Why CCCL controller keeps updating virtual servers. #250
Description
Kubernetes Version
v1.14.6
F5 CIS Controller Version
v1.14.0
BIG-IP Version
13.1.1.3 Build 0.0.1 Point Release 3
Hello,
I'm looking for help to investigate on a behavior we have in our environment.
Below the F5 CIS config:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: k8s-bigip-ctlr-deployment-node1
namespace: kube-system
spec:
# DO NOT INCREASE REPLICA COUNT
replicas: 1
template:
metadata:
name: k8s-bigip-ctlr
labels:
app: k8s-bigip-ctlr
spec:
# Name of the Service Account bound to a Cluster Role with the required
# permissions
serviceAccountName: bigip-ctlr
containers:
- name: k8s-bigip-ctlr
image: "f5networks/k8s-bigip-ctlr:1.14.0"
env:
- name: BIGIP_USERNAME
valueFrom:
secretKeyRef:
# Replace with the name of the Secret containing your login
# credentials
name: bigip-login
key: username
- name: BIGIP_PASSWORD
valueFrom:
secretKeyRef:
# Replace with the name of the Secret containing your login
# credentials
name: bigip-login
key: password
command: ["/app/bin/k8s-bigip-ctlr"]
args: [
"--bigip-username=$(BIGIP_USERNAME)",
"--bigip-password=$(BIGIP_PASSWORD)",
"--bigip-url=xxxxx",
"--insecure=true",
"--bigip-partition=kubernetes",
"--pool-member-type=nodeport",
"--vs-snat-pool-name=SNAT",
"--manage-ingress=false",
]
imagePullSecrets:
# Secret that gives access to a private docker registry
- name: f5-docker-images
# Secret containing the BIG-IP system login credentials
- name: bigip-login
A configmap:
apiVersion: v1
kind: ConfigMap
metadata:
name: myconfig
labels:
f5type: virtual-server
data:
schema: "f5schemadb://bigip-virtual-server_v0.1.7.json"
data: |
{
"virtualServer": {
"frontend": {
"balance": "round-robin",
"mode": "tcp",
"partition": "kubernetes",
"virtualAddress": {
"bindAddr": xxxxxxxxx
"port": 443
}
},
"backend": {
"serviceName": "my-service",
"servicePort": "443",
"healthMonitors": [{
"interval": 10,
"protocol": "tcp",
"timeout": 120
}]
}
}
}
The behavior is the F5 CIS keeps updating every 30s all the virtuals servers:
2020/04/09 13:33:03 [INFO] [2020-04-09 13:33:03,260 f5_cccl.resource.resource INFO] Updating ApiVirtualServer: /kubernetes/xxxxxxxxxxxxxxxx-nginx-https.vs
2020/04/09 13:33:03 [INFO] [2020-04-09 13:33:03,310 f5_cccl.resource.resource INFO] Updating ApiVirtualServer: /kubernetes/xxxxxxxxxxxxxxxx-tsmain
2020/04/09 13:33:03 [INFO] [2020-04-09 13:33:03,360 f5_cccl.resource.resource INFO] Updating ApiVirtualServer: /kubernetes/xxxxxxxxxxxxxxxx-postgresql.vs
2020/04/09 13:33:03 [INFO] [2020-04-09 13:33:03,410 f5_cccl.resource.resource INFO] Updating ApiVirtualServer: /kubernetes/xxxxxxxxxxxxxxxx-staging_f5-tsmain
2020/04/09 13:33:33 [INFO] [2020-04-09 13:33:33,259 f5_cccl.resource.resource INFO] Updating ApiVirtualServer: /kubernetes/xxxxxxxxxxxxxxxx-nginx-https.vs
2020/04/09 13:33:33 [INFO] [2020-04-09 13:33:33,311 f5_cccl.resource.resource INFO] Updating ApiVirtualServer: /kubernetes/xxxxxxxxxxxxxxxx-tsmain
2020/04/09 13:33:33 [INFO] [2020-04-09 13:33:33,363 f5_cccl.resource.resource INFO] Updating ApiVirtualServer: /kubernetes/xxxxxxxxxxxxxxxx-postgresql.vs
2020/04/09 13:33:33 [INFO] [2020-04-09 13:33:33,419 f5_cccl.resource.resource INFO] Updating ApiVirtualServer: /kubernetes/xxxxxxxxxxxxxxxx-staging_f5-tsmain
Any help to troubleshoot this issue is welcome.