Forum Discussion
F5 CIS applying iRule from one VirtualServer definition to another
Hi everyone,
I am experiencing a strange behavior with F5 Container Ingress Services (CIS) where an iRule defined in one VirtualServer resource is being applied to a different VirtualServer on BIG-IP.
The setup:
I have two VirtualServer manifests sharing the same IP address and partition, but serving different ports — one for HTTPS (443) and one for HTTP (80).
The HTTP VirtualServer (cis-dev-80) has the iRule /Common/https-301-redirect explicitly defined, which is expected — it redirects HTTP traffic to HTTPS. I'm not using the parameter httpTraffic because I need the http status code 301 instead of 302.
The HTTPS VirtualServer (cis-dev-443) has no iRules defined in its manifest.
# cis-dev-443 — no iRules defined
spec:
virtualServer
HTTPSPort: 443
tlsProfileName:dev-tls-profile
...
# cis-dev-80 — iRule intentionally defined here only
spec:
virtualServerHTTPPort: 80
iRules: - /Common/https-301-redirect
...
The problem:
After CIS reconciles, BIG-IP shows the iRule /Common/https-301-redirect attached to both virtual servers — including cis-dev-443, which should not have it. This causes HTTPS traffic to be redirected back to HTTPS in a loop.
Questions:
Has anyone else encountered this behavior?
Does this needs a different configuration?
Any help or pointers to related issues or F5 support articles would be appreciated.
Environment:
CIS version: 2.20.3
AS3 version: 3.55.0
Kubernetes version: v1.22
Thanks in advance
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com