search

F5Networks / k8s-bigip-ctlr

Repository for F5 Container Ingress Services for Kubernetes & OpenShift.
Apache License 2.0
357 stars 195 forks source link

RFE: Add support for hosts array in VirtualServer CRD schemas (instead of just single Host string) #3262

Closed kerryb48 closed 7 months ago

kerryb48 commented 8 months ago

Title

Add support for hosts array in VirtualServer CRD schema.

Description

The current CRD schema for VirtualServer only supports a single Host string. This is added as a match condition in the Traffic Policy rule. This RFE is requesting support for a Hosts array to allow multiple hostnames to be specified to be included in the default forwarding rules/policies attached to the virtual server definition.

Actual Problem

I need to support multiple hosts and not just a single Host value in the match HTTP header is nay of at request time default rule. This is for our Disaster Recovery/failover plan, which requires the VirtualServer to forward both the primary hostname/domain and the DR hostname/domain to the same service/pool members.

Example:

www.customservice.com AND www.dr.customservice.com

Solution Proposed

In addition to the existing Host string included in the spec, add an optional Hosts property of type array. If specified, use this to add multiple hostnames to forwarding policy rules to match on multiple hosts within a single CRD VirtualServer definition.

Alternatives

N/A

Additional context

N/A

vklohiya commented 8 months ago

@kerryb48 , We do support multiple host and multiple client ssl profiles for virtual servers with TLSProfile. See this example if it fits your requirements.

https://github.com/F5Networks/k8s-bigip-ctlr/tree/2.x-master/docs/config_examples/customResource/VirtualServerWithTLSProfile/multiple-ssl-profiles

Here you can define multiple hosts in TLSProfile for your virtual server CR.

trinaths commented 8 months ago

Created [CONTCNTR-4533] for internal tracking.

kerryb48 commented 8 months ago

@vklohiya This doesnt quite fit the requirement of what I am trying to accomplish. We use a single wildcard TLS cert, but I need the VS to forward for multiple hostnames to the same pool.

The problem is with the rules created as part of the Traffic Policy attached to the shared hostGroup virtualserver. The rule for each VirtualServer CRD has a match condition something like:

HTTP Header full string named 'host' is 'www.customservice.com:443', or 'www.customservice.com' at request time.

The hostname included in this forwarding rule comes from the "Host" parameter in the CRD VIrtualServer definition and does not support multiple hostnames. I am wanting this Traffic Policy rule to be able to match on multiple hostnames based on a Hosts array in the CRD VirtualServer declaration if possible. Hopefully this helps clarify.

arzzon commented 7 months ago

Completed and closed.