Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue with AS3 Template and Multiple Ports in NodePort Service #3617

Closed
vasartori opened this issue Oct 28, 2024 · 3 comments
Closed

Issue with AS3 Template and Multiple Ports in NodePort Service #3617

vasartori opened this issue Oct 28, 2024 · 3 comments

Comments

@vasartori
Copy link

Setup Details

CIS Version : 2.18
Build: f5networks/k8s-bigip-ctlr:latest
BIGIP Version: BIG-IP 17.1.1.3 Build 0.0.5 Point Release 3
AS3 Version: 3.53
Agent Mode: AS3
Orchestration: K8S
Orchestration Version: 1.29
Pool Mode: Nodeport

Description

I'm using an AS3 template to create a Virtual Server and a pool.

When I create a service of type NodePort with a single port, everything works as expected. However, if I create a service with two ports (e.g., 80 and 443), the controller only adds the pool members for the first port (index 0 in the ports array).

In the controller logs, it correctly discovers the members and both ports, but in the interface, I only see members for the first port, not both.

Steps To Reproduce

  1. Create an AS3 template to deploy a Virtual Server and pool.
  2. Set up a Kubernetes NodePort service with two ports, such as 80 and 443.
  3. Observe the controller logs to see if it discovers both ports and members.
  4. Check the interface to verify if both ports are added as pool members.

Expected Result

Both node ports as a member of a pool

Actual Result

Only the first element of service "ports" array are added to pool.
image

Observations (if any)

My AS3 Template:

    {
      "class": "AS3",
      "declaration": {
        "class": "ADC",
        "schemaVersion": "3.10.0",
        "id": "urn:uuid:33045210-3ab8-4636-9b2a-c98d22ab915d",
        "label": "http",
        "remark": "A1 example",
        "AS3": {
          "class": "Tenant",
          "A1": {
            "class": "Application",
            "template": "l4",
            "serviceMain": {
              "class": "Service_L4",
              "virtualAddresses": [
                "10.107.9.11"
              ],
              "pool": "web_pool",
              "virtualPort": 0
            },
            "web_pool": {
              "class": "Pool",
              "monitors": [
                "tcp"
              ],
              "members": [
                {
                  "servicePort": 0,
                  "serverAddresses": []
                }
              ]
            }
          }
        }
      }
    }

Service used:

apiVersion: v1
kind: Service
metadata:
  annotations:
    meta.helm.sh/release-name: ingress-nginx
    meta.helm.sh/release-namespace: tks-system
  creationTimestamp: "2024-10-28T19:13:59Z"
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.11.3
    cis.f5.com/as3-app: A1
    cis.f5.com/as3-pool: web_pool
    cis.f5.com/as3-tenant: AS3
    helm.sh/chart: ingress-nginx-4.11.3
  name: ingress-nginx-controller
  namespace: tks-system
  resourceVersion: "2533347"
  uid: 38a60c82-eed4-43c1-b8b3-07c111236d0a
spec:
  clusterIP: 10.210.189.189
  clusterIPs:
  - 10.210.189.189
  externalTrafficPolicy: Cluster
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - appProtocol: http
    name: http
    nodePort: 30741
    port: 80
    protocol: TCP
    targetPort: http
  - appProtocol: https
    name: https
    nodePort: 32490
    port: 443
    protocol: TCP
    targetPort: https
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  sessionAffinity: None
  type: NodePort

Debug logs

[bigip-ingress-f5-bigip-ctlr-55d69fc9b7-jdd2r][f5-bigip-ctlr]  | 2024/10/28 19:29:06 [DEBUG] [CORE] Discovered members for service tks-system/ingress-nginx-controller is [{10.107.71.15 30741  80 user-enabled  0 0} {10.107.71.189 30741  80 user-enabled  0 0} {10.107.71.187 30741  80 user-enabled  0 0} {10.107.71.188 30741  80 user-enabled  0 0} {10.107.71.186 30741  80 user-enabled  0 0} {10.107.71.15 32490  443 user-enabled  0 0} {10.107.71.189 32490  443 user-enabled  0 0} {10.107.71.187 32490  443 user-enabled  0 0} {10.107.71.188 32490  443 user-enabled  0 0} {10.107.71.186 32490  443 user-enabled  0 0}]
@vasartori vasartori added bug untriaged no JIRA created labels Oct 28, 2024
@trinaths
Copy link
Contributor

trinaths commented Nov 6, 2024

Created [CONTCNTR-4971] for internal tracking.

@trinaths trinaths added JIRA and removed untriaged no JIRA created labels Nov 6, 2024
@vidyasagar-m
Copy link
Contributor

@vasartori The above seems to be an invalid config since ports 80 and 443 ports are being tried to expose on the same app Service_L4 type. You could achieve this by using IngressLink CR which would create two virtual servers on ports 80 and 443 in BigIp. If Ingresslink CR cannot be used, could you let us know the exact reason for the above usecase?

@trinaths
Copy link
Contributor

Unable to reproduce this issue. Retry with CIS 2.19

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants