Troubleshooting the BIG-IP Next CIS

Troubleshooting BIG-IP Next CIS Configuration

  • Step-1: Verify that the BIG-IP Next CIS controller is up and running.

    • Check the BIG-IP Next CIS pod running status. Run the command, kubectl get pods -n kube-system.

  • Step-2: Check the controller status using the deployConfig CR status. Run

the following command: kubectl edit deployconfig -n kube-system test-deploy-config-cr

A successful running status will looks like as follows:

Status Fields:

Status Field Description Visibility
bigIpStatus This shows that BIG-IP Next objects are created successfully or not When a monitored app is present in the Kubernetes/OpenShift Cluster
bigIpStatus.bigIpAddress IP Address of the BIG-IP Next instance. When a monitored app is present in the Kubernetes/OpenShift Cluster
bigIpStatus.as3Status This shows the AS3 API status on the BIGIP Next Instance When a monitored app is present in the Kubernetes/OpenShift Cluster
bigIpStatus.as3Status.lastSubmitted This shows the timestamp of the last attempt to update the AS3 app on BIG-IP Next Instance When a monitored app is present in the Kubernetes/OpenShift Cluster
bigIpStatus.as3Status.lastSuccessful This shows the timestamp of the last successful update of the AS3 app on BIG-IP Next Instance When a monitored app is present in the Kubernetes/OpenShift Cluster
bigIpStatus.as3Status.message Usually message is “ok” when app is successfully created/deleted. When app is successfully posted on BIG-IP Next Instance.
bigIpStatus.as3Status.error It shows any error that occurred during the AS3 API call. When an AS3 API call is failed this error occurs and error is logged in the status
bigIpStatus.l3Status This shows the L3 Forward API status on the BIGIP Next Instance When CIS controller is configured to create the static-routes.
bigIpStatus.l3Status.lastSubmitted This shows the timestamp of the last attempt to update the L3 Forward on BIG-IP Next Instance When CIS controller is configured to create the static-routes.
bigIpStatus.l3Status.lastSuccessful This shows the timestamp of the last successful update of the L3 Forward on BIG-IP Next Instance When CIS controller is configured to create the static-routes.
bigIpStatus.l3Status.message Usually message is “ok” when static routes is successfully created/deleted. When CIS controller is configured to create the static-routes.
bigIpStatus.l3Status.error It shows any error that occurred during the L3 Forward API call. When an L3 Forward API call is failed this error occurs and error is logged in the status
cmStatus It shows the status whether CIS is able to reach the BIG-IP Next Central Manager or not. When CIS fetches the BIG-IP Next Central Manager Token during start up and after a token refresh it’s updated.
cmStatus.lastUpdated This shows the timestamp of the last status update. When CIS fetches the BIG-IP Next Central Manager Token during start up and after a token refresh it’s updated.
cmStatus.message Usually message is “ok” when controller is able to fetch the token from BIG-IP Next Central Manager. When CIS fetches the BIG-IP Next Central Manager Token during start up and after a token refresh it’s updated.
cmStatus.error It shows any error that occurred during the CM Auth token refresh. When CIS fetches the BIG-IP Next Central Manager Token during start up and after a token refresh it’s updated.
controllerStatus Controller status shows if CIS is ready to process the resources or not. When CIS controller up and running.
controllerStatus.lastUpdated This shows the timestamp of the last status update. When CIS controller up and running.
controllerStatus.message Usually message is “ok” when controller is up and running and ready to process the resources. When CIS controller up and running.
controllerStatus.error It shows any error that can cause CIS controller to stop processing the resources. When CIS controller is in the error state and cannot process any resource.
networkConfigStatus It shows that valid CNI config is provided or not When CIS controller is starting up.
networkConfigStatus.lastUpdated This shows the timestamp of the last status update. When CIS controller is starting up.
networkConfigStatus.message Usually message is “ok” when valid networkConfig is provided to the controller. When CIS controller is starting up.
networkConfigStatus.error This shows the errors about the CNI configuration. When invalid networkConfig is provided to CIS controller.

Note

lastSubmitted and lastSuccessful will be different in case error status.

  • Step-3: Check the BIG-IP Next CIS controller logs.

    kubectl logs deploy/test-bigip-controller-1 -n kube-system

Note

CIS supports multiple log-levels as follows: INFO, DEBUG, AS3DEBUG CRITICAL, WARNING, ERROR. Configure the DEBUG log-level for more detailed logs.

Troubleshooting the Resource Configurations

Sometimes there is a chance that ingress resources such Transport Server, Service LoadBalancer, or IngressLink are configured incorrectly. This document describes how you can troubleshoot such issues.

Note

Make sure that you have installed the correct version of CRD version. Here is how you can install the correct CRD versions.

If you do not have any CRDs installed during the configuration of BIG-IP Next CIS, you may receive the error “error: the server doesn’t have a resource type “avc”`. In such situations, execute the following commands to install CRDs:

Note

Be sure to install the CRDs that correspond to the specific version of BIG-IP Next CIS using the CIS_VERSION=<cis-version> parameter.


Note

To provide feedback on Container Ingress Services or this documentation, please file a GitHub Issue.