Origin Pools

Objective

This guide provides instructions on how to create origin pools in F5® Distributed Cloud Console (Console) using guided configuration. The origin pools are a mechanism to configure a set of endpoints grouped together into a resource pool used in the load balancer configuration. To know more about endpoints and load balancers, see Load Balancing and Service Mesh.

The origin pools mechanism offers the following:

  • Configures endpoints for discovery

  • Defines load balancing between discovered endpoints

  • Creates health checks for discovered endpoints

  • Specifies TLS capabilities of and to the endpoints discovered

Using the instructions provided in this guide, you can create an origin pool of resources. The origin pool can then be attached to a load balancer configuration. You can also create and attach an origin pool while creating a load balancer. For more information, see HTTP Load Balancer. The instructions provided in this guide cover creating origin pools separately.

Note: You can also create each endpoint individually and use it in a virtual host. For more information, see Configure Endpoint.

Prerequisites

The following prerequisites apply:

  • An F5® Distributed Cloud Services Account. If you do not have an account, see Create an Account.

  • A valid DNS domain delegated to Distributed Cloud Services. For instructions on how to delegate your domain, see Domain Delegation.

  • A Distributed Cloud Services CE site for deploying your applications on the CE site. If you do not have a site, create a site using the instructions included in the Site Management guides. See the vK8s Deployment guide to deploy your applications on the Distributed Cloud Services network cloud or edge cloud.


Configuration

The configuration option to create the origin pool guides you through the steps for required configuration. This document covers each guided step and explains the required actions performed for each step.

Note: The origin pool for a vK8s or managed K8s service must be created in the same namespace as the services, so that the services can be discovered and advertised.

Step 1: Navigate to origin pool configuration.
  • Log into Console.

  • Click Load Balancers.

Figure: Console Homepage
Figure: Console Homepage

  • Change to your application namespace.

  • Click Manage > Load Balancers > Origin Pools.

Figure: Navigation to Origin Pools
Figure: Navigation to Origin Pools

Step 2: Start the origin pool creation process.
  • Click Add Origin Pool to open the origin pool creation form.

  • In the Name field, enter a name.

  • Optionally, add labels and enter a description for your origin pool.

Figure: Origin Pool Name
Figure: Origin Pool Name

Step 3: Configure the origin servers.
  • Select from the left menu or scroll to the Basic Configuration section and perform the following:

    • Click Add Item.

    • From the Select Type of Origin Server menu, select a type of origin server per the following guidelines:

      • Select Public IP of Origin Server to specify the origin server with its public IP address. Enter the IP address in the Public IP field.

      • Select IP address of Origin Server on given Sites to specify the origin server with its private or public IP address. Enter the IP address in the IP field. Select Site or Virtual Site option in the Site or Virtual Site menu. Select a site or virtual site according to the displayed Site or Virtual Site menus. Select inside or outside network option for the Select Network on the site menu.

      • Select Public DNS Name of Origin Server to specify the origin server with its public DNS name. Enter the DNS name in the DNS Name field.

      • Select DNS Name of Origin Server on given Sites to specify the origin server with its private or public DNS name. Enter the DNS name in the DNS Name field. Select Site or Virtual Site option in the Site or Virtual Site menu. Select a site or virtual site according to the displayed Site or Virtual Site menus. Select inside or outside network option for the Select Network on the site menu.

      • Select k8s Service Name of Origin Server on given Sites to specify the origin server with its K8s service name. Enter the service name in the Service Name field. Select Site or Virtual Site option in the Site or Virtual Site menu. Select a site or virtual site according to the displayed Site or Virtual Site menu. Select inside or outside network option for the Select Network on the site menu.

      • Select Consul Service Name of Origin Server on given Sites to specify the origin server with its consul service name. Enter the service name in the Service Name field in the <servicename.k8snamespace> format. Select Site or Virtual Site option in the Site or Virtual Site menu. Select a site or virtual site according to the displayed Site or Virtual Site menu. Select inside or outside network option for the Select Network on the site menu.

      • Select IP address on Virtual Network to specify the origin server with its virtual network IP address. Enter the IP address in the IP field. Select the virtual network from the Virtual Network menu.

      • Select Name on Virtual Network to specify the origin server with its virtual network name. Enter a DNS name for the virtual server in the DNS Name field. Select the virtual network from the Virtual Network menu.

      • Select Custom Endpoint Object for Origin Server to specify the origin server on an endpoint object. Select the reference to the endpoint from the Endpoint menu. An existing endpoint object is required for this.

    • Click Add Item.

Figure: Configure Origin Server
Figure: Configure Origin Server

Note: You can use the Add Item option to add more than one origin server.

  • Enter a port number in the Port field.

  • Select an option for the LoadBalancer Algorithm and Endpoint Selection menus.

Note: See Discovery - HashiCorp Consul for information on how to discover Consul services.

Step 4: Optionally, configure health checks.
  • Select from the left menu or scroll down to the List of Health Check(s) section.

  • Click Add item.

  • From the Healthcheck menu, select an existing healthcheck object or click Create new healthcheck to create a new object.

Figure: Configure Health Check
Figure: Configure Health Check

  • To create a new healthcheck, perform the following:

    • Enter a name. Optionally, set labels and add a description in the Metadata section.

    • From the Health Check menu, select an option. Then click Configure to complete the set up.

    • Enter values in seconds for the Timeout and Interval fields, respectively.

    • Enter numbers for the unhealthy and healthy threshold attempts for the Unhealthy Threshold and Healthy Threshold fields, respectively.

    • Click Continue.

Step 5: Optionally, set TLS configuration.
  • Select from the left menu or scroll down to the TLS Configuration section.

  • From the Enable TLS for Origin Servers menu, select TLS.

Figure: Configure TLS
Figure: Configure TLS

  • From the SNI Selection menu, select an option. If you select SNI Value, then you must enter a corresponding value. You can disable SNI selection by selecting No SNI.

  • From the TLS Configuration for Origin Servers menu, select a security level. High security is selected by default. If you select Custom, complete the parameters.

  • From the Origin Server Verification menu, select an option for the trusted CA URL. If you select Use Custom CA List, you can enter it in certain formats by choosing from the options available. You can also skip origin server verification by selecting Skip Verification.

  • From the MTLS with Origin Servers menu, enable MTLS. Click Configure to configure the following parameters:

    • Click Add Item.

    • Enter the TLS certificate in the Certificate URL field. You can use PEM or Base64 formats.

    • Click Configure under the Private Key field.

    • From the Secret Info menu, select an option for the secret.

    • Enter your private key in the secret form input field. Ensure that the Type option is set to Text.

    • Click Blindfold and wait for the secret to get encrypted.

    • Click Apply.

    • Click Add Item in the TLS Certificate page.

    • Click Apply.

Step 6: Optionally, set the advanced options.
  • Select from the left menu or scroll down to the Advanced Options section.

  • Click Configure.

  • In the Exception Handling section, click Show Advanced Fields.

Figure: Configure Origin Pool Advanced Options
Figure: Configure Origin Pool Advanced Options

  • Configure the options marked with an asterisk (*).

  • In the Origin Server Subsets section, choose an option to enable or disable subset load balancing.

  • In the Miscellaneous Options section, choose to enable the HTTP 2 protocol for upstream connections.

  • Click Apply.

Step 7: Complete origin pool creation.

Click Save and Exit to complete creating the origin pool.


Concepts


API References