search

F5Networks / k8s-bigip-ctlr

Repository for F5 Container Ingress Services for Kubernetes & OpenShift.
Apache License 2.0
364 stars 195 forks source link

RFE: Support for Route-Domain override in F5 IPAM-integrated CR #3418

Closed adityoari closed 2 months ago

adityoari commented 6 months ago

Title

Support for Route-Domain override in F5 IPAM-integrated CR

Description

Enhance F5 CRs (VirtualServers, TransporServer) to expose and accept explicit Route-Domain ID

Actual Problem

Customer needs to override the default partition RD for the VS created by CIS due to network constraints. With explicit addressing, they can append the %RD into virtualServerAddresses parameter value. However, with F5 IPAM Controller integration using the ipamLabel parameter, there's no way to configure the %RD suffix. Trying to manually append the %RD in the IPAM spec triggers validation error, and I don't suppose external IPAM providers even understands the %RD notation.

Solution Proposed

Expose, accept, and implement new parameter (e.g. ipamRD) in the CR spec to provide Route-Domain ID to be appended to the resulting AS3 declaration. Sample:

spec:
  virtualServerName: "vs1"
  ipamLabel: Prod
  ipamRD: 10
  virtualServerPort: 80

Alternatives

An alternative would be to expose similar parameter in the containers.args of f5-ipam-controller, but this might completely change the format of the IP address returned by IPAM to CIS, resulting in changes in both IPAM & CIS. Sample:

containers:
- args:
  - --orchestration=kubernetes
  - --ip-range='{"Dev":"10.0.0.40-10.0.0.49", "Prod":"10.0.0.100-10.0.0.109"}'
  - --route-domain=10

Additional context

Due to network environment constraints, customer requires VS to be in the different RD than the partition default RD used by the Pool Members. See Issue #3416

trinaths commented 6 months ago

@adityoari is https://github.com/F5Networks/k8s-bigip-ctlr/issues/3416 not duplicate of this issue ?

adityoari commented 6 months ago

@trinaths the symptoms & original scenarios were not actually the same, but I can see how the team might have a combined solution to solve both.

To reiterate, customer requires support of route-domain override:

  1. as new IPAM-specific spec (ipamRD in the example above) of VirtualServer& TransportServer CRs
  2. as %RD suffix in the spec.virtualServerAddress of IngressLinkCR
trinaths commented 6 months ago

Created [CONTCNTR-4746] for internal tracking.

vidyasagar-m commented 3 months ago

@adityoari could you confirm in which mode you need this feature? Currently, We developed it for the Nodeport mode. For cluster mode, we need to make the changes at the Architecture level.

mdditt2000 commented 2 months ago

Resolved in CIS 2.18 - https://clouddocs.f5.com/containers/latest/reference/release-notes.html