Troubleshooting the BIG-IP Next CIS¶
Troubleshooting BIG-IP Next CIS Configuration¶
Step-1: Verify that the BIG-IP Next CIS controller is up and running.
Check the BIG-IP Next CIS pod running status. Run the command,
kubectl get pods -n kube-system
.
Step-2: Check the controller status using the deployConfig CR status. Run
the following command: kubectl edit deployconfig -n kube-system test-deploy-config-cr
A successful running status will looks like as follows:
Status Fields:
Status Field | Description | Visibility |
---|---|---|
bigIpStatus | This shows that BIG-IP Next objects are created successfully or not | When a monitored app is present in the Kubernetes/OpenShift Cluster |
bigIpStatus.bigIpAddress | IP Address of the BIG-IP Next instance. | When a monitored app is present in the Kubernetes/OpenShift Cluster |
bigIpStatus.as3Status | This shows the AS3 API status on the BIGIP Next Instance | When a monitored app is present in the Kubernetes/OpenShift Cluster |
bigIpStatus.as3Status.lastSubmitted | This shows the timestamp of the last attempt to update the AS3 app on BIG-IP Next Instance | When a monitored app is present in the Kubernetes/OpenShift Cluster |
bigIpStatus.as3Status.lastSuccessful | This shows the timestamp of the last successful update of the AS3 app on BIG-IP Next Instance | When a monitored app is present in the Kubernetes/OpenShift Cluster |
bigIpStatus.as3Status.message | Usually message is “ok” when app is successfully created/deleted. | When app is successfully posted on BIG-IP Next Instance. |
bigIpStatus.as3Status.error | It shows any error that occurred during the AS3 API call. | When an AS3 API call is failed this error occurs and error is logged in the status |
bigIpStatus.l3Status | This shows the L3 Forward API status on the BIGIP Next Instance | When CIS controller is configured to create the static-routes. |
bigIpStatus.l3Status.lastSubmitted | This shows the timestamp of the last attempt to update the L3 Forward on BIG-IP Next Instance | When CIS controller is configured to create the static-routes. |
bigIpStatus.l3Status.lastSuccessful | This shows the timestamp of the last successful update of the L3 Forward on BIG-IP Next Instance | When CIS controller is configured to create the static-routes. |
bigIpStatus.l3Status.message | Usually message is “ok” when static routes is successfully created/deleted. | When CIS controller is configured to create the static-routes. |
bigIpStatus.l3Status.error | It shows any error that occurred during the L3 Forward API call. | When an L3 Forward API call is failed this error occurs and error is logged in the status |
cmStatus | It shows the status whether CIS is able to reach the BIG-IP Next Central Manager or not. | When CIS fetches the BIG-IP Next Central Manager Token during start up and after a token refresh it’s updated. |
cmStatus.lastUpdated | This shows the timestamp of the last status update. | When CIS fetches the BIG-IP Next Central Manager Token during start up and after a token refresh it’s updated. |
cmStatus.message | Usually message is “ok” when controller is able to fetch the token from BIG-IP Next Central Manager. | When CIS fetches the BIG-IP Next Central Manager Token during start up and after a token refresh it’s updated. |
cmStatus.error | It shows any error that occurred during the CM Auth token refresh. | When CIS fetches the BIG-IP Next Central Manager Token during start up and after a token refresh it’s updated. |
controllerStatus | Controller status shows if CIS is ready to process the resources or not. | When CIS controller up and running. |
controllerStatus.lastUpdated | This shows the timestamp of the last status update. | When CIS controller up and running. |
controllerStatus.message | Usually message is “ok” when controller is up and running and ready to process the resources. | When CIS controller up and running. |
controllerStatus.error | It shows any error that can cause CIS controller to stop processing the resources. | When CIS controller is in the error state and cannot process any resource. |
networkConfigStatus | It shows that valid CNI config is provided or not | When CIS controller is starting up. |
networkConfigStatus.lastUpdated | This shows the timestamp of the last status update. | When CIS controller is starting up. |
networkConfigStatus.message | Usually message is “ok” when valid networkConfig is provided to the controller. | When CIS controller is starting up. |
networkConfigStatus.error | This shows the errors about the CNI configuration. | When invalid networkConfig is provided to CIS controller. |
Note
lastSubmitted
and lastSuccessful
will be different in case error status.
Step-3: Check the BIG-IP Next CIS controller logs.
kubectl logs deploy/test-bigip-controller-1 -n kube-system
Note
CIS supports multiple log-levels as follows: INFO, DEBUG, AS3DEBUG CRITICAL, WARNING, ERROR. Configure the DEBUG log-level for more detailed logs.
Troubleshooting the Resource Configurations¶
Sometimes there is a chance that ingress resources such Transport
Server
, Service LoadBalancer
, or IngressLink
are configured incorrectly.
This document describes how you can troubleshoot such issues.
Note
Make sure that you have installed the correct version of CRD version. Here is how you can install the correct CRD versions.
If you do not have any CRDs installed during the configuration of BIG-IP Next CIS, you may receive the error “error: the server doesn’t have a resource type “avc”`. In such situations, execute the following commands to install CRDs:
Note
Be sure to install the CRDs that correspond to the specific version of BIG-IP Next CIS using the CIS_VERSION=<cis-version>
parameter.
Note
To provide feedback on Container Ingress Services or this documentation, please file a GitHub Issue.