k8s-bigip-ctlr icon indicating copy to clipboard operation
k8s-bigip-ctlr copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

ExternalDNS does not create anything on F5

Open bukovjanmic opened this issue 3 years ago • 7 comments

Setup Details

CIS Version : 2.5.0
Build: f5networks/k8s-bigip-ctlr:latest
BIGIP Version: Big IP 15.1.2
AS3 Version: 3.18
Agent Mode: AS3
Orchestration: OSCP
Orchestration Version: 4:6.41
Pool Mode: Nodeport
Additional Setup details: <Platform/CNI Plugins/ cluster nodes/ etc>

Description

ExternalDNS CR does not create anything on GTM. When looking in debug logs, we see:

2021/08/13 09:37:29 [INFO] Enqueueing ExternalDNS: &{{ } {exdns-f5 kube-system /apis/cis.f5.com/v1/namespaces/kube-system/externaldnss/exdns-f5 51a0ad17-673d-43a5-bc29-af77b4de8669 139425226 1 2021-08-13 09:37:29 +0000 UTC map[f5cr:true] map[] [] [] [{Mozilla Update cis.f5.com/v1 2021-08-13 09:37:29 +0000 UTC FieldsV1 {"f:metadata":{"f:labels":{".":{},"f:f5cr":{}}},"f:spec":{".":{},"f:dnsRecordType":{},"f:domainName":{},"f:loadBalanceMethod":{},"f:pools":{}}}}]} {occ01.corp A round-robin [{pgadmin1.occ01.corp /occ01/GSLBServer A round-robin {http GET / 10 10}}]}} 2021/08/13 09:37:29 [DEBUG] Processing Key: &{kube-system ExternalDNS exdns-f5 0xc0006c6000 false} 2021/08/13 09:37:29 [DEBUG] Processing WideIP: occ01.corp 2021/08/13 09:37:29 [DEBUG] Processing WideIP Pool: pgadmin1.occ01.corp 2021/08/13 09:37:29 [DEBUG] [CCCL] ConfigWriter (0xc000419830) writing section name gtm 2021/08/13 09:37:29 [DEBUG] [CCCL] ConfigWriter (0xc000419830) successfully wrote section (gtm)

But we do not see anything in F5 management console.

Steps To Reproduce

  1. We have a VirtualServer CR

apiVersion: cis.f5.com/v1 kind: VirtualServer metadata: name: pgadmin1-vs namespace: pg1 labels: f5cr: 'true' spec: host: pgadmin1.occ01.corp pools: - monitor: interval: 10 send: GET timeout: 10 type: http path: / service: pgadminf5 servicePort: 5050 virtualServerAddress: 172.31.8.227 virtualServerName: pgadmin1-occ-test

  1. We declare a ExternalDNS:

apiVersion: cis.f5.com/v1 kind: ExternalDNS metadata: name: exdns-f5 namespace: kube-system labels: f5cr: 'true' spec: dnsRecordType: A domainName: occ01.corp loadBalanceMethod: round-robin pools: - dataServerName: /Common/GSLBServer dnsRecordType: A loadBalanceMethod: round-robin monitor: interval: 10 recv: '' send: GET / timeout: 10 type: http name: pgadmin1.occ01.corp

Expected Result

WideIP and WideIP pool gets created with pool members populated according to the Virtual server.

Actual Result

Nothing happens on F5 (we see nothing on F5), despite operator logs claiming otherwise.

Diagnostic Information

We run two F5 VE in cluster.

Observations (if any)

Also,, we think documentation should be fixed:

https://clouddocs.f5.com/containers/latest/userguide/crd/externaldns.html

Below on page, it says:

"Below is an example of the VirtualServer CRD that has to be created to resonate with the EDNS configuration." but the sample below is not a VirtualServer object, but the same ExternalDNS object as above. Probably a copy paste error.

bukovjanmic avatar Aug 13 '21 10:08 bukovjanmic

@bukovjanmic - EDNS is broken with CIS. its WIP for CIS 2.6. Created CONTCNTR-2882 for internal tracking

trinaths avatar Aug 13 '21 13:08 trinaths

Assigned to me! I am validating and will provide documentation etc.

mdditt2000 avatar Sep 14 '21 22:09 mdditt2000

@bukovjanmic please change the namespace of

apiVersion: cis.f5.com/v1
kind: ExternalDNS
metadata:
name: exdns-f5
namespace: kube-system. --------- change to pg1
labels:

also please change the domainame to

apiVersion: cis.f5.com/v1
kind: ExternalDNS
metadata:
name: exdns-f5
namespace: kube-system
labels:
f5cr: 'true'
spec:
dnsRecordType: A
domainName: occ01.corp ------ change to pgadmin1.occ01.corp

please test with the following CIS image amit49g/k8s-bigip-ctlr:build-1

please let me know the response. Thanks Mark

mdditt2000 avatar Sep 15 '21 21:09 mdditt2000

if you there is nothing on gtm, you maybe also need check the CIS deployment parameters carefully. Make sure gtm credential is there

myf5 avatar Sep 16 '21 09:09 myf5

@myf5 @bukovjanmic here are my working examples

https://github.com/mdditt2000/kubernetes-1-19/tree/master/cis%202.6/edns

mdditt2000 avatar Sep 16 '21 20:09 mdditt2000

Please review the following document https://github.com/mdditt2000/k8s-bigip-ctlr/blob/main/user_guides/externaldns/single-cluster/README.md

Please use the CIS 2.6 image. Some issues have been resolved. You can find a test image here until CIS 2.6 is released

https://github.com/mdditt2000/k8s-bigip-ctlr/blob/main/user_guides/externaldns/single-cluster/cis-deployment/f5-cluster-deployment.yaml

mdditt2000 avatar Sep 22 '21 05:09 mdditt2000

We tried to follow the documentation, but so far we are not successful. This is where we got (running latest 2.6.1 operator, Openshift 4.8):

apiVersion: cis.f5.com/v1
kind: F5BigIpCtlr
metadata:
  annotations:
    operator-sdk/primary-resource: kube-system/f5-server-f5-bigip-ctlr
    operator-sdk/primary-resource-type: Deployment.apps
  name: f5-server
  namespace: openshift-operators
  finalizers:
    - helm.sdk.operatorframework.io/uninstall-release
spec:
  args:
    manage_routes: true
    agent: as3
    custom-resource-mode: true
    log_level: info
    route-vserver-addr: 172.31.8.220
    openshift-sdn-name: occ01/occ01-tunnel
    bigip_partition: occ01
    ipam: true
    default-route-domain: 14
    disable-teems: true
    bigip_url: 172.31.8.4
    log_as3_response: true
    insecure: true
    pool-member-type: cluster
  bigip_login_secret: bigip
  image:
    pullPolicy: Always
    repo: k8s-bigip-ctlr
    user: f5networks
  namespace: kube-system
  rbac:
    create: true
  resources: {}
  serviceAccount:
    create: true
  version: latest

apiVersion: cis.f5.com/v1
kind: VirtualServer
metadata:
  labels:
    f5cr: 'true'
  name: pgadmin1-vs
  namespace: pg1
spec:
  host: pgadmin1.occ01.corp
  pools:
    - monitor:
        interval: 10
        send: "GET / HTTP/1.1\r\nHost: pgadmin1.occ01.corp\r\n"
        timeout: 10
        type: http
      path: /
      service: pgadminf5
      servicePort: 5050
  virtualServerAddress: 172.31.8.227

apiVersion: cis.f5.com/v1
kind: ExternalDNS
metadata:
  labels:
    f5cr: 'true'
  name: exdns-f5
  namespace: pg1
spec:
  dnsRecordType: A
  domainName: pgadmin1.occ01.corp
  loadBalanceMethod: round-robin
  pools:
    - dataServerName: /Common/sddc-DNS
      dnsRecordType: A
      loadBalanceMethod: round-robin
      monitor:
        interval: 10
        recv: ''
        send: "GET / HTTP/1.1\r\nHost: pgadmin1.occ01.corp\r\n"
        timeout: 10
        type: http
      name: pgadmin1.occ01.corp

This is what we see in the operator logs:

2021/11/16 15:45:34 [INFO] [2021-11-16 15:45:34,062 __main__ INFO] New changes observed in gtm config
2021/11/16 15:45:36 [INFO] [2021-11-16 15:45:36,859 __main__ INFO] Health monitor pgadmin1.occ01.corp_2021-11-16T14-12-17Z_monitor updated.
2021/11/16 15:45:37 [INFO] [2021-11-16 15:45:37,168 __main__ INFO] Updating monitor pgadmin1.occ01.corp_2021-11-16T14-12-17Z_monitor for pool: pgadmin1.occ01.corp_2021-11-16T14-12-17Z
2021/11/16 15:45:37 [ERROR] [2021-11-16 15:45:37,236 __main__ ERROR] GTM Error.....:Virtual Server Resource not Available in BIG-IP
2021/11/16 15:45:37 [ERROR] [2021-11-16 15:45:37,237 __main__ ERROR] Error applying config, will try again in 128 seconds

We followed step by step the documentation, but no luck. We will try to rebuild entire environment from scratch and retry again, but if you see some obvious omission, it would help.

Thanks,

Michal

bukovjanmic avatar Nov 16 '21 15:11 bukovjanmic

Closing this issue since no activity for long time. Recommend use CIS latest release with EDNS supported with AS3.

trinaths avatar Feb 02 '23 17:02 trinaths