Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support integrating with multiple F5 instances from a single Kubernetes cluster #3559

Open
robinvalk opened this issue Sep 16, 2024 · 3 comments
Open

Support integrating with multiple F5 instances from a single Kubernetes cluster #3559

robinvalk opened this issue Sep 16, 2024 · 3 comments
Labels
feature-request JIRA

Comments

@robinvalk
Copy link

Title

Support integrating with multiple F5 instances from a single Kubernetes cluster

Description

In our setup we have a Kubernetes cluster that needs to integrate with two F5 instances. One F5 is publicly exposed and serves frontend traffic, the other F5 is only used internally aka the backend traffic.

Actual Problem

We integrated two F5 instances into a single cluster using the ingress configuration of the CIS. We have two CIS controller pods running with each their own dedicated ingressClass definition. Using this we can target the ingress for either the frontend or backend.

This setup works but the integration of type ingress is very limited in its functionality.

  • You cannot configure a different heath-check target port compared to the service port
  • SSL profiles cannot be customised
  • ...

Looking at the documentation for the other integration options it seems like the CIS was not designed to work with multiple F5 instances? Ideally this is build into the CRDs.

Solution Proposed

Support the configuration of multiple F5 instances from a single cluster or if it is already supported, document the recommended configuration options etc.

Alternatives

We came across a new class identifier implementation for the service type load balancer: https://clouddocs.f5.com/containers/latest/userguide/loadbalancer/#load-balancer-class-support

From the wiki:

Load Balancer Class is supported for all the Custom Resources (VirtualServer, TransportServer and IngressLink) and loadBalancer service by default and can not be disabled.

This sounds like we can set a loadBalancerClass property on all those custom resources and the CIS will monitor only those instances matching its class configuration? And because it can be set on the CRDs it means all configuration options of the CRD integration configuration become available?
@de1chk1nd de1chk1nd mentioned this issue Oct 15, 2024
Closed
@trinaths
Copy link
Contributor

@robinvalk Suggest use CIS with Namespaces. Share your usecase to automation_toolchain_pm at f5 dot com

@trinaths trinaths added awaiting response Awaiting response and removed untriaged no JIRA created labels Oct 18, 2024
@robinvalk
Copy link
Author

@trinaths Thanks for the suggestions.

We made it work with the namespaces indeed. Ideally we are able to label the CRDs itself instead of a namespace. I've sent out an email as you suggested.

For traceability, the subject of the email is: "F5 CIS feature request - Support filtering CRDs based on labels". In the email I also referred back to this ticket.

@trinaths
Copy link
Contributor

Support for CRD labels - Created [CONTCNTR-5148] for internal tracking.

@trinaths trinaths added JIRA and removed awaiting response Awaiting response labels Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request JIRA
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@robinvalk @trinaths