This is a great little load balancer, which runs in Community Edition by default. Good integration with Kubernetes, and other container platforms. Fully customisable. It can be fully licensed and supported by contacting Pulse Secure and asking about a Services Director.
For Kubernetes integration, see: https://github.com/pulse-vadc/kubernetes-vtm/
This is a container for the Pulse Secure Virtual Traffic Manager.
See https://hub.docker.com/r/pulsesecure/vtm/ for the official Pulse version.
See http://www.pulsesecure.net/vadc for more information on vADC in general.
This container is supplied without a license key and will run in Community Edition mode out of the box. You can run with:
$ docker run -e ZEUS_EULA=accept --privileged -t -d tuxinvader/load-balancer
You must set ZEUS_EULA=accept to indicate that you accept the license agreement, otherwise the software will not start. You may also specify a License file to download over HTTP using ZEUS_LIC, and a password using ZEUS_PASS. Eg:
$ docker run -e ZEUS_EULA=accept -e ZEUS_LIC=http://10.1.1.1/fla.lic -e ZEUS_PASS=t3llNo0n3 --privileged -t -d tuxinvader/load-balancer
If you don't specify a ZEUS_PASS or you set ZEUS_PASS=RANDOM or ZEUS_PASS=SIMPLE, then a password will be randomly generated for you. The password will be made up from alphanumerics and (,) comma, (.) period, (-) hyphen, (_) underscore, and (+) plus. The password will be printed to the console after start up.
You can also set ZEUS_PASS=STRONG if you want to generate a stronger password making use of more symbols.
This container now inherits from the official pulsesecure/vtm container at https://hub.docker.com/r/pulsesecure/vtm/ The differences are tiny:
- includes python-requests library, curl, and a few other tools
- Adds a Docker autoscaler (needs python-requests)
- Checks if java is installed, and disables Java Extensions if it isn't
ZEUS_DOM
This allows you to use the autogenerated hostname set by docker, and set the domain part of the FQDN from this variable. However the run script can not currently update /etc/hosts, so you must ensure that the FQDN is resolvable by the container in DNS. Using -h to set the hostname yourself might be a better option.
ZEUS_PACKAGES
You may also set a space seperated list of packages in the ZEUS_PACKAGES variable to get them installed on the first run of the container. This is useful if you want to enable Java Extensions. Eg:
$ docker run -e ZEUS_EULA=accept -e ZEUS_PACKAGES="openjdk-7-jre-headless" --privileged -t -d tuxinvader/load-balancer
ZEUS_COMMUNITY_EDITION
If you do not provide a license and the vTM starts up in Community Edition mode then you will need to accept the notification on first login. You may pass ZEUS_COMMUNITY_EDITION=yes in order to avoid seeing that warning.
ZEUS_CLUSTER_NAME
If you want this vtm to join an existing cluster, simply provide the DNS name of one of the cluster member through this environment variable.
ZEUS_CLUSTER_FP
If you want this vTM to verify the SHA-1 fingerprint of the cluster host it is joining with, then provide the 20 byte hex encoded, colon separated hash here. eg: aa:bb:cc:dd:ee:ff:11:22:33:44:55:66:77:88:99:00:aa:bb:cc:dd
Since vTM 10.4 and Service Director 2.4.0 is has been possible for vTMs to AutoRegister themselves with the Services Director.
In order for vTM to register itself with a Services Director, you can provide the following additional environment parameters to the container:
ZEUS_REGISTER_HOST
The Host/IP and Port of your Services Directors REST API. Eg: sd.mycompany.com:8100
ZEUS_REGISTER_FP
If you want this vTM to verify the SHA-1 fingerprint of the Service Director it is registering with, then provide the 20 byte hex encoded, colon separated hash here. eg: aa:bb:cc:dd:ee:ff:11:22:33:44:55:66:77:88:99:00:aa:bb:cc:dd
You can also optionally provide an email (ZEUS_REGISTER_EMAIL) and message (ZEUS_REGISTER_MSG)
Since 17.1(?) and BSD 2.6 you can have the licenses auto-accepted according to a policy. To do so provide the additional parameters:
ZEUS_REGISTER_POLICY
The policy_id of the auto-approval policy to use for this vTM
ZEUS_REGISTER_OWNER
The name of the Owner for this vTM
ZEUS_REGISTER_SECRET
The Owner secret.
Example:
$ docker run -e ZEUS_EULA=accept -e ZEUS_REGISTER_HOST=sd1:8100 -e ZEUS_REGISTER_FP="A0:A1:A2:A3:A4:A5:A6:A7:A8:A9:B1:B2:B3:B4:B5:B6:B7:B8:B9:B0" -e [email protected] -e ZEUS_REGISTER_MSG="Hell Yeah" -e ZEUS_REGISTER_OWNER=Mark -e ZEUS_REGISTER_OWNER_SECRET=qwerty1 -e ZEUS_REGISTER_POLICY=Policy-9999-9999-9999-9999 --privileged -t -d tuxinvader/load-balancer
In Kubernetes and other environments you may provide a mounted volume containing a one-shot base config or a watched configuration map. The volume should contain a set of yaml files in a format which follows the vTM REST API. For more information see: https://github.com/pulse-vadc/kubernetes-vtm/ In Kubernetes, ConfigMaps will appear in the watched volume, so that as you make changes and deploy workloads vTM can pick up those changes automatically.
ZEUS_BASE_CONFIG
This is a directory in which we should check for configuration files during deployment. This is only checked on first run.
ZEUS_WATCHED_CONFIG
This is a directory which should be monitored for configuration files. As the files change, an import process will detect and import the changes into your vTM configuration.
The docker instance needs a FQDN in order for the SSC to license it. You can either provide the container a fully qualified name at launch using -h, or you can specify the domain in an environment variable called ZEUS_DOM.
$ docker run -e ZEUS_EULA=accept -e ZEUS_LIC=http://10.1.1.1/fla.lic -e ZEUS_PASS=t3llNo0n3 -e ZEUS_DOM=demo.local --privileged -t -d tuxinvader/load-balancer
Once started, point your web browser at port 9090 to access the web interface, or your rest client at port 9070.
cd <docker folder>
docker build -t <tag> .