管理隔离
优质
小牛编辑
131浏览
2023-12-01
Preparation
1. Deploy CISkubectl apply -f https://www.xnip.cn/doc/HUhTYdSwn8cis.yaml
2. Deploy Servicekubectl apply -f https://www.xnip.cn/doc/HUhTYdSwn8deploy-svc-in-different-ns.yaml
Ingress Mamagement Isolation
1. Deploy Ingress in mgmt-isolation100kubectl apply -f https://www.xnip.cn/doc/HUhTYdSwn8ingress-in-different-ns-1.yaml
2. Deploy Ingress in mgmt-isolation101kubectl apply -f https://www.xnip.cn/doc/HUhTYdSwn8ingress-in-different-ns-2.yaml
This steps should failed with the following error:
2021/06/25 10:02:02 [ERROR] Ingress IP Address is not provided. Unable to process ingress resources. Either configure controller with 'default-ingress-ip' or Ingress with annotation 'virtual-server.f5.com/ip'. 2021/06/25 10:02:02 [ERROR] [AS3] Invalid Virtual Server Destination IP address/Port. 2021/06/25 10:02:02 [ERROR] Invalid Virtual Server Destination IP address/Port. 2021/06/25 10:02:04 [ERROR] [AS3] Big-IP Responded with code: 422 2021/06/25 10:02:04 [ERROR] [AS3] Raw response from Big-IP: map[code:422 declarationFullId: errors:[/k8s/Shared/ingress__80: should have required property 'virtualAddresses'] message:declaration is invalid]
This error through out periodicity.
3. Deploy Ingress in mgmt-isolation102kubectl apply -f https://www.xnip.cn/doc/HUhTYdSwn8ingress-in-different-ns-3.yaml
https://www.xnip.cn/doc/HUhTYdSwn8ingress-in-different-ns-3.yaml
Expectation & Results
Step 3 should deploy success, the fact is it doesn’t.
Workaround I
Add default-ingress-ip in CIS Deployment:
args: [ ... "--default-ingress-ip=192.168.200.11", ... ]
Workaround II
Add manage-ingress-class-only in CIS Deployment:
args: [ ... "--manage-ingress-class-only=true", ... ]
and CIS only monitor ingress that has class annotation
annotations: virtual-server.f5.com/ip: "192.168.200.3" kubernetes.io/ingress.class: "f5"
Clean up
kubectl delete -f https://www.xnip.cn/doc/HUhTYdSwn8ingress-in-different-ns-1.yaml
kubectl delete -f https://www.xnip.cn/doc/HUhTYdSwn8ingress-in-different-ns-2.yaml
kubectl delete -f https://www.xnip.cn/doc/HUhTYdSwn8ingress-in-different-ns-3.yaml
Configmap Mamagement Isolation
1. Deploy configmap 1kubectl apply -f https://www.xnip.cn/doc/HUhTYdSwn8configmap-ns-1.yaml
This step will deploy success.
2. Deploy configmap 2kubectl apply -f https://www.xnip.cn/doc/HUhTYdSwn8configmap-ns-2.yaml
This step should deploy failed, due to format of ip.
2021/06/25 10:46:16 [ERROR] [AS3] Big-IP Responded with code: 422
2021/06/25 10:46:16 [ERROR] [AS3] Raw response from Big-IP: map[code:422 declarationFullId: errors:[/mgmt-isolation101/mgmt-isolation101/app_svc_vs/virtualAddresses/0: should match format "f5ip"] message:declaration is invalid]
3. Deploy configmap 3kubectl apply -f https://www.xnip.cn/doc/HUhTYdSwn8configmap-ns-3.yaml
Expectation of this steps is that the service should deploy success, the fact doesn’t.
4. Clean upkubectl delete -f https://www.xnip.cn/doc/HUhTYdSwn8configmap-ns-1.yaml
kubectl delete -f https://www.xnip.cn/doc/HUhTYdSwn8configmap-ns-2.yaml
kubectl delete -f https://www.xnip.cn/doc/HUhTYdSwn8configmap-ns-3.yaml