search

F5Networks / k8s-bigip-ctlr

Repository for F5 Container Ingress Services for Kubernetes & OpenShift.
Apache License 2.0
357 stars 195 forks source link

Unable to get LB to both pools in the separate namespaces. #2958

Closed tkam8 closed 7 months ago

tkam8 commented 1 year ago

Setup Details

CIS Version : 2.13.1
Build: f5networks/k8s-bigip-ctlr:latest
BIGIP Version: Big IP 15.1.8
AS3 Version: 3.45
Agent Mode: AS3/CCCL
Orchestration: K8S/OSCP
Orchestration Version: v1.21.5
Pool Mode: Nodeport
Additional Setup details: calico

Description

Unable to get LB to both pools in the separate namespaces.

Steps To Reproduce

1) Deploy ab vs with differing weights 2) Test with client hitting the vip 3) Notice that only the first rule is hit, only the alternatebackend is displayed

Expected Result

I get LB to both pools

Actual Result

I only get LB to the alternate backend pool

Diagnostic Information

vs

apiVersion: cis.f5.com/v1
kind: VirtualServer
metadata:
  labels:
    f5cr: "true"
  name: vscafebg
  namespace: blue
spec:
  virtualServerAddress: 2000:abcd:105:c::1001
  tlsProfileName: edge-tls
  httpTraffic: redirect
  host: bgcafe.example.com
  pools:
    - path: /
      service: nginxsvcbg
      servicePort: 80
      weight: 70
      alternateBackends:
        - service: nginxsvcbg
          weight: 30
          serviceNamespace: green

Observations (if any)

If I create virtualServer just for each of the namespaces separately, I can access the backend pods correctly.

In my LTM policy I see 3 identical rules, is this normal?:

vs_bgcafe_examplecom vs_bgcafe_example_com_nginxsvcbg_80_blue_bgcafe_example_com vs_bgcafe_example_com_nginxsvcbg_80_green_bgcafe_example_com

each with conditions: HTTP Header full string named 'host' is 'bgcafe.example.com:443', or 'bgcafe.example.com' at request time. and logs: Log message 'a/b pool' at request time.

bigip ltm logs show below that only the first rule gets hit I believe:

Jun 29 17:35:12 bigip1.local info tmm[12340]: [/k8s-crd/Shared/crd_2000_abcd_105_c__1001_443_bgcafe_example_com_policy/vs_bgcafe_example_com_]: a/b pool
Jun 29 17:35:12 bigip1.local info tmm2[12340]: [/k8s-crd/Shared/crd_2000_abcd_105_c__1001_443_bgcafe_example_com_policy/vs_bgcafe_example_com_]: a/b pool
Jun 29 17:35:12 bigip1.local info tmm3[12340]: [/k8s-crd/Shared/crd_2000_abcd_105_c__1001_443_bgcafe_example_com_policy/vs_bgcafe_example_com_]: a/b pool
Jun 29 17:35:12 bigip1.local info tmm[12340]: [/k8s-crd/Shared/crd_2000_abcd_105_c__1001_443_bgcafe_example_com_policy/vs_bgcafe_example_com_]: a/b pool
Jun 29 17:35:12 bigip1.local info tmm3[12340]: [/k8s-crd/Shared/crd_2000_abcd_105_c__1001_443_bgcafe_example_com_policy/vs_bgcafe_example_com_]: a/b pool
Jun 29 17:35:13 bigip1.local info tmm[12340]: [/k8s-crd/Shared/crd_2000_abcd_105_c__1001_443_bgcafe_example_com_policy/vs_bgcafe_example_com_]: a/b pool
trinaths commented 1 year ago

Created [CONTCNTR-4067] for internal tracking.

lavanya-f5 commented 1 year ago

@tkam8 dev build with fix quay.io/f5networks/k8s-bigip-ctlr-devel:41639a9b3164a240a136daac56b2a8109802d4c8.Could you please provide your feedback with this image.

trinaths commented 7 months ago

Closed as completed.