Skip to content
This repository was archived by the owner on Aug 12, 2022. It is now read-only.

Commit d7e380b

Browse files
zhaoqin-githubzhaoqin-github
committed
Resource model design
1 parent 765fe90 commit d7e380b

1 file changed

Lines changed: 280 additions & 0 deletions

File tree

design/core-resource-model.md

Lines changed: 280 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,280 @@
1+
# F5 ADCaaS for OpenStack Core Resource Model
2+
3+
## Introduction
4+
5+
The present document intends to describe resource models of F5 ADCaaS for OpenStack, which represent the resources that may be requested via REST API.
6+
7+
The following diagram illustrates core resource models:
8+
9+
10+
```
11+
+-------------+
12+
+-------| ADC |
13+
| +-------------+
14+
| | m
15+
| |
16+
| | n
17+
| +-------------+
18+
| | Tenant |
19+
| +-------------+
20+
| | 1
21+
| |
22+
| | n
23+
| +-------------+ 1 n +-----------------+
24+
+-------| Application |-------| AS3 Declaration |
25+
+-------------+ +-----------------+
26+
| 1
27+
|
28+
| n
29+
+-------------+ m
30+
+----------------| Service |----------------+
31+
| +-------------+ |
32+
| |
33+
| | n
34+
1 +-------------+ m +-------------+
35+
+------| Pool |------+ | Policy |
36+
| +-------------+ | +-------------+
37+
| | | 1
38+
| | |
39+
n | | n | n
40+
+-------------+ m n +-------------+ 1 +-------------+ 1
41+
| Member |-------------| Monitor | +------| Rule |------+
42+
+-------------+ +-------------+ | +-------------+ |
43+
| |
44+
| |
45+
n | | n
46+
+-------------+ +-------------+
47+
| Condiftion | | Action |
48+
+-------------+ +-------------+
49+
|
50+
|
51+
|
52+
+-------------+
53+
| WAF Policy |
54+
+-------------+
55+
```
56+
57+
## Resource Models
58+
59+
### ADC
60+
61+
An ADC (Application Delivery Controller) represents a specific type of hardware or sofware instance, such as F5 BIG-IP, which can help to perform common web tasks, including load balancing, SSL offloading, web application firewall and etc., for web applicaitons, in order to remove the load from web servers.
62+
63+
**Resource URI Path**
64+
65+
/adcaas/v1/adcs
66+
67+
**Resource Properties**
68+
69+
| Property | Description |
70+
| ---------- | ----------- |
71+
| id | ADC ID |
72+
| tenantId | Tenant ID |
73+
| name | Name |
74+
| type | HW or VE |
75+
| host | Hostname |
76+
| port | Port |
77+
| username | TODO: |
78+
| passphrase | TODO: |
79+
80+
### ADC Group
81+
82+
TBD
83+
84+
### Tenant
85+
86+
A tenant is a group of users who share a common access with specific privileges to the cloud resources. F5 ADCaaS for OpenStack does not manage tenant resource. It consumes the tenant resource infomation from OpenStack. A tenant resource relates to a collection of F5 ADCaaS Application resources.
87+
88+
### Application
89+
90+
An application represents a collection of ADC resources related to a software instance running in the cloud.
91+
92+
**Resource URI Path**
93+
94+
/adcaas/v1/application
95+
96+
**Resource Properties**
97+
98+
| Property | Description |
99+
| --------------- | ------------------------------------------------ |
100+
| id | Application ID |
101+
| name | Name |
102+
| tenantId | Tenant ID |
103+
| services | Service IDs |
104+
| as3DelarationId | The current AS3 declaration for this Application |
105+
| adcId | ID of preferred ADC to deploy AS3 declaration |
106+
107+
### Application Configuration
108+
109+
Application Configuration is a set of concrete configuration data which can instruct ADC to perfrom common web tasks for an Application. F5 ADCaaS selects F5 AS3 as the management technology for F5 BIG-IP. In this case, the Application Configuration is AS3 JSON declaration data.
110+
111+
Application Configuration is generated by ADCaaS system from all related ADCaaS resources of an Application. Cloud user is allowed to request the system to re-generate the configuration data, after modifying related resources. And cloud user is also allowed to request the system to deploy the configuration data to ADC instance at any time.
112+
113+
**Resource URI Path**
114+
115+
/adcaas/v1/application/{id}/as3configs
116+
117+
**Resource Properties**
118+
119+
| Property | Description |
120+
| -------------- | -------------- |
121+
| id | ID |
122+
| tenantId | Tenant ID |
123+
| applicationId | Application ID |
124+
| TBD: | Others |
125+
126+
### Association with ADC
127+
128+
In a multitenancy cloud, the visibility and ownership of ADC hardware/software instances need to be managed by cloud platform. Two types of association resource is provided to implement that:
129+
130+
**Tenant Association with ADC**
131+
132+
An ADC hardware instance is usually operated by cloud platform. The cloud admin or ADC owner can define the visiblity of an ADC hardware instance, in order to allow specific groups of cloud users to utilize that ADC hardware. The cloud admin can also define a 'default' ADC hardware for all cloud tenants who don't have a specific list of visible ADCs.
133+
134+
An ADC software instance natually has the association to the tenant in which its resides. The cloud platform can automatically create association resource between Tenant resource and software ADC resource. That software ADC instance is visible to all cloud users of that tenant. Cloud admin or the owner of ADC software instance is permitted to share ADC software instance with other tenants. They may create the association between software ADC with tenants, as they do for hardware ADC.
135+
136+
A tenant may have multiple visible ADCs, including hardware and software ADC instances. Only one of them can be the default ADC instance, if the application does not specify an ADC as its target.
137+
138+
**Resource URI Path**
139+
140+
/adcaas/v1/tenants/{id}/adcs
141+
142+
**Resource Properties**
143+
144+
| Property | Description |
145+
| --------- | ----------- |
146+
| tenantId | Tenant ID |
147+
| adcId | ADC ID |
148+
149+
**Application Association with ADC**
150+
151+
If the application configuration need to be deployed to a specific ADC hardware or software instance, cloud user can specify the preferred ADC id for the Application resource.
152+
153+
### Service
154+
155+
An Application may expose various types of services to end users. From the perspective of application delivery controller, those services can be categorized into several fixed types according to network transportation protocol, and a Service resource represents the endpoint to access those services provided by Application.
156+
157+
**Resource URI Path**
158+
159+
/adcaas/v1/services
160+
161+
**Resource Properties**
162+
163+
| Property | Description |
164+
| ---------------- | ----------------- |
165+
| id | Service ID |
166+
| tenantId | Tenant ID |
167+
| applicationId | Application ID |
168+
| type | Protocol type |
169+
| virtualAddresses | Virtual addresses |
170+
| virtualPort | Virtual port |
171+
| defaultPooId | Default pool ID |
172+
173+
### Pool
174+
175+
A Pool is a collection of back-end destinations to distribute inbound application traffic. A Service must have one default Pool at least, but the traffic of a Service may be distributed to different Pools due to specific conditions.
176+
177+
**Resource URI Path**
178+
179+
/adcaas/v1/pools
180+
181+
**Resource Properties**
182+
183+
| Property | Description |
184+
| --------- | --------------- |
185+
| id | Pool ID |
186+
| tenantId | Tenant ID |
187+
| members | Pool member IDs |
188+
| monitors | Monitor IDs |
189+
190+
### Pool Member
191+
192+
A Pool Member represents one back-end destination in a Pool to consume the inbound application traffic.
193+
194+
**Resource URI Path**
195+
196+
/adcaas/v1/pools/{id}/members
197+
198+
**Resource Properties**
199+
200+
| Property | Description |
201+
| --------- | ----------- |
202+
| id | Pool ID |
203+
| tenantId | Tenant ID |
204+
| addresses | Addresses |
205+
| port | Port |
206+
| monitors | Monitor IDs |
207+
208+
### Monitor
209+
210+
**Resource URI Path**
211+
212+
/adcaas/v1/monitors
213+
214+
**Resource Properties**
215+
216+
| Property | Description |
217+
| --------- | ------------ |
218+
| id | Monitor ID |
219+
| tenantId | Tenant ID |
220+
| type | Monitor type |
221+
222+
### Policy
223+
224+
Policy is a collection of ADC Rules, that can be applied to an Application.
225+
226+
**Resource URI Path**
227+
228+
/adcaas/v1/monitors
229+
230+
**Resource Properties**
231+
232+
| Property | Description |
233+
| --------- | ------------ |
234+
| id | Monitor ID |
235+
| tenantId | Tenant ID |
236+
| rules | Rule IDs |
237+
238+
### Rule
239+
240+
Rule is a combination of a set of conditions, which can be utilized by ADC to evaluate the incoming traffic, and a set of actions, which can be performed by ADC to handle the incoming traffic. Condition and action are not individual resources. They must be defined in a specific Rule.
241+
242+
**Resource URI Path**
243+
244+
/adcaas/v1/rules
245+
246+
**Resource Properties**
247+
248+
| Property | Description |
249+
| ---------- | ------------ |
250+
| id | Monitor ID |
251+
| tenantId | Tenant ID |
252+
| conditions | Conditions |
253+
| actions | Actions |
254+
255+
### WAFPolicy
256+
257+
WAFPolicy represents an entity of WAF action definition, which is usually a configuration file for WAF module of ADC.
258+
259+
**Resource URI Path**
260+
261+
/adcaas/v1/wafpolicy
262+
263+
**Resource Properties**
264+
265+
| Property | Description |
266+
| --------- | ------------ |
267+
| id | Monitor ID |
268+
| tenantId | Tenant ID |
269+
270+
## Summary
271+
272+
TBD
273+
274+
## Reference
275+
276+
[https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/userguide/](https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/userguide/)
277+
278+
[https://developer.openstack.org/api-ref/load-balancer/v2/](https://developer.openstack.org/api-ref/load-balancer/v2/)
279+
280+
[https://wiki.openstack.org/wiki/Neutron/LBaaS](https://wiki.openstack.org/wiki/Neutron/LBaaS)

0 commit comments

Comments
 (0)