Open mikeoleary opened 1 month ago
Created [CONTCNTR-4945] for internal tracking.
To troubleshoot this issue we might need more info, Would you like to share us the configuration snippet?
Able to reproduce the issue but need some more context on how are we exposing the canary route object towards the CIS.
Hi @pmahdev - I'm glad you can reproduce.
We're not deliberately exposing the canary route. We're just deploying a fresh OCP 4.16 cluster in AWS using the aws installer (UPI method) and then installing CIS with the argument --manage-routes=true
.
If we do not limit the namespaces CIS can watch, then this pre-existing Route object is picked up and processed by CIS. Does that make sense?
After analysis and other scenarios observation this is a configuration issue, where the CIS must be configured with the required route label so that any route resources exposed to the CIS. Need to document this accordingly for ease
Like this, CIS filters route resources by specific labels to process only those that matches.
Additionally we have to support the subdomain for the routes which can be tracked in the backlog [CONTCNTR-4960]
@pmahdev thanks for your clarification. So, when installing CIS in OpenShift and when managing Routes, we should use route-label=some_value_here
and then label the Routes we want CIS to process. This is great to know.
May I suggest that when documentation is updated, we ALSO update the OpenShift operator so that this config parameter is included by default? I think this would make it much harder for customers to overlook or forget.
Setup Details
CIS Version : 2.18
Build: f5networks/k8s-bigip-ctlr:latest
AS3 Version: 3.53
Orchestration: openshift 4.16
Description
The default Route object called canary in the namespace openshift_ingress_canary does not have a
spec.path
configured.This error is thrown by CIS when CIS is deployed into Openshift watching all clusters and managing routes.
Freshly deployed cluster. Nothing else deployed but CIS.
Additional Routes created by customer are not processed and exposed via BIG-IP, because CIS is receiving a 422 error.
Steps To Reproduce
CIS throwing errors under the following conditions
Expected Result
CIS can be installed and we can start deploying apps.
Actual Result
Workarounds:
1) I have deployed CIS watching select namespace to avoid this error successfully. 2) I have also edited this default Route object and added a spec.Path attribute of "/". CIS will then recover.
Diagnostic Information
Observations (if any)