search

F5Networks / k8s-bigip-ctlr

Repository for F5 Container Ingress Services for Kubernetes & OpenShift.
Apache License 2.0
364 stars 195 forks source link

Support integrating with multiple F5 instances from a single Kubernetes cluster #3559

Open robinvalk opened 2 months ago

robinvalk commented 2 months ago

Title

Support integrating with multiple F5 instances from a single Kubernetes cluster

Description

In our setup we have a Kubernetes cluster that needs to integrate with two F5 instances. One F5 is publicly exposed and serves frontend traffic, the other F5 is only used internally aka the backend traffic.

Actual Problem

We integrated two F5 instances into a single cluster using the ingress configuration of the CIS. We have two CIS controller pods running with each their own dedicated ingressClass definition. Using this we can target the ingress for either the frontend or backend.

This setup works but the integration of type ingress is very limited in its functionality.

Looking at the documentation for the other integration options it seems like the CIS was not designed to work with multiple F5 instances? Ideally this is build into the CRDs.

Solution Proposed

Support the configuration of multiple F5 instances from a single cluster or if it is already supported, document the recommended configuration options etc.

Alternatives

We came across a new class identifier implementation for the service type load balancer: https://clouddocs.f5.com/containers/latest/userguide/loadbalancer/#load-balancer-class-support

From the wiki:

Load Balancer Class is supported for all the Custom Resources (VirtualServer, TransportServer and IngressLink) and loadBalancer service by default and can not be disabled.

This sounds like we can set a loadBalancerClass property on all those custom resources and the CIS will monitor only those instances matching its class configuration? And because it can be set on the CRDs it means all configuration options of the CRD integration configuration become available?

trinaths commented 1 month ago

@robinvalk Suggest use CIS with Namespaces. Share your usecase to automation_toolchain_pm at f5 dot com

robinvalk commented 4 weeks ago

@trinaths Thanks for the suggestions.

We made it work with the namespaces indeed. Ideally we are able to label the CRDs itself instead of a namespace. I've sent out an email as you suggested.

For traceability, the subject of the email is: "F5 CIS feature request - Support filtering CRDs based on labels". In the email I also referred back to this ticket.