search

F5Networks / k8s-bigip-ctlr

Repository for F5 Container Ingress Services for Kubernetes & OpenShift.
Apache License 2.0
364 stars 195 forks source link

Issue with AS3 Template and Multiple Ports in NodePort Service #3617

Open vasartori opened 3 weeks ago

vasartori commented 3 weeks ago

Setup Details

CIS Version : 2.18
Build: f5networks/k8s-bigip-ctlr:latest
BIGIP Version: BIG-IP 17.1.1.3 Build 0.0.5 Point Release 3 AS3 Version: 3.53 Agent Mode: AS3 Orchestration: K8S Orchestration Version: 1.29 Pool Mode: Nodeport

Description

I'm using an AS3 template to create a Virtual Server and a pool.

When I create a service of type NodePort with a single port, everything works as expected. However, if I create a service with two ports (e.g., 80 and 443), the controller only adds the pool members for the first port (index 0 in the ports array).

In the controller logs, it correctly discovers the members and both ports, but in the interface, I only see members for the first port, not both.

Steps To Reproduce

  1. Create an AS3 template to deploy a Virtual Server and pool.
  2. Set up a Kubernetes NodePort service with two ports, such as 80 and 443.
  3. Observe the controller logs to see if it discovers both ports and members.
  4. Check the interface to verify if both ports are added as pool members.

Expected Result

Both node ports as a member of a pool

Actual Result

Only the first element of service "ports" array are added to pool. image

Observations (if any)

My AS3 Template:

    {
      "class": "AS3",
      "declaration": {
        "class": "ADC",
        "schemaVersion": "3.10.0",
        "id": "urn:uuid:33045210-3ab8-4636-9b2a-c98d22ab915d",
        "label": "http",
        "remark": "A1 example",
        "AS3": {
          "class": "Tenant",
          "A1": {
            "class": "Application",
            "template": "l4",
            "serviceMain": {
              "class": "Service_L4",
              "virtualAddresses": [
                "10.107.9.11"
              ],
              "pool": "web_pool",
              "virtualPort": 0
            },
            "web_pool": {
              "class": "Pool",
              "monitors": [
                "tcp"
              ],
              "members": [
                {
                  "servicePort": 0,
                  "serverAddresses": []
                }
              ]
            }
          }
        }
      }
    }

Service used:

apiVersion: v1
kind: Service
metadata:
  annotations:
    meta.helm.sh/release-name: ingress-nginx
    meta.helm.sh/release-namespace: tks-system
  creationTimestamp: "2024-10-28T19:13:59Z"
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.11.3
    cis.f5.com/as3-app: A1
    cis.f5.com/as3-pool: web_pool
    cis.f5.com/as3-tenant: AS3
    helm.sh/chart: ingress-nginx-4.11.3
  name: ingress-nginx-controller
  namespace: tks-system
  resourceVersion: "2533347"
  uid: 38a60c82-eed4-43c1-b8b3-07c111236d0a
spec:
  clusterIP: 10.210.189.189
  clusterIPs:
  - 10.210.189.189
  externalTrafficPolicy: Cluster
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - appProtocol: http
    name: http
    nodePort: 30741
    port: 80
    protocol: TCP
    targetPort: http
  - appProtocol: https
    name: https
    nodePort: 32490
    port: 443
    protocol: TCP
    targetPort: https
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  sessionAffinity: None
  type: NodePort

Debug logs

[bigip-ingress-f5-bigip-ctlr-55d69fc9b7-jdd2r][f5-bigip-ctlr]  | 2024/10/28 19:29:06 [DEBUG] [CORE] Discovered members for service tks-system/ingress-nginx-controller is [{10.107.71.15 30741  80 user-enabled  0 0} {10.107.71.189 30741  80 user-enabled  0 0} {10.107.71.187 30741  80 user-enabled  0 0} {10.107.71.188 30741  80 user-enabled  0 0} {10.107.71.186 30741  80 user-enabled  0 0} {10.107.71.15 32490  443 user-enabled  0 0} {10.107.71.189 32490  443 user-enabled  0 0} {10.107.71.187 32490  443 user-enabled  0 0} {10.107.71.188 32490  443 user-enabled  0 0} {10.107.71.186 32490  443 user-enabled  0 0}]
trinaths commented 2 weeks ago

Created [CONTCNTR-4971] for internal tracking.

vidyasagar-m commented 3 days ago

@vasartori The above seems to be an invalid config since ports 80 and 443 ports are being tried to expose on the same app Service_L4 type. You could achieve this by using IngressLink CR which would create two virtual servers on ports 80 and 443 in BigIp. If Ingresslink CR cannot be used, could you let us know the exact reason for the above usecase?