VS/TS deleted when kubeconfig token is expired

[avinashchundu9]

Setup Details

CIS Version : 2.19
Build: f5networks/k8s-bigip-ctlr:latest
BIGIP Version: Big IP v17.1.1.3
AS3 Version: 3.52
Agent Mode: AS3
Orchestration: K8S
Orchestration Version:
Pool Mode: Nodeport
Additional Setup details: Rancher/Calico network

Description

CIS is in default mode. When the kubeconfig token expires in secret for either the primary or secondary cluster CIS removes all the relevant virtual servers of that cluster.

Steps To Reproduce

1. Deploy LB/VS/TS on both primary and secondary clusters when CIS is running in default mode.
2. Wait for the kubeconfig file in the secret to expire and notice the behaviour of CIS>

Expected Result

CIS is an error state notifying kubeconfig token of a specific cluster is expired and stop updating on the virtual server member of that cluster.

Actual Result

CIS deletes all members of that cluster from virtual servers.

[trinaths]

Created [CONTCNTR-5189] for internal tracking.

[mdditt2000]

Scheduled 2.19.1 Sprint 2 - Begins 29th Jan

[lavanya-f5]

@avinashchundu9 Hi, could you please share cis deployment yaml and vs/ts config?

[avinashchundu9]

Here is the values file,

args:
bigip_partition: test
as3-validation: true
bigip_url: bigip_url
custom-resource-mode: true
extended-spec-configmap: f5-cis/global-spec-config
insecure: true
ipam: false
local-cluster-name:
log-as3-response: true
log_level: DEBUG
multi-cluster-mode: primary
pool_member_type: auto
bigip_login_secret: f5-bigip-ctlr-login
bigip_secret:
create: false
image:
pullPolicy: Always
repo: k8s-bigip-ctlr
user: f5networks
ingressClass:
create: false
ingressClassName: f5
isDefaultIngressController: false
namespace: f5-cis
rbac:
create: true
serviceAccount:
create: true
name: f5-bigip-ctlr-serviceaccount
version: 2.19.0

For TS, it's same for any multi cluster TS. Nothing specific.