Patrick_Lieberg
Oct 05, 2021Nimbostratus
F5 Kubernetes BIG-IP Controller or CIS not connecting to Azure Big-IP deployment
I have started a POC for the BIG-IP Azure deployments, which deployed successfully and I have accessed and set the password. I've deployed the helm chart for CIS, but the pod fails to start. I've tested connectivity to the Azure BIG-IP deployment from a separate pod in the same namespace and it authenticates and returns correct info. I've validated the Azure BIG-IP creds are properly formatted in a secret and that secret is getting mounted in the CIS pod.
Here is the pod log with logging level set to debug:
2021/10/04 21:21:39 [DEBUG] No url in credentials directory, falling back to CLI argument
2021/10/04 21:21:39 [INFO] [INIT] Starting: Container Ingress Services - Version: 2.5.0, BuildInfo: azure-465-1952a80a2165b7fc2d3561795ad09d1eb8615136
2021/10/04 21:21:39 [INFO]TeemServer:product.apis.f5.com
2021/10/04 21:21:39 teemClient:{{CIS-Ecosystem CIS/v2.5.0 df103609-7748-43e4-95a4-6631030e67d0} mmhJU2sCd63BznXAXDh4kxLIyfIMm3Ar product.apis.f5.com}
2021/10/04 21:21:39 [DEBUG] digitalAssetId:950e75d5-7fe0-88bc-eb3c-d654ebb4de47
2021/10/04 21:21:39 [DEBUG] telemetryDatalist:[{"Agent":"as3","ConfigmapsCount":0,"DateOfCISDeploy":"2021-10-04T21:21:39.452535893Z","ExternalDNSCount":0,"IPAMSvcLBCount":0,"IPAMTransportServerCount":0,"IPAMVirtualServerCount":0,"IngressCount":0,"IngressLinkCount":0,"Mode":"cluster","PlatformInfo":"CIS/v2.5.0 K8S/v1.19.11","RoutesCount":0,"RunningInDocker":false,"SDNType":"calico","TransportServerCount":0,"VirtualServerCount":0}]
2021/10/04 21:21:39 [DEBUG] ControllerAsDocker:#{docker}
2021/10/04 21:21:40 Resp Code:204 Status:204 No Content
2021/10/04 21:21:40 [INFO] ConfigWriter started: 0xc000284570
2021/10/04 21:21:40 [DEBUG] [CCCL] ConfigWriter (0xc000284570) writing section name global
2021/10/04 21:21:40 [DEBUG] [CCCL] ConfigWriter (0xc000284570) successfully wrote section (global)
2021/10/04 21:21:40 [DEBUG] [CCCL] ConfigWriter (0xc000284570) writing section name bigip
2021/10/04 21:21:40 [DEBUG] [CCCL] ConfigWriter (0xc000284570) successfully wrote section (bigip)
2021/10/04 21:21:40 [INFO] Started config driver sub-process at pid: 21
2021/10/04 21:21:40 [DEBUG] [INIT] Invalid trusted-certs-cfgmap option provided.
2021/10/04 21:21:40 [INFO] [INIT] Creating Agent for as3
2021/10/04 21:21:40 [DEBUG] [CORE] Agent Response Worker started and blocked on channel 0xc0004e04e0
2021/10/04 21:21:40 [INFO] [AS3] Initializing AS3 Agent
2021/10/04 21:21:41 [DEBUG] [AS3] No certs appended, using only system certs
2021/10/04 21:21:41 [DEBUG] [AS3] Validating AS3 schema with as3-schema-3.28.0-3-cis.json
2021/10/04 21:21:41 [DEBUG] [AS3] posting GET BIGIP AS3 Version request on https://10.2.0.7:8443/mgmt/shared/appsvcs/info
2021/10/04 21:21:43 [ERROR] [AS3] Response body unmarshal failed: invalid character '<' looking for beginning of value
2021/10/04 21:21:43 [ERROR] [AS3] Internal Error
2021/10/04 21:21:43 [CRITICAL] [INIT] Failed to initialize as3 agent, Internal Error
Turns out I missed a step in adding the AS3 module to my BIG-IP VE poc VM.
Pretty silly really.
Thanks for the suggestions everyone.