Closed chen23 closed 4 years ago
cisbot will assign the issue to one of the devs. @devs, use /jira for internal tracking.
Hi @chen23 ,
This is done on a purpose. This is a request from customer to restrict Configmap to use a service only with in the namespace.
We have seen customers using services with same annotated tags (may be as a backup service or forgot to delete the old ones in different namespaces). CIS(2.0) used to ignore the specific pool and log an error(multiple services with same tags).
In order to sort this kind off issues we decided to pick services from the same namespace(which we do for routes and ingress as well).
Regards, Abhishek Veeramalla
that makes sense. I'm not sure whether other folks will hit the same issue. I did not see this change called out in the release notes. https://clouddocs.f5.com/containers/latest/reference/release-notes.html
@chen23 It is part of the Multiple AS3 ConfigMap support, We are working on the User Documentation in Clouddocs and we will work more vividly on this.
Jira filed form PM/tech writer CONTCNTR-2033
Documented and released as part of CIS 2.1. Closing issue out
Setup Details
CIS Version : 2.1.0 Build: f5networks/k8s-bigip-ctlr:2.1.0
BIGIP Version: Big IP 15.1.0.2 AS3 Version: 3.20
Agent Mode: AS3
Orchestration: OSCP
Orchestration Version: 4.3 Pool Mode: Cluster Additional Setup details: default CNI (vxlan)
Description
Previously in 2.0.0 you could set the controller namespace to "default", but it would still grab services from other namespaces (i.e. nginx-ingress) using an AS3 configmap. In 2.1.0 this is no longer the case.
Steps To Reproduce
1) deploy controller with arg "--namespace=default" 2) create a service in namespace "nginx-ingress" with annotations for AS3 configmap 3) compare output in 2.0.0 vs. 2.1.0
Expected Result
Using 2.0.0 you can see the pool members created
Actual Result
on 2.1.0 you do not
Diagnostic Information
CIS configuration (for 2.0.0, for 2.1.0 change version): https://github.com/f5devcentral/f5-k8s-demo/blob/624cf0cebe441ddfddee14a2fa02a9a37b47f98a/ocp4/f5-server.yaml
Target service: https://github.com/f5devcentral/f5-k8s-demo/blob/624cf0cebe441ddfddee14a2fa02a9a37b47f98a/ocp4/ingress-nginx-service.yaml
AS3 ConfigMap (flip false to true to deploy): https://github.com/f5devcentral/f5-k8s-demo/blob/624cf0cebe441ddfddee14a2fa02a9a37b47f98a/ocp4/as3-configmap-basic.yaml
Observations (if any)
Depending on your opinion this is either a feature or a bug in 2.0.0. It was useful before b/c you could limit the controller to only look for the configmap in the target namespace, but still allow it to use services from other namespaces.