K8s administrators can manually disable pool members

F5Networks / k8s-bigip-ctlr

Repository for F5 Container Ingress Services for Kubernetes & OpenShift.

Apache License 2.0

365 stars 195 forks source link

K8s administrators can manually disable pool members #3373

Closed haibo2685 closed 4 months ago

haibo2685 commented 7 months ago

Title K8s administrators can manually disable pool members

Description

k8s administrators can manually disable a member corresponding to a certain k8s service and keep this pool member disabled during subsequent service updates.

Actual Problem

At present, the deployment method is two deployments corresponding to the same SVC. When scrolling to update one of them, the F5 administrator needs to manually set the port lockdown of the F5 interface to none to not receive CIS updates, and then disable the pool member of this deployment on the device. The business team cannot accept the failure time of health detection

trinaths commented 7 months ago

@haibo2685 Please share more details on CIS feature request along with CIS configuration.

This requirement can be achieved by having copy of same svc for the other deployment.

haibo2685 commented 7 months ago

Specific scenario requirements: When k8s administrators deploy yaml files to CIS, they can directly issue parameter configurations through the yaml file and automatically disable the member on f5.

trinaths commented 7 months ago

@haibo2685 Any example you can share for this scenario ? Please share more details on CIS feature request along with CIS configuration.

haibo2685 commented 7 months ago

After the pool and members provisioned on BIG-IP, customer want to do manual operation on members' state(changing to user-disabled), however, this operation would be reset by CIS in the next AS3 declarative deployment. That's not expected by customer. They want to keep the state as manually setted.

trinaths commented 7 months ago

@haibo2685 We could do this for the entire pool but not a member.

trinaths commented 7 months ago

@haibo2685 Is CIS configured in nodeport or clusterIP mode ? What resources is CIS monitoring?

haibo2685 commented 7 months ago

clusterIP mode、namespace

trinaths commented 6 months ago

@haibo2685 We need more clarity on customer usecase.

What resources is CIS monitoring ? – AS3 ConfigMap, CRDs, Ingress or OpenShift Routes ?
If AS3 ConfigMap, is that in HubMode configured in CIS ?
"....keep this pool member disabled during subsequent service updates." - Please elaborate.

haibo2685 commented 6 months ago

1、AS3 ConfigMap 2、that is not in HubMode 3、Yes,keep this pool member disabled during subsequent service updates

haibo2685 commented 6 months ago

1、AS3 ConfigMap 2、that is not in HubMode 3、Yes,keep this pool member disabled during subsequent service updates

trinaths commented 6 months ago

Created [CONTCNTR-4744] for internal tracking.

arzzon commented 4 months ago

Added support for cis.f5.com/disableMembers annotation for AS3 configmaps to allow users to provide the names of the deployments for disabling the pool members associated with them.

mdditt2000 commented 2 months ago

Resolved in CIS 2..18 - https://clouddocs.f5.com/containers/latest/reference/release-notes.html