Build: quay.io/f5networks/k8s-bigip-ctlr-devel:6acfa932091c518f87d3d71070501dd68fcebf33
BIGIP Version: Big IP 17
AS3 Version: 3.45
Agent Mode: AS3
Orchestration: OSCP
Orchestration Version: 4.12
Pool Mode: Cluster
Additional Setup details: OVN, multi-cluster
Description
When using the attached route route.txt which doesn´t contain or reference any SSL/TLS configuration CIS doesn´t apply the Profile specified SSL/TLS configuration:
1) Create a Route without an embedded SSL/TLS configuration or referencing any externally
2) Create a global configmap without baseRouteSpec (local configmap not used) but with a Policy referencing a SSL profile in the BIG-IP.
Setup Details
Build: quay.io/f5networks/k8s-bigip-ctlr-devel:6acfa932091c518f87d3d71070501dd68fcebf33
BIGIP Version: Big IP 17 AS3 Version: 3.45
Agent Mode: AS3 Orchestration: OSCP
Orchestration Version: 4.12 Pool Mode: Cluster
Additional Setup details: OVN, multi-cluster
Description
When using the attached route route.txt which doesn´t contain or reference any SSL/TLS configuration CIS doesn´t apply the Profile specified SSL/TLS configuration:
This actually triggers an error when defaultTLS is not specified baseRouteSpec:
See next the error:
And next is the full error:
Somehow, after applying the Policy above the SSL profiles dissapear:
Applying the SSL profiles in the global config map fixes the issue:
Steps To Reproduce
1) Create a Route without an embedded SSL/TLS configuration or referencing any externally 2) Create a global configmap without baseRouteSpec (local configmap not used) but with a Policy referencing a SSL profile in the BIG-IP.
Expected Result
The Policy´s SSL configuration is applied
Actual Result
The Policy´s SSL configuration is not applied