Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support NodePortLocal when CIS run in Multi-Cluster mode #3396

Open
gzrt opened this issue Apr 28, 2024 · 3 comments
Open

Support NodePortLocal when CIS run in Multi-Cluster mode #3396

gzrt opened this issue Apr 28, 2024 · 3 comments
Labels
feature-request JIRA

Comments

@gzrt
Copy link

gzrt commented Apr 28, 2024

Title

Support NodePortLocal when CIS run in Multi-Cluster mode

Description

According to F5 CIS documents:
https://clouddocs.f5.com/containers/latest/userguide/config-options.html
There're 3 deployment options (pool-member-type) available to CIS: NodePort, ClusterIP, NodePortLocal.

However, when CIS running in Multi-Cluster mode:
https://clouddocs.f5.com/containers/latest/userguide/multicluster/#overview
"At present, nodePort mode is supported and Cluster mode is available with static route configuration on BIG-IP (No tunnels)."
https://clouddocs.f5.com/containers/latest/userguide/multicluster/#faq
"Currently, NodePort mode is supported. For cluster mode, static routing mode is supported to enable configuration of static routes on BIG-IP for pod network subnets for direct routing from BIG-IP to k8s pods"

The NodePortLocal support is missing. Hence we're looking for the support of NodePortLocal when CIS running in Multi-Cluster mode.

Actual Problem

We're buidling a K8s platform contains hundreds of node and services across clusters, based on the design, both F5 CIS and Antrea CNI's NodePortLocal feature are critical points to our success.

We've already tested F5 CIS with Antrea CNI's NodePortLocal (--pool_member_type=nodeportlocal), and it works well.

But when we tried to run F5 CIS in Multi-Cluster mode (--multi-cluster-mode=standalone) with Antrea CNI's NodePortLocal (--pool_member_type=nodeportlocal), only local cluster node IPs & ports been added, external cluster node IPs & ports are missing from pool members.

Solution Proposed

When CIS running in --multi-cluster-mode=standalone/primary/secondary, can support the paremeter --pool-member-type=nodeportlocal, so external cluster node IPs & ports can be added to/remove from pool members as expected.

Alternatives

No, neither NodePort or Static Route mode will work for our case.

Additional context

The tests we've done on K8s v1.28 and CIS version 2.16.0 with --custom-resource-mode=true
@gzrt gzrt added feature-request untriaged no JIRA created labels Apr 28, 2024
@trinaths
Copy link
Contributor

@gzrt Please share CIS configuration and logs when external cluster node IPs & ports are missing from pool members to automation_toolchain_pm automation_toolchain_pm@f5.com

@trinaths trinaths added awaiting response Awaiting response and removed untriaged no JIRA created labels Apr 29, 2024
@gzrt
Copy link
Author

gzrt commented Apr 30, 2024

@trinaths Thanks for your reply, I've sent the CIS helm chart values we're using and the logs to automation_toolchain_pm@f5.com, if any additional information required, please let me know, thank you!

@trinaths
Copy link
Contributor

trinaths commented May 7, 2024

Created [CONTCNTR-4716] for internal tracking.

@trinaths trinaths added JIRA and removed awaiting response Awaiting response labels May 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request JIRA
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@trinaths @gzrt