search

netscaler / netscaler-k8s-ingress-controller

NetScaler Ingress Controller for Kubernetes:
https://developer-docs.citrix.com/projects/citrix-k8s-ingress-controller/en/latest/
308 stars 91 forks source link

[BUG] loadbalancer IPAM ingress doesn't work #510

Closed janlauber closed 2 years ago

janlauber commented 2 years ago

Dear Citrix team

Describe the bug When I configured the Citrix ingress controller as written in the documentation, there is no way my services will get the VIP configured in the IPAM controller.

To Reproduce Deployed Helm Charts Manifests:

# citrix ingress controller
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: citrix-ingress
spec:
  releaseName: citrix-ingress
  maxHistory: 3
  interval: 5m
  chart:
    spec:
      chart: citrix-ingress-controller
      version: "1.21.9"
      sourceRef:
        kind: HelmRepository
        name: citrix-charts
        namespace: flux-public
      interval: 1m
  values:
    adcCredentialSecret: nslogin
    entityPrefix: prodk8s
    nsIP: 10.10.100.70
    ipam: true
    crds:
      install: true
# citrix ipam controller
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: citrix-ipam-controller
spec:
  releaseName: citrix-ipam-controller
  maxHistory: 3
  interval: 5m
  chart:
    spec:
      chart: citrix-ipam-controller
      version: "1.0.3"
      sourceRef:
        kind: HelmRepository
        name: citrix-charts
        namespace: flux-public
      interval: 1m
  values:
    vipRange: '["212.103.78.69/32"]'

Testdeployment with service (from your docs):

# apache test deployment
apiVersion: apps/v1
kind: Deployment
metadata:
  name: apache
  labels:
   name: apache
spec:
  selector:
    matchLabels:
      app: apache
  replicas: 2
  template:
    metadata:
      labels:
        app: apache
    spec:
      containers:
      - name: apache
        image: httpd:latest
        ports:
        - name: http
          containerPort: 80
        imagePullPolicy: IfNotPresent
# apache loadbalancer service
apiVersion: v1
kind: Service
metadata:
  name: apache
  labels:
    name: apache
spec:
  externalTrafficPolicy: Local
  type: LoadBalancer
  loadBalancerIP: "212.103.78.69"
  ports:
  - name: http
    port: 80
    targetPort: http
  selector:
    app: apache

Expected behavior The service loadBalancerIP address should get configured in the service and show up when looking at it with:

kubectl get svc

and not like this:

apache       LoadBalancer   10.43.111.255   <pending>     80:30516/TCP   27m

Logs In the logs of the ingress controller is the following output printed: 

2022-01-05 21:31:58,567  - INFO - [kubernetes.py:event_handler:970] (MainThread) Modify Event for unsupported Service class for service object apache.default -Unconfiguring LB Service
2022-01-05 21:31:58,568  - INFO - [kubernetes.py:unconfigure_cpx_for_apps:4540] (MainThread) Handling Service deletion  apache.default
2022-01-05 21:31:58,583  - INFO - [clienthelper.py:delete:124] (MainThread) Got status code 404, Resource not found: /vips/service-apache namespace default
2022-01-05 21:31:58,589  - WARNING - [kubernetes.py:unconfigure_cpx_for_apps:4628] (MainThread) Application prodk8s-apache_http_default is not in the list of configured applications
2022-01-05 21:31:58,590  - INFO - [referencemanager.py:process_crd_delete_event:1093] (MainThread) Deleting CRD: default.Service.apache-apache
2022-01-05 21:31:58,590  - INFO - [referencemanager.py:process_delete_event:1176] (MainThread) Delete on Non existant entity default.Service.apache : Ignoring
2022-01-05 21:31:58,590  - INFO - [Service.py:remove:68] (MainThread) service delete event completed for name:apache namespace:default

Thank you very much for your support!

apoorvakamath commented 2 years ago

@janlauber By any chance do you have more than 1 Citrix ingress controller running in the same cluster? Also, have you configured serviceclass value while bringing up the Ingress controller?

janlauber commented 2 years ago

hey @apoorvakamath
no there is just 1 Citrix ingress controller running in this cluster. also as you see in my helm chart deployment configuration, there is no serviceClassconfigured.

janlauber commented 2 years ago

So I got it working without the IPAM Service. It works while adding some annotations to the service manifest:

# example
apiVersion: v1
kind: Service
metadata:
  name: apache
  annotations:
    service.citrix.com/class: 'citrix'
    service.citrix.com/frontend-ip: '10.0.26.72'
    service.citrix.com/service-type-0: 'HTTP'
  labels:
    name: apache
spec:
  externalTrafficPolicy: Local
  type: LoadBalancer
  ports:
  - name: http
    port: 8080
    targetPort: http
  selector:
    app: apache
janlauber commented 2 years ago

ah and also I added the serviceClass citrix to the helm deployment of the citrix-ingress-controller