Better together - F5 Container Ingress Services and NGINX Plus Ingress Controller Integration

Introduction The F5 Container Ingress Services (CIS) can be integrated with the NGINX Plus Ingress Controllers (NIC) within a Kubernetes (k8s) environment. The benefits are getting the best of both...
Published Mar 05, 2020
Version 1.0
cloud
ingress controller
kubernetes
NGINX Plus
kunalpuriii's avatar
kunalpuriii
Icon for Altocumulus rankAltocumulus
Jun 08, 2020

Hello  

 

I hope you are doing well.

 

Just wanted to check if this solution still works. I am trying to recreate the environment but its not working, its giving me below error

 

2020/06/08 20:47:18 [ERROR] [AS3] Response from BIG-IP: code: ERR_REQUEST_FAILED --- tenant:Nginx_IC --- message: declaration failed

2020/06/08 20:47:18 [ERROR] [AS3] Response from BIG-IP: code: 200 --- tenant:k8s-AS3_AS3 --- message: no change

 

I have tried this setup with CIS 2.0.0 and f5appsvc 3.20.0 and also CIS 1.14.0 and f5appsvc 3.17.1, i am using same working configuration from march. but getting below error

 

nginx SVC config

root@master-1:~# kubectl describe svc nginx-ingress2 -n nginx-ingress

Name:       nginx-ingress2

Namespace:     nginx-ingress

Labels:      cis.f5.com/as3-app=Nginx_vs

          cis.f5.com/as3-pool=Nginx_IC_pool

          cis.f5.com/as3-tenant=Nginx_IC

Annotations:    <none>

Selector:     app=nginx-ingress

Type:       ClusterIP

IP:        10.111.160.103

Port:       https 443/TCP

TargetPort:    443/TCP

Endpoints:     10.1.2.191:443

Session Affinity: None

Events:      <none>

 

Configmap for CIS and F5 integration

root@master-1:~# kubectl describe configmap nginx-as3 -n kube-system

Name:     nginx-as3

Namespace:  kube-system

Labels:    as3=true

       f5type=virtual-server

Annotations: <none>

 

Data

====

template:

----

{

  "class": "AS3",

  "action": "deploy",

  "persist": true,

  "declaration": {

   "class": "ADC",

   "schemaVersion": "3.13.0",

   "id": "1847a369-5a25-4d1b-8cad-5740988d4423",

   "label": "APP Template",

   "remark": "HTTP application",

   "Nginx_IC": {

       "class": "Tenant",

       "Nginx_IC_vs": {

         "class": "Application",

         "template": "generic",

         "app_80_vs": {

          "class": "Service_HTTP",

          "remark": "app",

          "virtualAddresses": [

           "10.165.36.141"

           ],

          "virtualPort": 80,

          "profileTCP": {

          "bigip": "/Common/f5-tcp-lan"

          },

       "pool": "Nginx_IC_pool"

          },

          "Nginx_IC_pool": {

          "class": "Pool",

          "members": [

          {

           "servicePort": 80,

           "shareNodes": true,

           "serverAddresses": []

          }

         ]

        }

       }

      }

    }

 }

Events: <none>

 

CIS:

root@master-1:~# kubectl describe pod k8s-bigip-ctlr-deployment-6759c46587-tdk79 -n kube-system

Name:     k8s-bigip-ctlr-deployment-6759c46587-tdk79

Namespace:  kube-system

Priority:   0

Node:     worker-2/192.168.5.22

Start Time:  Mon, 08 Jun 2020 20:40:16 +0000

Labels:    app=k8s-bigip-ctlr

       pod-template-hash=6759c46587

Annotations: <none>

Status:    Running

IP:      10.1.2.192

IPs:

 IP:      10.1.2.192

Controlled By: ReplicaSet/k8s-bigip-ctlr-deployment-6759c46587

Containers:

 k8s-bigip-ctlr:

  Container ID: docker://4f4bfd89700af786bfa3920e5287160003a4500370c4e133c159cc33c62ed984

  Image:     f5networks/k8s-bigip-ctlr:1.14.0

  Image ID:   docker-pullable://f5networks/k8s-bigip-ctlr@sha256:25bdfc947ed4cdd172a68e37c51dbaa8ca87fcbc4d894622b42a260755a2bf68

  Port:     <none>

  Host Port:   <none>

  Command:

   /app/bin/k8s-bigip-ctlr

  Args:

   --bigip-username=$(BIGIP_USERNAME)

   --bigip-password=$(BIGIP_PASSWORD)

   --bigip-url=https://192.168.5.210

   --bigip-partition=k8s-AS3

   --pool-member-type=cluster

   --agent=as3

   --manage-ingress=false

   --insecure=true

   --as3-validation=true

   --node-poll-interval=30

   --verify-interval=30

   --log-level=INFO

  State:     Running

   Started:   Mon, 08 Jun 2020 20:40:20 +0000

  Ready:     True

  Restart Count: 0

  Environment:

   BIGIP_USERNAME: <set to the key 'username' in secret 'bigip-login'> Optional: false

   BIGIP_PASSWORD: <set to the key 'password' in secret 'bigip-login'> Optional: false

  Mounts:

   /var/run/secrets/kubernetes.io/serviceaccount from bigip-ctlr-token-r6rvn (ro)

Conditions:

 Type       Status

 Initialized    True

 Ready       True

 ContainersReady  True

 PodScheduled   True

Volumes:

 bigip-ctlr-token-r6rvn:

  Type:    Secret (a volume populated by a Secret)

  SecretName: bigip-ctlr-token-r6rvn

  Optional:  false

QoS Class:    BestEffort

Node-Selectors: <none>

Tolerations:   node.kubernetes.io/not-ready:NoExecute for 300s

         node.kubernetes.io/unreachable:NoExecute for 300s

Events:

 Type  Reason   Age    From        Message

 ----  ------   ----    ----        -------

 Normal Scheduled <unknown> default-scheduler Successfully assigned kube-system/k8s-bigip-ctlr-deployment-6759c46587-tdk79 to worker-2

 Normal Pulling  17m    kubelet, worker-2 Pulling image "f5networks/k8s-bigip-ctlr:1.14.0"

 Normal Pulled   17m    kubelet, worker-2 Successfully pulled image "f5networks/k8s-bigip-ctlr:1.14.0"

 Normal Created  17m    kubelet, worker-2 Created container k8s-bigip-ctlr

 Normal Started  17m    kubelet, worker-2 Started container k8s-bigip-ctlr

 

Any help is greatly appreciated.

 

Thanks

Kunal