When discussing digital transformation initiatives—a top concern for 80% of respondents in our latest State of Application Services report—a few common themes begin to emerge: adoption and development of cloud-native architectures, multi-cloud deployments, increased automation, heavy reliance on APIs, alignment to DevOps methodologies, and, of course, increased use of containers.
Indeed, containers offer myriad benefits for building and managing apps and infrastructure including faster spin up time, better scalability, lighter weight deployments, increased portability and flexibility, more resiliency, and a clear separation of app and IT team responsibilities.
And with the development of container orchestration technologies, like Kubernetes and Red Hat OpenShift, working with containers is easier and more programmatic than ever. But orchestration is only half the battle.
Some believe (erroneously) that container orchestration will solve all of their container woes. But it’s just not that simple. From infrastructure and orchestration complexity concerns to security requirements and widely distributed development teams, container management and orchestration isn’t the end-all solution. Effective container strategies also require solutions for the different parts of applications—networks, storage, security, traffic management, DNS, etc.
In the past, we’ve talked about containers a lot. And not just about the enterprise-class technologies and strategies we offer to support them. We have a series on how to secure containers, guidance and conceptual explorations of moving monoliths in with microservices, and a look at what a container-native app service is.
As mentioned above, container orchestration is half the battle, the other half is offering solutions that support the other parts of an application. This is why we’re so excited about the release of F5 Container Ingress Services (CIS) 2.0.
For those that don’t already know, CIS provides the glue between Kubernetes and OpenShift and BIG-IP systems—providing application services such as HTTP ingress and WAF policy referencing for containerized apps.
CIS—a K8s and OpenShift native service—listens for changes in container environments and communicates those changes back to BIG-IP. CIS then dynamically modifies the BIG-IP system configuration based on those changes so apps always remain performant and secure.
In short, CIS offers container environment operators a way to ensure front-door performance and security of apps built on top of containers with automated workflows.
The release of version 2.0 improves the quality of CIS in several ways:
First and foremost, it strengthens Container Ingress Services’ integration with F5’s declarative API strategy. CIS will leverage the Application Services 3 Extension (AS3) to communicate configuration changes to the BIG-IP system that fronts container environments. AS3 uses single JSON declarations as the vehicle to configure BIG-IP rather than many imperative commands. F5 is deeply committed to this API strategy and will continue to leverage it.
CIS 2.0 is also completely interoperable with the latest versions of both Kubernetes and OpenShift—versions 1.18 and 4.3, respectively. In addition to supporting the latest versions of these popular container orchestration technologies, CIS also leverages Kubernetes-and-OpenShift-native language like Ingress services, routes and ConfigMaps.
Finally, CIS 2.0 will preview the introduction of Customer Resource Definitions, which enable users to augment Kubernetes far beyond standard installations. CRDs help improve apps by allowing non-standard API objects to be attached to containers in the Kubernetes environment. Please note that this feature is in preview mode and should not be used in production environments. We’re actively seeking feedback from our customers as it’s integral to our development process. Reach out to F5 to let us know how your experience with CIS is going and what you’d like to see improved.
F5 Container Ingress Services is a free software download and available today. Get started here.