we would love to hear about it. |
| 67 | + |
| 68 | +- Use the **Issues** link on the GitHub menu bar in this repository for items such as enhancement or feature requests and non-urgent bug fixes. Tell us as much as you can about what you found and how you found it. |
| 69 | + |
| 70 | + |
| 71 | +## Copyright |
| 72 | + |
| 73 | +Copyright 2014-2020 F5 Networks Inc. |
| 74 | + |
| 75 | +## License |
| 76 | + |
| 77 | +### Apache V2.0 |
| 78 | + |
| 79 | +Licensed under the Apache License, Version 2.0 (the "License"); you may not use |
| 80 | +this file except in compliance with the License. You may obtain a copy of the |
| 81 | +License [here](http://www.apache.org/licenses/LICENSE-2.0). |
| 82 | + |
| 83 | +Unless required by applicable law or agreed to in writing, software |
| 84 | +distributed under the License is distributed on an "AS IS" BASIS, |
| 85 | +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 86 | +See the License for the specific language governing permissions and limitations |
| 87 | +under the License. |
| 88 | + |
| 89 | +### Contributor License Agreement |
| 90 | + |
| 91 | +Individuals or business entities who contribute to this project must have |
| 92 | +completed and submitted the F5 Contributor License Agreement. |
| 93 | + |
| 94 | + |
0 commit comments