openshift multi cluster CIS HA

PaulVogt

Altocumulus

Feb 24, 2025

The AutoMonitor warning disappeared after adding the definition to the extended config map

baseRouteSpec:

tlsCipher:

tlsVersion: 1.2

ciphers: DEFAULT

cipherGroup: /Common/f5-default

autoMonitor: none

NOTE: value is case sensitive. Other options are readiness-probe and service-endpoint

still messages are looping in the log. The logs are send to Splunk which will fill up with a log rate like this.

I guess if have to check how to stop this log loop.

2025/02/24 11:12:59 [INFO] Starting Namespace Informer for cluster openshift-engineering-02

9732025/02/24 11:12:59 [DEBUG] Enqueueing Namespace: &Namespace{ObjectMeta:{bar 78a8d673-506f-4d27-88e8-399b9642a9ba 282171 0 2025-02-12 15:03:34 +0000 UTC <nil> <nil> map[ingress:f5nr kubernetes.io/metadata.name:bar pod-security.kubernetes.io/audit:restricted pod-security.kubernetes.io/audit-version:latest pod-security.kubernetes.io/warn:restricted pod-security.kubernetes.io/warn-version:latest] map[openshift.io/sa.scc.mcs:s0:c28,c12 openshift.io/sa.scc.supplemental-groups:1000780000/10000 openshift.io/sa.scc.uid-range:1000780000/10000] [] [] [{pod-security-admission-label-synchronization-controller Apply v1 2025-02-12 15:03:33 +0000 UTC FieldsV1 {"f:metadata":{"f:labels":{"f:pod-security.kubernetes.io/audit":{},"f:pod-security.kubernetes.io/audit-version":{},"f:pod-security.kubernetes.io/warn":{},"f:pod-security.kubernetes.io/warn-version":{}}}}} {cluster-policy-controller Update v1 2025-02-12 15:03:33 +0000 UTC FieldsV1 {"f:metadata":{"f:annotations":{".":{},"f:openshift.io/sa.scc.mcs":{},"f:openshift....

9742025/02/24 11:12:59 [DEBUG] Enqueueing Namespace: &Namespace{ObjectMeta:{bigip-ctlr 113b098f-5f26-4f8e-b618-aed4fd95593e 1100409 0 2025-02-14 11:52:23 +0000 UTC <nil> <nil> map[ingress:f5nr kubernetes.io/metadata.name:bigip-ctlr openshift-pipelines.tekton.dev/namespace-reconcile-version:1.17.1 pod-security.kubernetes.io/audit:baseline pod-security.kubernetes.io/audit-version:v1.24 pod-security.kubernetes.io/warn:baseline pod-security.kubernetes.io/warn-version:v1.24] map[openshift.io/sa.scc.mcs:s0:c41,c5 openshift.io/sa.scc.supplemental-groups:1001650000/10000 openshift.io/sa.scc.uid-range:1001650000/10000] [] [] [{kubectl-create Update v1 2025-02-14 11:52:23 +0000 UTC FieldsV1 {"f:metadata":{"f:annotations":{".":{},"f:openshift.io/sa.scc.mcs":{},"f:openshift.io/sa.scc.supplemental-groups":{},"f:openshift.io/sa.scc.uid-range":{}},"f:labels":{".":{},"f:ingress":{},"f:kubernetes.io/metadata.name":{},"f:openshift-pipelines.tekton.dev/namespace-reconcile-version":{},"f:pod-security.kubernetes.io/audit":{},...

9752025/02/24 11:12:59 [DEBUG] Enqueueing Namespace: &Namespace{ObjectMeta:{cafe 3014dbb4-8579-4868-933b-f4c6c4ea3530 282087 0 2025-02-12 15:03:23 +0000 UTC <nil> <nil> map[ingress:f5nr kubernetes.io/metadata.name:cafe pod-security.kubernetes.io/audit:restricted pod-security.kubernetes.io/audit-version:latest pod-security.kubernetes.io/warn:restricted pod-security.kubernetes.io/warn-version:latest] map[openshift.io/sa.scc.mcs:s0:c28,c7 openshift.io/sa.scc.supplemental-groups:1000770000/10000 openshift.io/sa.scc.uid-range:1000770000/10000] [] [] [{pod-security-admission-label-synchronization-controller Apply v1 2025-02-12 15:03:23 +0000 UTC FieldsV1 {"f:metadata":{"f:labels":{"f:pod-security.kubernetes.io/audit":{},"f:pod-security.kubernetes.io/audit-version":{},"f:pod-security.kubernetes.io/warn":{},"f:pod-security.kubernetes.io/warn-version":{}}}}} {cluster-policy-controller Update v1 2025-02-12 15:03:23 +0000 UTC FieldsV1 {"f:metadata":{"f:annotations":{".":{},"f:openshift.io/sa.scc.mcs":{},"f:openshift...

9762025/02/24 11:12:59 [DEBUG] Clients Created for cluster: openshift-engineering-02

9772025/02/24 11:12:59 [INFO] Starting Namespace Informer for cluster openshift-engineering-02

9782025/02/24 11:12:59 [DEBUG] Enqueueing Namespace: &Namespace{ObjectMeta:{bar 78a8d673-506f-4d27-88e8-399b9642a9ba 282171 0 2025-02-12 15:03:34 +0000 UTC <nil> <nil> map[ingress:f5nr kubernetes.io/metadata.name:bar pod-security.kubernetes.io/audit:restricted pod-security.kubernetes.io/audit-version:latest pod-security.kubernetes.io/warn:restricted pod-security.kubernetes.io/warn-version:latest] map[openshift.io/sa.scc.mcs:s0:c28,c12 openshift.io/sa.scc.supplemental-groups:1000780000/10000 openshift.io/sa.scc.uid-range:1000780000/10000] [] [] [{pod-security-admission-label-synchronization-controller Apply v1 2025-02-12 15:03:33 +0000 UTC FieldsV1 {"f:metadata":{"f:labels":{"f:pod-security.kubernetes.io/audit":{},"f:pod-security.kubernetes.io/audit-version":{},"f:pod-security.kubernetes.io/warn":{},"f:pod-security.kubernetes.io/warn-version":{}}}}} {cluster-policy-controller Update v1 2025-02-12 15:03:33 +0000 UTC FieldsV1 {"f:metadata":{"f:annotations":{".":{},"f:openshift.io/sa.scc.mcs":{},"f:openshift....

9792025/02/24 11:12:59 [DEBUG] Enqueueing Namespace: &Namespace{ObjectMeta:{bigip-ctlr 113b098f-5f26-4f8e-b618-aed4fd95593e 1100409 0 2025-02-14 11:52:23 +0000 UTC <nil> <nil> map[ingress:f5nr kubernetes.io/metadata.name:bigip-ctlr openshift-pipelines.tekton.dev/namespace-reconcile-version:1.17.1 pod-security.kubernetes.io/audit:baseline pod-security.kubernetes.io/audit-version:v1.24 pod-security.kubernetes.io/warn:baseline pod-security.kubernetes.io/warn-version:v1.24] map[openshift.io/sa.scc.mcs:s0:c41,c5 openshift.io/sa.scc.supplemental-groups:1001650000/10000 openshift.io/sa.scc.uid-range:1001650000/10000] [] [] [{kubectl-create Update v1 2025-02-14 11:52:23 +0000 UTC FieldsV1 {"f:metadata":{"f:annotations":{".":{},"f:openshift.io/sa.scc.mcs":{},"f:openshift.io/sa.scc.supplemental-groups":{},"f:openshift.io/sa.scc.uid-range":{}},"f:labels":{".":{},"f:ingress":{},"f:kubernetes.io/metadata.name":{},"f:openshift-pipelines.tekton.dev/namespace-reconcile-version":{},"f:pod-security.kubernetes.io/audit":{},...

9802025/02/24 11:12:59 [DEBUG] Enqueueing Namespace: &Namespace{ObjectMeta:{cafe 3014dbb4-8579-4868-933b-f4c6c4ea3530 282087 0 2025-02-12 15:03:23 +0000 UTC <nil> <nil> map[ingress:f5nr kubernetes.io/metadata.name:cafe pod-security.kubernetes.io/audit:restricted pod-security.kubernetes.io/audit-version:latest pod-security.kubernetes.io/warn:restricted pod-security.kubernetes.io/warn-version:latest] map[openshift.io/sa.scc.mcs:s0:c28,c7 openshift.io/sa.scc.supplemental-groups:1000770000/10000 openshift.io/sa.scc.uid-range:1000770000/10000] [] [] [{pod-security-admission-label-synchronization-controller Apply v1 2025-02-12 15:03:23 +0000 UTC FieldsV1 {"f:metadata":{"f:labels":{"f:pod-security.kubernetes.io/audit":{},"f:pod-security.kubernetes.io/audit-version":{},"f:pod-security.kubernetes.io/warn":{},"f:pod-security.kubernetes.io/warn-version":{}}}}} {cluster-policy-controller Update v1 2025-02-12 15:03:23 +0000 UTC FieldsV1 {"f:metadata":{"f:annotations":{".":{},"f:openshift.io/sa.scc.mcs":{},"f:openshift...

9812025/02/24 11:12:59 [DEBUG] Clients Created for cluster: openshift-engineering-02

9822025/02/24 11:12:59 [INFO] Starting Namespace Informer for cluster openshift-engineering-02

9832025/02/24 11:12:59 [DEBUG] Enqueueing Namespace: &Namespace{ObjectMeta:{bar 78a8d673-506f-4d27-88e8-399b9642a9ba 282171 0 2025-02-12 15:03:34 +0000 UTC <nil> <nil> map[ingress:f5nr kubernetes.io/metadata.name:bar pod-security.kubernetes.io/audit:restricted pod-security.kubernetes.io/audit-version:latest pod-security.kubernetes.io/warn:restricted pod-security.kubernetes.io/warn-version:latest] map[openshift.io/sa.scc.mcs:s0:c28,c12 openshift.io/sa.scc.supplemental-groups:1000780000/10000 openshift.io/sa.scc.uid-range:1000780000/10000] [] [] [{pod-security-admission-label-synchronization-controller Apply v1 2025-02-12 15:03:33 +0000 UTC FieldsV1 {"f:metadata":{"f:labels":{"f:pod-security.kubernetes.io/audit":{},"f:pod-security.kubernetes.io/audit-version":{},"f:pod-security.kubernetes.io/warn":{},"f:pod-security.kubernetes.io/warn-version":{}}}}} {cluster-policy-controller Update v1 2025-02-12 15:03:33 +0000 UTC FieldsV1 {"f:metadata":{"f:annotations":{".":{},"f:openshift.io/sa.scc.mcs":{},"f:openshift....

9842025/02/24 11:12:59 [DEBUG] Enqueueing Namespace: &Namespace{ObjectMeta:{bigip-ctlr 113b098f-5f26-4f8e-b618-aed4fd95593e 1100409 0 2025-02-14 11:52:23 +0000 UTC <nil> <nil> map[ingress:f5nr kubernetes.io/metadata.name:bigip-ctlr openshift-pipelines.tekton.dev/namespace-reconcile-version:1.17.1 pod-security.kubernetes.io/audit:baseline pod-security.kubernetes.io/audit-version:v1.24 pod-security.kubernetes.io/warn:baseline pod-security.kubernetes.io/warn-version:v1.24] map[openshift.io/sa.scc.mcs:s0:c41,c5 openshift.io/sa.scc.supplemental-groups:1001650000/10000 openshift.io/sa.scc.uid-range:1001650000/10000] [] [] [{kubectl-create Update v1 2025-02-14 11:52:23 +0000 UTC FieldsV1 {"f:metadata":{"f:annotations":{".":{},"f:openshift.io/sa.scc.mcs":{},"f:openshift.io/sa.scc.supplemental-groups":{},"f:openshift.io/sa.scc.uid-range":{}},"f:labels":{".":{},"f:ingress":{},"f:kubernetes.io/metadata.name":{},"f:openshift-pipelines.tekton.dev/namespace-reconcile-version":{},"f:pod-security.kubernetes.io/audit":{},...

9852025/02/24 11:12:59 [DEBUG] Enqueueing Namespace: &Namespace{ObjectMeta:{cafe 3014dbb4-8579-4868-933b-f4c6c4ea3530 282087 0 2025-02-12 15:03:23 +0000 UTC <nil> <nil> map[ingress:f5nr kubernetes.io/metadata.name:cafe pod-security.kubernetes.io/audit:restricted pod-security.kubernetes.io/audit-version:latest pod-security.kubernetes.io/warn:restricted pod-security.kubernetes.io/warn-version:latest] map[openshift.io/sa.scc.mcs:s0:c28,c7 openshift.io/sa.scc.supplemental-groups:1000770000/10000 openshift.io/sa.scc.uid-range:1000770000/10000] [] [] [{pod-security-admission-label-synchronization-controller Apply v1 2025-02-12 15:03:23 +0000 UTC FieldsV1 {"f:metadata":{"f:labels":{"f:pod-security.kubernetes.io/audit":{},"f:pod-security.kubernetes.io/audit-version":{},"f:pod-security.kubernetes.io/warn":{},"f:pod-security.kubernetes.io/warn-version":{}}}}} {cluster-policy-controller Update v1 2025-02-12 15:03:23 +0000 UTC FieldsV1 {"f:metadata":{"f:annotations":{".":{},"f:openshift.io/sa.scc.mcs":{},"f:openshift...

9862025/02/24 11:12:59 [DEBUG] Clients Created for cluster: openshift-engineering-02

Forum Discussion

openshift multi cluster CIS HA

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Expired client-certificate

F5 Big-IP Trust Internal CA Chain certificates for Web Servers

XC - geo LB to the origin servers

Floating Ip Problem

F5 rSeries || Upgrade tenant

Related Content

F5 BIG-IP deployment with OpenShift - multi-cluster architectures

Multi-cluster Kubernetes/Openshift with GSLB-TOOL

ha cis multi cluster Openshift route creation

Scale Multi-Cluster OpenShift Deployments with F5 Container Ingress Services

Multi-Cluster, Multi-Cloud Networking for K8S with F5 Distributed Cloud – Architecture Pattern

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS