当前位置: 首页 > 文档资料 > Cloudadc 帮助文档 >

管理隔离

优质
小牛编辑
131浏览
2023-12-01

Preparation

1. Deploy CIS
kubectl apply -f https://www.xnip.cn/doc/HUhTYdSwn8cis.yaml
2. Deploy Service
kubectl apply -f https://www.xnip.cn/doc/HUhTYdSwn8deploy-svc-in-different-ns.yaml

Ingress Mamagement Isolation

1. Deploy Ingress in mgmt-isolation100
kubectl apply -f https://www.xnip.cn/doc/HUhTYdSwn8ingress-in-different-ns-1.yaml
2. Deploy Ingress in mgmt-isolation101
kubectl apply -f https://www.xnip.cn/doc/HUhTYdSwn8ingress-in-different-ns-2.yaml

This steps should failed with the following error:

2021/06/25 10:02:02 [ERROR] Ingress IP Address is not provided. Unable to process ingress resources. Either configure controller with 'default-ingress-ip' or Ingress with annotation 'virtual-server.f5.com/ip'.
2021/06/25 10:02:02 [ERROR] [AS3] Invalid Virtual Server Destination IP address/Port.
2021/06/25 10:02:02 [ERROR] Invalid Virtual Server Destination IP address/Port.
2021/06/25 10:02:04 [ERROR] [AS3] Big-IP Responded with code: 422
2021/06/25 10:02:04 [ERROR] [AS3] Raw response from Big-IP: map[code:422 declarationFullId: errors:[/k8s/Shared/ingress__80: should have required property 'virtualAddresses'] message:declaration is invalid]

This error through out periodicity.

3. Deploy Ingress in mgmt-isolation102
kubectl apply -f https://www.xnip.cn/doc/HUhTYdSwn8ingress-in-different-ns-3.yaml

https://www.xnip.cn/doc/HUhTYdSwn8ingress-in-different-ns-3.yaml

Expectation & Results

Step 3 should deploy success, the fact is it doesn’t.

Workaround I

Add default-ingress-ip in CIS Deployment:

          args: [
            ...
            "--default-ingress-ip=192.168.200.11",
            ...
            ]

Workaround II

Add manage-ingress-class-only in CIS Deployment:

          args: [
            ...
             "--manage-ingress-class-only=true",
            ...
            ]

and CIS only monitor ingress that has class annotation

  annotations:
    virtual-server.f5.com/ip: "192.168.200.3"
    kubernetes.io/ingress.class: "f5"

Clean up

kubectl delete -f https://www.xnip.cn/doc/HUhTYdSwn8ingress-in-different-ns-1.yaml
kubectl delete -f https://www.xnip.cn/doc/HUhTYdSwn8ingress-in-different-ns-2.yaml
kubectl delete -f https://www.xnip.cn/doc/HUhTYdSwn8ingress-in-different-ns-3.yaml

Configmap Mamagement Isolation

1. Deploy configmap 1
kubectl apply -f https://www.xnip.cn/doc/HUhTYdSwn8configmap-ns-1.yaml

This step will deploy success.

2. Deploy configmap 2
kubectl apply -f https://www.xnip.cn/doc/HUhTYdSwn8configmap-ns-2.yaml

This step should deploy failed, due to format of ip.

2021/06/25 10:46:16 [ERROR] [AS3] Big-IP Responded with code: 422
2021/06/25 10:46:16 [ERROR] [AS3] Raw response from Big-IP: map[code:422 declarationFullId: errors:[/mgmt-isolation101/mgmt-isolation101/app_svc_vs/virtualAddresses/0: should match format "f5ip"] message:declaration is invalid]
3. Deploy configmap 3
kubectl apply -f https://www.xnip.cn/doc/HUhTYdSwn8configmap-ns-3.yaml

Expectation of this steps is that the service should deploy success, the fact doesn’t.

4. Clean up
kubectl delete -f https://www.xnip.cn/doc/HUhTYdSwn8configmap-ns-1.yaml
kubectl delete -f https://www.xnip.cn/doc/HUhTYdSwn8configmap-ns-2.yaml
kubectl delete -f https://www.xnip.cn/doc/HUhTYdSwn8configmap-ns-3.yaml