-
Notifications
You must be signed in to change notification settings - Fork 193
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Virtual Server Issue with PassThrough TLS profile #3398
Comments
@chiluintel49 Please share CIS configuration and error log, steps to reproduce this issue to automation_toolchain_pm automation_toolchain_pm@f5.com |
Created [CONTCNTR-4711] for internal tracking. |
@chiluintel49 We verified with VS that a combination of passthrough, reencrypt, edge with the same IP address, we do not add any /Common/clientssl and everything works as expected. |
For Virtual Servers configured with passthrough termination, CIS adds a default client SSL profile, as AS3 schema requires a default client SSL profile for any HTTPS Virtual Server. Although BIG-IP does not use it to offload SSL for passthrough termination, it may use it intermittently. |
@trinaths Thanks for the reply but your statement is little contradictory. |
@trinaths would you please provide more details about the proposed workaround to avoid issue reproduction? |
Setup Details
CIS Version : 2.15.1
Build: f5networks/k8s-bigip-ctlr:latest
BIGIP Version: BIG-IP 16.1.3.1 Build 0.0.11 Point Release 1
AS3 Version: 3.x
Agent Mode: AS3/CCCL
Orchestration: K8S/OSCP
Orchestration Version:
Pool Mode: Nodeport
Additional Setup details: <Platform/CNI Plugins/ cluster nodes/ etc>
Description
After creating a virtualserver using passthrough mode we intermittnly see that F5 tries to intercept the SSL traffic and display a certificate from default clientprofile(localdomain.localhost).
Steps To Reproduce
2)create a virtual server using passthrough tlsprofile(https://github.com/F5Networks/k8s-bigip-ctlr/blob/2.x-master/docs/config_examples/customResource/VirtualServerWithTLSProfile/passthrough/passthrough_tls.yaml
3)Constantly hit the URL by closing and reopening the URL
Expected Result
No SSL/TLS cert eror not even intermittently
Actual Result
Intermittenly we are seeing it.
Diagnostic Information
Observations (if any)
The text was updated successfully, but these errors were encountered: