k8s-bigip-ctlr: Cannot create F5 resources using K8s Ingress Objects

Using CIS 2.1 and AS3 3.20, with BIG IP System 12.1.4.1 I can create F5 objects using AS3 configmaps and services, but not when using Kubernetes ingress objects.

This is the configuration used so far:

apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: ingress.kubernetes.io/allow-http: “true” ingress.kubernetes.io/ssl-redirect: “false” kubernetes.io/ingress-class: f5 nginx.ingress.kubernetes.io/rewrite-target: / virtual-server.f5.com/balance: round-robin virtual-server.f5.com/http-port: “80” virtual-server.f5.com/ip: controller-default virtual-server.f5.com/partition: PARTITION_DIFFERENT_THAN_CONTROLLER name: myingress-1 namespace: NAMESPACE spec: rules:

  • host: www.hello-k8s-1.com http: paths:
    • backend: serviceName: hello-k8s servicePort: 80 path: / apiVersion: apps/v1
metadata:
  labels:
    app: f5-bigip-ctlr
    chart: f5-bigip-ctlr-0.0.7
    release: f5-ingress
  name: f5-ingress-f5-bigip-ctlr
  namespace: F5-NAMESPACE
spec:
  selector:
    matchLabels:
      app: f5-bigip-ctlr
  template:
    metadata:
      labels:
        app: f5-bigip-ctlr
        release: f5-ingress
    spec:
      containers:
      - args:
        - --bigip-username
        - $(BIGIP_USERNAME)
        - --bigip-password
        - $(BIGIP_PASSWORD)
        - --bigip-partition
        - ACC_KUBERNETES
        - --bigip-url
        - https://IP_ADDRESS
        - --insecure
        - "true"
        - --log-as3-response
        - "true"
        - --log-level
        - DEBUG
        - --pool-member-type
        - cluster
        - --agent
        - as3
        - --default-ingress-ip
        - IP-ADDRESS
        - --namespace
        - NAMESPACE
        - --manage-ingress
        - "true"
        - --manage-configmaps
        - "true"
        - --as3-validation
        - "false"
        command:
        - /app/bin/k8s-bigip-ctlr
        env:
        - name: BIGIP_USERNAME
          valueFrom:
            secretKeyRef:
              key: username
              name: f5-bigip-ctlr-login
        - name: BIGIP_PASSWORD
          valueFrom:
            secretKeyRef:
              key: password
              name: f5-bigip-ctlr-login
        image: PRIVATE-REPO/f5networks/k8s-bigip-ctlr:2.1.0
        imagePullPolicy: Always
        name: f5-bigip-ctlr
        ...
      volumes:
      - name: bigip-creds
        secret:
          defaultMode: 420
          secretName: f5-bigip-ctlr-login```

This are the only logs we can get from the CIS container

```51
2020/08/13 15:50:38 [DEBUG] [RESOURCE] Configured policy: {ingress_10-128-173-4_80 TENANT  [forwarding]  true [http] [0xc000345080] /Common/first-match}
2020/08/13 15:50:38 [DEBUG] [CORE] Found endpoints for backend {ServiceName:hello-k8s ServicePort:80 Namespace:cd-acc}: [{10.233.115.232 8080 user-enabled} {10.233.86.106 8080 user-enabled} {10.233.88.38 8080 user-enabled}]```

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 15 (5 by maintainers)

Most upvoted comments

@eduardoriveror trying this now, I will get back to you shortly.

+1
iam-veeramalla on Aug 14, 2020

I believe this is the issue “virtual-server.f5.com/partition: PARTITION_DIFFERENT_THAN_CONTROLLER”. - Checking if CIS will use PARTITION_DIFFERENT_THAN_CONTROLLER for Ingress. I do not believe so

+1
mdditt2000 on Aug 13, 2020
Read more comments on GitHub
← k8s-bigip-ctlr: AS3 override not getting applied after CIS reboot/recreate in CIS 2.0
k8s-bigip-ctlr: CIS 2.2.1 now fails to complete AS3 declaration that worked with previous versions →